At Home and Abroad ISPs Turn Over User Information

Nov 09, 2007
Nicole A. Ozer

Page Media

ACLU of Northern CA

Yahoo! executives faced harsh criticism this week from the House Foreign Affairs Committee for the company's role in the Chinese government's arrest of journalist and democracy advocate Shi Tao.

After Shi Tao posted warnings to journalists about possible social unrest leading up to the anniversary of the Tiananmen Massacre, Yahoo supplied the government with the information needed to identify and arrest him.

While the committee probed discrepancies in Yahoo! executives' testimony before a congressional hearing, three other incidents surfaced involving Yahoo!'s cooperation with the Chinese government's crackdown on dissidents.

Although stories like Shi Tao's may seem remote and unrelated to American Internet users, they illustrate that who you are, what you do, and what you say on the Internet often does not stay with the company when the government comes knocking

This fall's controversy surrounding the amendments to the Patriot Act's National Security Letter (NSL) provision illustrates that our own government thinks it should be able to access information held by ISPs with no court oversight. In a case brought by the ACLU, a District Court judge struck down the NSL provision that would have allowed the FBI to compel ISPs to turn over records of user information without a court order or formal justification and without informing the user in question.

While the NSL provision was struck down, your information may still easily land in the government's hands. There is a low threshold for the government to obtain a court order and if you read your ISP privacy policy, you many find that it will turn over user information when provided with a subpoena or court order, but also when it is asked for it through a potentially more nebulous procedure – "legal process."

And it is not just in the criminal or terrorism context that the government has sought information.

In 2006, the United States Department of Justice requested at least 34 Internet service providers, including Yahoo, Google, Microsoft and AOL, produce random samples of millions URLs and weekly search histories.

The government claimed it needed the search strings for its defense of the Child Online Protection Act (COPA). Google successfully challenged the government's request in Gonzalez v. Google, showing that the government had not met its burden to establish need for the search histories. However, several other service providers may have complied with the government's request.

Gonzalez v. Google is just one instance in a larger trend of the government seeking out data retained by private companies. The recent NSA spying litigation highlights the grave potential for misuse of corporate data at the government's behest. The government's desire to control private sector data is also apparent in its proposals that service providers retain data for two years.