Should tech companies differentiate between the different types of government requests for customer data they receive?
That’s the debate forced by the actions of Edward Snowden, the former National Security Agency (NSA) contractor who leaked a PowerPoint presentation detailing the government surveillance program PRISM to the press.
There's still a lot of confusion about how, exactly, PRISM works. But the slides, President Obama's admission of the program, and the tech companies' denials paint a fairly clear picture: PRISM is enabled by the controversial Foreign Intelligence Surveillance Act (FISA), which lets agencies like the NSA ask for classified court orders to get information from American companies. PRISM itself is thought to be an automated means of issuing these orders. Facebook, Microsoft, and Google are named by the NSA slide as part of that program, but Twitter is not.
Those three companies named by the NSA each have called for the government to loosen the gag orders that come with a FISA order, in no small part because they want to reassure their customers that they're not offering a firehose of their customer's communications to the government.
Facebook did so Friday, saying it had been cleared to admit it received between 9,000 and 10,000 government requests for information in the second half of 2012. Microsoft followed suit a few hours later, admitting it received between 6,000 and 7,000 requests. Early Monday morning, Apple released its own statement, claiming that it received “between 4,000 and 5,000 requests from U.S. law enforcement for customer data” and that roughly 10,000 devices or accounts were targeted in the requests.
But that's pretty misleading, Google argues. Facebook's numbers aren't just letters from FISA courts; they're the sum of all law enforcement requests. That includes, by Facebook's admission, actions like "a local sheriff trying to find a missing child." Google already publishes court orders for information, minus those that come from FISA requests, in its biannual transparency report.
Facebook's numbers also include National Security Letters (NSL), a convoluted order the FBI sends that demands information but doesn't actually go through a court, in its figures. Google, which in March became the first company to report NSL data, keeps those numbers separate. It's unclear if the reason Facebook and Microsoft, but not Google, were permitted to include FISA orders in their total numbers is because Google had already released NSL data.
"We have always believed that it’s important to differentiate between different types of government requests,” Google announced in a statement Friday. The spokesperson continued:
“We already publish criminal requests separately from National Security Letters. ... Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”
Twitter's legal director, Benjamin Lee, cast his company with Google Saturday:
We agree with @Google: It's important to be able to publish numbers of national security requests—including FISA disclosures—separately.— Benjamin Lee (@BenL) June 15, 2013
The tech companies appear to agree that transparency is critical. Now it's just a matter of parsing the information.
H/T All Things D | Illustration by Jason Reed