One of the most significant realizations to emerge since the Edward Snowden revelations, is the understanding that we need more secure tools for would be whistle-blowers to more easily provide sensitive information in a secure and anonymous manner. As such, we have seen the deployment of encrypted drop boxes by several media outlets. I highlighted one of these a little over a year ago called Strongbox, which was a project announced by the New Yorker and was what Aaron Swartz was working on just before his death.
Recently, the Washington Post and the Guardian have released something similar called SecureDrop. The Washington Post described it as such:
Users may have noticed a button on The Washington Post homepage called “SecureDrop.” The new feature enables confidential sources to contact The Post and share documents in an encrypted fashion. The Post launched this feature to offer even more security and anonymity to sources.
Naturally, this sort of potential transparency and ease of exposing corruption and criminality is not welcome within the halls of government. As such, the reaction from Obama Administration lawyers is to issue subpoenas for information so that they can avoid cracking the encryption and the U.S. legal system altogether.
ArsTechnica reports that:
It’s not shadowy spies or engineers from the National Security Agency secretly reading the hundreds of tips about government fraud that the Project on Government Oversight (POGO) has received in less than a month.
Instead, it’s lawyers from the President Barack Obama administration employing the power of the administrative subpoena in a bid to siphon data from POGO’s encrypted submission portal. POGO’s site encourages whistleblowers to use Tor as the gateway and has garnered more than 700 tips about abuse and mismanagement at the US Veterans Administration after less than a month of operation.
“If they are successful, that defeats the purpose of trying to improve our online security with encryption,” Joe Newman, the project’s communications director, said in a telephone interview.
The administrative subpoena, which does not require the Fourth Amendment standard of probable cause, comes as the number of so-called drop boxes from media organizations and other whistleblower groups is on the rise in the wake of the Edward Snowden revelations. The Washington Post and the Guardian were among the latest to deploy drop boxes on June 5. But no matter how securely encrypted the boxes might be, the subpoena is an old-school cracking tool that doesn’t require any electronic decryption methods.
Typical response from a “constitutional lawyer” President.
POGO launched its submission tool in the immediate aftermath of the disclosure of the Veterans Administration scandal, which on Monday blossomed to revelations that as many as 57,000 vets have been awaiting treatment for as long as three months each because of 1990s-era scheduling technology. The agency is also accused of trying to cover that up.
The subpoena from the Department of Veteran’s Affairs Inspector General demands from POGO records related to “wait times, access to care, and/or patient scheduling issues at the Phoenix, Arizona VA Healthcare System and any other VA medical facility.”
On Monday, POGO told the Obama administration that it would not comply with the subpoena. Most government agencies have such subpoena powers, and they have been doled out hundreds of thousands of times, all with the signature of federal officials as no judge is required. The subpoenas demand that utilities, ISPs, telecommunication companies, banks, hospitals, and bookstores cough up information if the authorities deem it relevant to an investigation.
If the VA doesn’t drop its subpoena, POGO said it would never turn the data over, even if ordered to by a judge.
“We are certainly prepared to go to court,” Newman said. “We are certainly prepared to go to jail to prevent any of that information from being released.”
Counterintuitively, this is really good news. It exposes the complete and total fear of those in power of any sort of transparency. Moreover, the fact that people are willing to go to jail to defend the Constitution is a sign that true dissent is rising and fear of repercussions becoming less important.
A fearless and committed population cannot lose.
In a related story, Microsoft, of all companies, is pushing back against federal prosecutors’ request for data stored in an overseas data center. What is so incredible about this is that Microsoft has been seen as one of the biggest government lapdogs of all the large U.S. technology companies. Let’s not forget that the company was the first participant in the NSA’s prism program. They joined on 9/11/07.
From the New York Times:
Microsoft is challenging the authority of federal prosecutors to force the giant technology company to hand over a customer’s email stored in a data center in Ireland.
The objection is believed to be the first time a corporation has challenged a domestic search warrant seeking digital information overseas. The case has attracted the concern of privacy groups and major United States technology companies, which are already under pressure from foreign governments worried that the personal data of their citizens is not adequately protected in the data centers of American companies.
Verizon filed a brief on Tuesday, echoing Microsoft’s objections, and more corporations are expected to join. The Electronic Frontier Foundation is working on a brief supporting Microsoft. European officials have expressed alarm.
In a court filing made public on Monday, Microsoft said that if the judicial order to surrender the email stored abroad is upheld, it “would violate international law and treaties, and reduce the privacy protection of everyone on the planet.”
Microsoft contends that the rules that apply to a search warrant in the physical world should apply online. The standard of proof for a search warrant is “probable cause” and “particularity” — that is, a person’s name and where the person, evidence or information reside.
Judge Francis, in his order, wrote that the Electronic Communications Privacy Act, passed in 1986, created an in-between category intended at the time to protect people from indiscriminate data gathering that subpoenas might allow of online communications. The result, he wrote, is “a hybrid: part search warrant and part subpoena,” and applied to information held in Microsoft’s data center overseas.
There’s that word subpoena again, as discussed earlier.
Privacy experts are concerned that the judge’s order, if it stands, will open the gate to unchecked investigations in the digital world, of anyone, anywhere.“United States search warrants do not have extraterritorial reach,” said Lee Tien, a lawyer for the Electronic Frontier Foundation. “The government is trying to do an end run.”
The Snowden leaks and the view that American tech companies were too cooperative with the United States government have hurt the prospects for American tech companies abroad. Earlier estimates of potential lost sales over the next few years have ranged as high as $180 billion, or 25 percent of industry revenue, according to Forrester Research.
To address those concerns, the companies are building more data centers abroad. But that strategy looks less appealing if companies can be ordered to hand over data regardless of where it is stored, as Microsoft is being ordered to do.
In its filing, Microsoft emphasized that point. The government’s position, it warned, will “ultimately erode the leadership of U.S. technology companies in the global market.”
When Microsoft pushes back you have to wonder if things really are starting to change. Keep pushing everyone, we are having a major impact.