Google challenges US surveillance court on 1st Amendment grounds

19 Jun, 2013

hackingGoogle Inc asked the U.S. Foreign Intelligence Surveillance Court on Tuesday to allow it to publish aggregate numbers of national security requests it receives separately from criminal requests, on First Amendment grounds.

In its filing, Google requested the court to allow it to publish the aggregate number of national security requests it receives, including disclosures under the Foreign Intelligence Surveillance Act (FISA), claiming it as part of its First Amendment right to free speech.

"In light of the intense public interest generated by the Guardian's and Post's erroneous articles, and others that have followed them, Google seeks to increase its transparency with users and the public regarding its receipt of national security requests, if any," the Google filing said.

Google's move comes after other tech companies, including Microsoft Corp, Facebook Inc and Apple Inc released limited information about the number of surveillance requests they receive under an agreement they struck with the U.S. government last week.

Under that agreement, the companies were only allowed to disclose aggregate requests for data made by government agencies without showing the split between surveillance and criminal requests, and only for a six-month period.

The companies are scrambling to assert their independence after documents leaked to the Washington Post and the Guardian newspapers suggested they had given the U.S. government "direct access" to their computers as part of a National Security Agency program called Prism.

The disclosures about Prism, and related revelations about broad-based collection of telephone records, have triggered widespread concern and congressional hearings about the scope and extent of the information-gathering.

Google said it asked the U.S. Department of Justice and Federal Bureau of Investigation on June 11 to publish the aggregate number of national security requests, but said it was told such an act would be unlawful.

Microsoft says it freed millions of computers from criminal botnet

Microsoft Corp said that an assault it led earlier this month on one of the world's biggest cyber crime rings has freed at least 2 million PCs infected with a virus believed to have been used to steal more than $500 million from bank accounts worldwide.

"We definitely have liberated at least 2 million PCs globally. That is a conservative estimate," Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, said in an interview on Tuesday.

He said the vast majority of infected machines were in the United States, Europe and Hong Kong.

Microsoft and the FBI, aided by authorities in more than 80 countries, on June 5 sought to take down 1,400 malicious computer networks known as the Citadel Botnets by severing their access to infected machines. Microsoft's Digital Crimes Unit is working with its partners overseas to determine exactly how many of the Citadel botnets are still operational.

"We feel confident that we really got most of the ones that we were after," he said. "It was a very, very successful disruptive action."

The ringleader, who goes by the alias Aquabox, and dozens of botnet operators remain at large and the authorities are working to uncover their identities. Boscovich said he suspects Aquabox is in Eastern Europe.

The botnets, which were run from "command and control" servers at data hosting centers around the world, were used to steal from hundreds of financial institutions, according to court documents that Microsoft filed to get permission to shut down servers in the United States that were being used to run the operation.

Data center operators typically are not aware that their servers are being used to run botnets.

The ring targeted firms of all sizes, from tiny credit unions to global banks such as Bank of America, Credit Suisse, HSBC  and Royal Bank of Canada.

Citadel is one of the biggest botnets in operation today. Microsoft said its creator bundled the software with pirated versions of the Windows operating system.

The FBI, which on Tuesday declined to comment on its progress in its investigation of Citadel, has said it is working closely with Europol and other overseas authorities to capture the unknown criminals.

Cyber criminals typically infect machines by sending spam emails containing malicious links and attachments, and by infecting legitimate websites with computer viruses that attack unsuspecting visitors. Some bot herders rent or sell infected machines on underground markets to other cyber criminals looking to engage in a wide variety of activities including credit card theft and attacks on government websites.

The Citadel software disables anti-virus programs on infected PCs so they cannot detect malicious software. It surfaced in early 2012 and is sold over the Internet in kits that cost $2,400 or more.