Twitter Sues US Government Over Surveillance

Facebook: 10 New Changes That Matter

A lawsuit filed by Twitter on Wednesday highlights the continuing and somewhat surprising reticence by the federal government to let Internet companies disclose more details on the surveillance orders they receive from government for customer data.

The lawsuit, filed in federal court in San Francisco, accuses the US Department of Justice, the FBI, and others of violating Twitter's First Amendment rights to free speech.

Twitter demanded that it be allowed to publish more granular details on the requests for customer data that it has received from government under the Foreign Intelligence Surveillance Act (FISA) and the National Security Letter (NSL) statute.

[Seeking positive impact: Data Science That Makes a Difference.]

"The US government engages in extensive but incomplete speech about the scope of its national security surveillance activities as they pertain to US communications providers," Twitter's complaint said. At the same time, the government prohibits Internet service providers such as Twitter from providing their own informed perspective on the matter.

That "position forces Twitter either to engage in speech that has been preapproved by government officials or else to refrain from speaking altogether."

Over the past year, US technology companies have reported slowing sales in key overseas markets as a result of concerns spawned by Edward Snowden's leaks of the National Security Agency's surveillance activities.

Groups like the Cloud Security Alliance have warned that the Snowden leaks could cost American companies between $35 billion and $45 billion in lost sales over the next several years.

Google, Yahoo, Microsoft, Facebook, and LinkedIn sued the government last year over the issue.

After some negotiation, both sides arrived at a settlement earlier this year under which the companies are allowed to disclose some details of US government surveillance of their networks but only in one of two pre-approved disclosure formats, Twitter said in its complaint.

One option allows the five companies to disclose aggregate data on the surveillance orders they receive but only in batches of thousands. That particular option also prohibits companies from disclosing for two years any surveillance orders they might receive involving a new technology or platform.

The second disclosure format approved by the government allows the five companies to disclose aggregate data in batches of 250.

In its lawsuit, Twitter contends that it be allowed to provide more details on the civil and criminal government requests for account information and content removal that it receives.

Twitter maintains that it cannot be held to the terms of the previous settlement agreement between the government and the five companies and claims its constitutional rights are being infringed.

The company says it wants to be able to disclose aggregate data in ranges of 25 to 100. It also wants to be able to include a descriptive statement describing the overall degree of surveillance to which it is subject.

Whatever the merits of Twitter's request, the government's reluctance to loosen the disclosure rules is surprising and suggests it may be continuing to think of the whole topic as a security-versus-privacy issue.

Twitter and all of the other companies that have sued the government have expressly said they do not wish to disclose details that might compromise government investigations or national security. Most have asked for the freedom to disclose little more than how many orders they have received under national security statutes and how many accounts those orders encompassed.

The companies have maintained that such information is important to quelling public misconceptions about the roles that Internet companies have played in the government's data-collection activities.

The government's desire not to tip its hand is understandable. But some of its disclosure restrictions are somewhat puzzling,

An entity that receives a National Security Letter demanding customer information is prohibited from disclosing the fact that it received such a letter. Similarly, the government prohibits service providers who have not received a single request for customer data to disclose that fact.

"We believe there are far less restrictive ways to permit discussion in this area while also respecting national security concerns," Twitter noted in its lawsuit.

Just when conventional wisdom had converged around the cloud being a software story, there are signs that the server market is poised for an upset, too. Get the 2014 State of Server Technology report today. (Free registration required.)