Two Major ISPs Threaten They'll Stop Complying With US FISA Orders

An anonymous reader shared this report from the Washington Post: U.S. government officials were scrambling Friday night to prevent what they fear could be a significant loss of access to critical national security information, after two major U.S. communications providers said they would stop complying with orders under a controversial surveillance law that is set to expire at midnight, according to five people familiar with the matter.

One communications provider informed the National Security Agency that it would stop complying on Monday with orders under Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas — including when they text or email people inside the United States. Another provider suggested that it would cease complying at midnight Friday unless the law is reauthorized, according to the people familiar with the matter, who spoke on the condition of anonymity to discuss sensitive negotiations.

The companies' decisions, which were conveyed privately and have not previously been reported, have alarmed national security officials, who strongly disagree with their position and argue that the law requires the providers to continue complying with the government's surveillance orders even after the statute expires. That's because a federal court this month granted the government a one-year extension to continue intelligence collection.
UPDATE (4/20/2024): US Passes Bill Reauthorizing 'FISA' Surveillance for Two More Years.

FISA, PATRIOT Act, Five-Eyes, etc

[systemd-anonymousd]

Everything the federal government has done viz a viz spying since 9/11 has been a travesty and an ass-wipe on the constitution.

Re:

[Anonymous Coward]

Slashdot’s most hated socialist, Bernie Sanders has continually voted against the patriot act and section 702.

Re:

[Anonymous Coward]

It's only bad when China does it.

And?

[registrations_suck]

If the law expires, there is nothing to comply with.

Re:

[mysidia]

Yeah.. You need a legal basis to force companies to violate their customers' privacy.

Their basis for attempting to extend this further is shady as fuck.

The Law provides that existing orders will continue to be in effect, so they convinced the Special court that administers this law to hand them a blanket order that allows the intelligence gathering to continue past the end date of the law.

These transition procedures provide that any
order, authorization, or directive issued pursuant to Title VII shall rema

Re:And?

[jenningsthecat]

Yeah.. You need a legal basis to force companies to violate their customers' privacy.

I'm happy to be schooled if I'm missing something obvious here, so I have to ask the question: why is it that companies are so reluctant to invade customers' privacy at the request of the government? They do it readily, on a daily basis, to further their own economic ends, so it's hard to see their objections as having a moral or ethical basis. The obvious "we're not getting paid by the government to do their spying" doesn't seem compelling enough under the circumstances, and the "you're not the boss of me" idea doesn't seem to fit either. So what gives?

Re:And?

[aaarrrgggh]

They don't want the legal liability if there is no basis in law for their actions.

Re:

[NoMoreACs]

They don't want the legal liability if there is no basis in law for their actions.

Ding Ding Ding! We have a Winner!!!

In most cases, sadly, that's all this is.

Re:

[jenningsthecat]

They don't want the legal liability if there is no basis in law for their actions.

Thanks very much - that thought never occurred to me, and it makes a world of sense.

Re:

[mysidia]

why is it that companies are so reluctant to invade customers' privacy at the request of the government?

It costs them money and creates risks. The companies Cannot exactly share with the public the nature Of the orders they have to follow -- but you can bet it's gone way beyond the Phone Company having to Provide a secret room at every central office to house the government agents who get to push a button and snoop on All the fiber connections or any Phone lines they want.

We're at the point now where the

Re:

[Can'tNot]

The law requires the FISA court to sign off on any intelligence gathering, the court has done so with certifications which will last for the next year before they need to be renewed. The question is, what does the law really do?

Does the law empower the FISA court acting as, essentially, a certifying authority? In which case the certifications remain valid even after the court is no longer empowered to issue new ones. Or does the law empower US intelligence, with the court acting merely as a regulator? In

We Used To Mock Governments Like This.

[zenlessyank]

Now we are one. Fuck your money. Fuck your control. Fuck your laws.

Re:

[NotEmmanuelGoldstein]

... Now we are one.

All governments play favourites but the US tends to be better at making excuses. In this case, they've gotten a judge to say Section 702 isn't really ending when the law says it is.

The ISPs probably aren't doing this out of respect for their customers: With Section 702 officially inactive, doing what the government says, is no longer a cost of doing business: In short, one department of the US government will demand free stuff while another department will label it as supplying taxable gifts.

Re:

[geekmux]

... Now we are one.

All governments play favourites but the US tends to be better at making excuses. In this case, they've gotten a judge to say Section 702 isn't really ending when the law says it is.

Theres not really a valid excuse for being NO better than the fucked governments America mocks, Read back your own words here. “Gotten a judge” to do what again in a supposedly law-abiding democracy? Are you fucking kidding me? As if the Constitutional violation embodied in 702 wasn’t corruptly bad enough? The Founding Fathers wouldn’t have merely impeached the traitors of today that wipe their ass with the Bill of Rights for shits and profits. They would have hung them.

