Google wants you to know how often the NSA asks for your data
So it's trying something new: publicly asking the attorney general and head of the FBI to reveal how many secret court orders Google receives.
The request hinges on the popular theory for how PRISM works. (Only a handful of slides, leaked from the NSA, have been released, leaving a lot of mystery surrounding the system.) The government has admitted that PRISM works through Foreign Intelligence Surveillance Act (FISA) courts. Those courts' serve intelligence agencies like the NSA and FBI, and their findings are classified information. It's believed PRISM is a way to streamline or automate the FISA process. For example, if the NSA wants information about John Doe, it can send an automated FISA order to Google, Facebook, and other participating sites.
This theory works in conjunction with the denials issued by Google and the other tech companies named as part of the PRISM program. The companies have stressed that the government doesn't have direct access to their servers, but that they do comply with court orders—they're just not allowed to talk about the latter. Google, and all the named companies, have faced enormous backlash from customers afraid the U.S. government can see whatever they put online.
Google previously broke precedent by giving just a hint of information about National Security Letters, a little-understood facet of surveillance law that allows the FBI to demand information, which includes the demand the recipient not mention the letter's existence. But Google wasn't able to say much. That the company was granted the right to share how many letters it gets a year was an "unprecedented win for transparency," as the EFF put it, still only meant we only learn if Google receives between one and two thousand, or two and three thousand NSLs a year.
Though FISA court orders are still classified information, some senators have taken PRISM as an opportunity to declassify them. If that happens, or if Google gets the government to come clean, we'll finally have explicit understanding of how PRISM works.
Here's the letter in full:
Dear Attorney General Holder and Director Mueller
Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.
We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.
Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.
We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.
Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.
We will be making this letter public and await your response.
Chief Legal Officer
Illustration by Jason Reed