The federal government was so determined to collect the Internet communications of Yahoo customers in 2008 that it threatened the company with fines of $250,000 per day if it did not immediately comply with a secret court order to turn over the data.
The threat - which was made public Thursday as part of about 1,500 pages of previously classified documents that were unsealed by a federal court - sheds a rare spotlight on the fight between Internet companies and the government over the ground rules and procedures for the secret surveillance of Americans and foreigners following the 9/11 terrorist attacks. Under the Foreign Intelligence Surveillance Act, companies that receive data requests are prohibited by law from talking about the substance of the interactions or even acknowledging they occurred.
Yahoo’s 2008 challenge to the warrantless surveillance law and an appeals court’s rejection of that challenge were first reported by The New York Times last year, shortly after Edward J. Snowden, a former National Security Agency contractor, exposed a more extensive government surveillance program called Prism through classified documents leaked to The Washington Post and The Guardian.
The court documents released Thursday show that Yahoo was forced to comply with the order to turn over data even though the government and the appeals court had yet to set out clear rules to minimize the amount of data collected from Americans, who were supposed to have special protection under the law, which was principally aimed at foreigners.
The records also provide perhaps the clearest corroboration yet of the Internet companies’ contention that they did not provide the government with direct access to vast amount of customer data on their computers.
When the Snowden revelations surfaced last summer, there were reports that the government had direct access to query the databases of Internet companies for any information they wanted - a claim that the Internet companies have consistently denied. Instead, they said, the government had to send them a lawful request for information on a specific individual and only then would they hand it over.
In a document reporting on its compliance with the 2008 order to turn over customer data, the company said it had begun surveillance on the requested accounts, beginning with the government’s highest-priority targets. That indicates that the government was sending Yahoo the names of the people it was investigating and waiting for Yahoo to send the information, a opposed to directly accessing Yahoo’s servers.
Overall, the cache of documents shows how Yahoo fought the government and eventually lost its appeal. That helped to set the stage for a vast expansion of the federal government’s surveillance of Internet users through the secret Prism program. Ultimately, Yahoo and seven other companies agreed to provide data to the government under the program.
Yahoo described the government’s threat to seek fines in a blog post on Thursday. A Yahoo spokesman further explained that the court ordered the company to comply while its appeal was pending.
Proceedings in front of the Federal Intelligence Surveillance Court are usually secret, and Yahoo had been pressing for months for the declassification and release of the case documents.
“We consider this an important win for transparency, and hope that these records help promote informed discussion about the relationship between privacy, due process and intelligence gathering,” Ron Bell, Yahoo’s general counsel, wrote in the blog post.
Yahoo and the Justice Department said they were now working to make the documents available to the public.
Yahoo brought its challenge following the 2007 enactment of the Protect America Act, which gave the first, temporary legalization to a form of the Bush administration’s warrantless surveillance program. It authorized the government to collect, from domestic networks and providers, the communications of people believed to be located abroad.
In 2008, the Protect America Act expired and Congress replaced it with the FISA Amendments Act, which reauthorized a more permanent version of the program. The 2008 law extended some protections for Americans abroad - one of the issues Yahoo had raised concerns about - by limiting the targets of the warrantless surveillance to noncitizens abroad.
While Yahoo’s challenge was technically to the Protect America Act, however, most of its concerns applied equally to the FISA Amendments Act. The rulings by the Foreign Intelligence Surveillance Court and its review panel upholding the Protect America Act became an important, though secret, precedent for the constitutionality of expansive government surveillance powers.
Yahoo did not seek Supreme Court review of the issue. One complication, the Yahoo spokesman noted, was that the Protect America Act had expired and such a challenge might have had to start over again addressing the FISA Amendments Act. The spokesman did not say how much the litigation had cost, but said it was considerable.
In 2012, Congress reauthorized the FISA Amendments Act, and that same year a constitutional challenge to the law, brought by Amnesty International and other plaintiffs, reached the Supreme Court. But the justices dismissed the case without examining the merits on the grounds that the plaintiffs could not prove they had been wiretapped and so lacked standing.
Yahoo’s only victory in the litigation was that the intelligence courts agreed that it had standing to file a challenge on behalf of its users, rejecting the Bush administration’s argument that the company could not raise the concerns in court, the newly disclosed documents show.
The American Civil Liberties Union praised the court’s decision to release the documents in the historic case.
“Yahoo should be lauded for standing up to sweeping government demands for its customers’ private data,” said Patrick Toomey, a staff attorney at the group, in a statement. “But today’s release only underscores the need for basic structural reforms to bring transparency to the NSA’s surveillance activities.”