I gues

Useless article

[Slashythenkilly]

One communications provider informed the National Security Agency... Another company stated... Five officials familiar with... Is this journalisim or a joke?

Re:Useless article

[divide overflow]

That's what happens when 1) most of your primary news sources go out of business, 2) the rest are bought up and consolidated into other news corporations that 3) lay off most of their reporters.

There is too much power consolidated in the hands of too few news reporting organizations, and the ones that are left are less concerned with actual journalism and more concerned with maximizing profit and putting the competition out of business.

The congresscritters renewed it

[Anonymous Coward]

Ref: Congress extends controversial warrantless surveillance law for two years [washingtonpost.com]

Laboring into the early hours of Saturday morning, Congress reauthorized for two years a surveillance program that U.S. spy agencies regard as one of their most valuable tools and that critics on the left and the right say intrudes on Americansâ(TM) privacy.

The 60-34 vote in the Senate came a week after the House renewed Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas â" including when they text or email people inside the United States. The measure now goes to President Bidenâ(TM)s desk for a signature.

The ISP's only hope would be to challenge the timing of the renewal in court: it was required to be renewed by midnight Friday night so, technically, the law expired and lapsed before it was due to be renewed.

Re:

[micheas]

Interesting.

Another interesting thing is that Facebook's lawyers have a blog post where they claim that complying with a FISA warrant is a GDPR violation and anyone subject to FISA warrants can't truthfully claim to be GDPR compliant

Re:

[bradley13]

Facebook's lawyers have a blog post where they claim that complying with a FISA warrant is a GDPR violation and anyone subject to FISA warrants can't truthfully claim to be GDPR compliant

IANAL, but: In the simplest case of a purely EU company, they would not be subject to US law, and providing the US with user data would certainly violate the GDPR. In the case of a purely US company, the GDPR would prohibit them from gathering data on EU citizens and sending it back to the US. The big multinationals, like Alphabet and Meta, have therefore established subsidiary companies in the EU (of course, there may be other reasons as well). In Meta's case, their subsiduary is based in Ireland. Meta-Ire

Re:

[micheas]

Facebook's lawyers have a blog post where they claim that complying with a FISA warrant is a GDPR violation and anyone subject to FISA warrants can't truthfully claim to be GDPR compliant

IANAL, but: In the simplest case of a purely EU company, they would not be subject to US law, and providing the US with user data would certainly violate the GDPR. In the case of a purely US company, the GDPR would prohibit them from gathering data on EU citizens and sending it back to the US. The big multinationals, like Alphabet and Meta, have therefore established subsidiary companies in the EU (of course, there may be other reasons as well). In Meta's case, their subsiduary is based in Ireland. Meta-Ireland cannot provide data on EU customers to the US, without violating EU law, and anyway is not subject to US law.

There is the more general question of whether data on EU citizens can ever be stored on US servers. If it were, then Meta-USA could be subject to FISA. For that matter, they could do all sorts of other things in violation of the GDPR. This is an ongoing issue with (afaik) no resolution in sight.

This situation annoys the US government, because they don't like being told "no". It also does not make Meta (or Google, or Amazon, any other US tech giant) happy. They occasionally threaten to leave the EU. The response from the EU is: "fine, don't let the door hit you on the way out." Which they also don't like :-)

So, people in Europe can't have Friends in the US and vice versa? That doesn't really work for a social networking site that isn't focusing on the purely parochial.

Re:

[colonslash]

Some background [thehill.com]:

“KILL FISA, IT WAS ILLEGALLY USED AGAINST ME, AND MANY OTHERS. THEY SPIED ON MY CAMPAIGN!!!” Trump wrote on his social media platform in the hours before the House GOP conference meeting.

. . .

Still, the comment undercut Speaker Mike Johnson (R-La.), who during the meeting pitched colleagues on approving the bill without a warrant requirement.

“I look forward to talking with him about it,” Johnson said of Trump. “I mean, here’s the thing about FISA — he’s not wrong. Of course, they abused FISA. The whole Carter Page investigation — that whole fiasco was built on false premises, the fake Russian dossier and all the other things. But these reforms would actually kill the abuses that allow President Trump’s campaign to be spied on.”

thinly veiled

[nazsco]

so we are reading a report without a single source being named, citing two ISP the nameless sources refuse to name. in a Microsoft branded news site?

can a propaganda push get more in-your-face than this?

The NSA

[Bahbus]

can lick my grundle. Bunch of useless pussies.

FISA = DISA

[Farley1]

It's all a lie with a cover-up name. It's really a bill for domestic spying. Where does the source come anyway? From your "U.S. communications provider".