By Kelli Sladick
Russia has requested that some of NSA’s corporate customers, like Apple, share source code so that it can clear up suspected security issues. According to RT, Russia made the request in response to spy scandals that have undermined trust in foreign products. While they may complain about it, tech company cooperation with the American spy-state has set the stage for these requests, and more will certainly follow.
The reality of the situation
- NSA shares SIGINT with other foreign governments through 5 Eyes, but also with oppressive regimes like Saudia Arabia.
- Recently, it was shown that the NSA’s intel partner in Great Britian, GCHQ, is manipulating people through online polls, Facebook, and even Youtube.
- Corporations are thoroughly engaged with the NSA and have asked to not be sued in the states for complying. Congress agreed and introduced CISA to protect them.
- NSA has lowered encryption standards intentionally, to spy on people through the Internet.
- Much of the world’s Internet traffic comes through the USA. Therefore it is all subject to NSA inspection and collection.
We cannot discount this fear or concern of online manipulation and destabilization in other countries in light of reports on projects like the USAID’s Twitter like network in Cuba, and the online spreading of EuroMaiden in the Ukraine. One of Russia’s recent responses to seeing this destabilization was was to restrict online speech in its blogger bill.
So what does any of this have to do with the Fourth Amendment?
When the OffNow project introduced 4th Amendment Protection Act to address NSA spying at the state level, there was pushback by corporations sharing information with the NSA. Corporate leaders apparently felt telling the federal government, “No, you need to go get a warrant,” through a state law would put them between the proverbial rock and a hard place.
Corporate players had two choices: comply with the NSA. or tell the NSA to comply with the Constitution or face state sanction. Corporations choose to comply with the NSA. Now, they face the reality that it’s not just the NSA wanting that data.Those same companies may have to reveal their source code with other foreign governments not friendly to the U.S. Their involvement with US intelligence agencies set the stage for these requests. And of course, these unfriendly governments can equally infiltrate peoples’ private data as the NSA has.
Corporations would have been better served to force governments to issue a warrant based on probable cause instead of willingly handing over data and even source code. How many other unfriendly governments will now ask the same? Are these corporations willing to lose whole foreign markets if they refuse?
But, wait there is more.
Now, I know what you are saying? Russia cannot possibly request this. If they are allowed the source code, what other requests can they possibly get away with? Here’s the problem: in another recent report, the US is establishing the precedent of forcing companies, like Microsoft, to hand over any data requested if it is held in a server anywhere in the world, not just the US!
With only a few exceptions not relevant here (and discussed in greater depth below), a search warrant issued by a US court has no effect outside the territory of the US. Referring to searches of non-citizens’ homes in foreign jurisdictions, Justice Stevens said, “American magistrates have no power to authorize such searches.” United States v. Verdugo-Urquidez, 494 U.S. 259, 279 (1990) (Stevens, J., concurring). The same is true of seizures of property (including information): Rule 41 of the Federal Rules of Criminal Procedure explicitly describes the authority of federal magistrates to issue warrants for searches and seizures and clearly does not include any general authority to issue warrants to seize property that is located outside the US. The fact that Rule 41(b)(5) does expressly allow warrants for seizure of property in US territories, possessions or commonwealths, and in US embassies and consular posts, reinforces the conclusion that there is no general authority to issue warrants for seizures abroad
…Extraterritorial application would have absurd results, prohibiting, for example, US companies that offer services abroad from ever complying with the demands of foreign governments for disclosure of communications content, even when the data is created and stored entirely outside the US by persons having no connection with the US. (Compare the prohibitions of Section 2702(a) with the definition of governmental entity in Section 2711(4).)
The U.S. argument is this, “the U.S. government attempts to avoid the territorial limits on warrants by arguing that the search or seizure occurs inside the US, either in Washington state, when the Microsoft employee accesses and copies data stored in Ireland, or in New York City, where US government investigators will review the email. Alternatively, the government argues that there is no search or seizure at all, but only a “compelled disclosure.”
If the U.S. wins this case, other countries, like Russia, may follow suit with the same excuse and disregard for national sovereignty.
Companies like Apple or Microsoft shouldn’t choose what country to comply with in dragnet spying. Instead it should protect individual’s privacy by requiring a warrant based on probable cause, or follow the laws of the host country where the server resides. We are now seeing unintended consequences stemming from companies’ complicity in NSA dragnet spying.
Tech companies have a better choice than CISA and blind compliance with the NSA,Simply insist on following warrant requirements. Support legislation like the Fourth Amendment Protection Act instead of fighting it.
Through complicity with the NSA, these corporate players have now subjected American privacy to possible dangers from unfriendly governments abroad.