U.S. Requests for Customer Data RevealedCompanies Describe Amount of Records Sought in First Half of '13
Six technology companies that sued the government to allow them to disclose secret requests for customer information under the Foreign Intelligence Surveillance Act have made their first revelations under the terms of an agreement reached late last month with the government.
The information released Feb. 3 by the companies - Google, Facebook, LinkedIn, Microsoft and Yahoo - is vague because the agreement allows for the reporting of only a range of requests and accounts affected. Apple released its information last week.
Regarding requests for content in customer accounts stored on their computers, here's what the companies reported:
- Apple received zero to 249 requests affecting zero to 249 accounts.
- Facebook received zero to 999 requests affecting 5,000 to 5,999 accounts.
- Google received zero to 999 requests affecting 9,000 to 9,999 accounts.
- LinkedIn received zero to 249 requests affecting zero to 249 accounts.
- Microsoft received zero to 999 requests affecting 15,000 to 15,999 accounts.
- Yahoo receive zero to 999 requests affecting 30,000 to 30,999 accounts.
"Receipt of an order does not mean the information that was sought was ultimately disclosed," says Brad Smith, Microsoft general counsel. "Microsoft has successfully challenged requests in court, and we will continue to contest orders that we believe lack legal validity."
A Bit of Transparency
The Obama administration on Jan. 27, in reaching agreement with the technology vendors, allowed them for the first time to publish data about the number of FISA orders they have received, the number of accounts or other identifiers about which the government sought information and whether those orders sought customer content or only metadata (see U.S. Eases Surveillance Disclosure Rules). The administration contends intelligence and law enforcement agencies seek the data as a way to help identify communications among suspected terrorists. However, critics of the initiative contend the collection program is too broad, exposing innocent, average citizens to the probing eyes of the government.
The companies say the government should let them be more transparent on reporting requests for customer data so the public can better understand how surveillance laws work and decide whether they serve the public interest. "We want to disclose the precise numbers and types of requests we receive, as well as the number of users they affect, in a timely way," says Richard Salgado, Google's legal director for law enforcement and information security. "That's why we need Congress to go another step further and pass legislation that will enable us to say more."
In its report, Apple also described requests for customer information from law enforcement agencies, not just federal intelligence agencies. Apple says 81 percent of the requests resulted in some data disclosure.
For the first half of 2013, Apple reported 927 requests from U.S. law enforcement for data that specified 2,330 accounts. Apple disclosed to authorities data for 747 accounts. The company objected to the requests 102 times. No data was disclosed for 254 account requests. Apple disclosed metadata for 601 requests.
Apple says it reviews each order, whether criminal or under a national security authority, to ensure that it is legally issued and is as narrowly tailored as possible. "If there is any question about the legitimacy or scope of the order, we challenge it," Apple says in a Jan. 27 statement. "Only when we are satisfied that the order is valid and appropriate do we deliver the narrowest possible set of information in response to that order."