DOJ Says Tech Companies Can Sort Of Release FISA Numbers, But.. In A Way That Decreases Transparency

from the that's-not-good dept

Last week, we noted that Google had publicly requested from the DOJ that it be allowed to reveal information about the FISA surveillance requests it gets, and put them in its well-respected transparency report. Facebook, Microsoft and Twitter quickly followed with similar requests. Late Friday, the DOJ “gave permission,” but in perhaps the most useless way possible. Facebook was the first to post the data that the DOJ allowed it to post, and you might immediately see the problem:

As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range…

For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.

Right. So you may notice that this tells us absolutely nothing about the FISA requests. Because the only way that it could actually reveal anything was to bury them in with every other possible type of request. Facebook did, properly, point out that this wasn’t really all that transparent:

This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.

Microsoft posted something quite similar. And equally useless.

Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal).

Microsoft, too, noted the limitation that the DOJ gave them:

We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.

There is one interesting tidbit:

We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.

Considering that this surveillance program — the so-called “business records” search, which comes from Section 215 of the Patriot Act with a still-secret interpretation by the FISA Court that appears to allow blanket requests for pretty much all data — is the much more serious issue, it’s nice to see Microsoft being able to say that it has received no such orders.

Google and Twitter also both received the same “permission,” but both quickly realized that this was not transparency at all. Lumping in FISA requests with everything else does absolutely nothing to reveal the extent of those FISA requests. In fact, it obfuscates them:

“We have always believed that it’s important to differentiate between different types of government requests,” a Google spokesperson said in a statement. “We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”

Twitter responded with a simple tweet (you expected more?) from legal director Ben Lee, saying:

We agree with @Google: It’s important to be able to publish numbers of national security requests—including FISA disclosures—separately.

So, once again, we have the federal government pretending to be transparent, when it’s really not. It’s only trying to hide the actual number of FISA requests and the number of users impacted. Frankly, this whole demand for excess secrecy over these things makes no sense at all. What could we possibly be “alerting our enemies” to if there were broad general numbers of the number of FISA requests that were sent to Google, Twitter, Facebook and Microsoft? Sure, the actual information requested should remain secret. But the number of requests? That makes no sense at all.

Filed Under: , , , , , ,
Companies: facebook, google, microsoft, twitter

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ Says Tech Companies Can Sort Of Release FISA Numbers, But.. In A Way That Decreases Transparency”

Subscribe: RSS Leave a comment
49 Comments
out_of_the_blue says:

Here we go again, distancing evil NSA from friendly Google.

Google is part of the NSA, a self-funding commericial front.

This “leak” is almost definitely a limited hangout psyop. Anger is being focused at the NSA and diffused from the corporations. All will go on same as before, except that now the people are accustomed to a new level of tyranny.

Paraphrasing Naomi Wolf on Facebook: What’s the point of having the NSA sweep up all this data if the people don’t know about it and aren’t in fear?

Take a loopy tour of Techdirt.com! You always end up same place!
http://techdirt.com/
Where Mike’s “no evidence of real harm” means he wants to let secretive mega-corporations continue to grow.
01:36:53[b-297-8]

Anonymous Coward says:

Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.

OOTB, let me guess… you also believe the moon lands were a hoax, and there’s a counter earth on the other side of the sun…

On a more serious note, while Google is certainly not the bad guy in this story, they are by no means entirely innocent. Their own continued data mining, and target advertising programs collect massive amounts of sensitive information on their users. Its no small wonder why the NSA harasses them for this data…

On the other hand, perhaps the most important distinction is that Google, being a corporation has to abide by at least some laws, while the NSA has no such restriction, it can make, interpret or ignore laws as it sees fit.

Tim Griffiths (profile) says:

Re: Here we go again, distancing evil NSA from friendly Google.

Can we automatically replace his sig with the following from now on?

Take a loopy tour of out_of_the_Blue! You always end up nowhere near the topic at hand!
Where OOTB “I make up connections where none exist” lives up to his name to derail attempts to talk about topics he dislike.
01:36:53[b-297-8]

Chuck Norris' Enemy (deceased) (profile) says:

Re: So what, now we are supposed to trust what they are telling us?

spineless companies

Yes, if these companies have the data (as in the case of Google and Twitter) they should go ahead and publish them separately in spite of the “law.” Then let the government go after them…and maybe awaken the sheeple because the bad guy is messing with their Google/Twitter.

Jesse (profile) says:

Re: Re: So what, now we are supposed to trust what they are telling us?

Well based on what I read they can actually publish it. They are only allowed to publish ranges if it includes all law enforcement requests as well, right?

Well do that, but then publish the non-classified numbers separately. Being that it’s not classified or sealed, it’s a first amendment violation to prevent them from disclosing regular law enforcement requests.

Simple subtraction gives you the rest.

Anonymous Coward says:

So, once again, we have the federal government pretending to be transparent, when it’s really not. It’s only trying to hide the actual number of FISA requests and the number of users impacted.

It seems to me that request were made for more transparency, and they got more transparency. It isn’t complete and total transparency, but it’s more than before. Let me ask you this: Why is it so important to you that you have these exact numbers? I get the sense that you’re just complaining for the sake of complaining. Can you shed some light on what you’d do with those numbers? Can YOU be more transparent?

Michael (profile) says:

Re: Re:

This is a bit like asking for a document that was classified and when they finally say ‘ok, we will send you the document’ the entire thing except for the page numbers is redacted.

This isn’t ‘more transparency’. This is a 6 year old responding to ‘share the pizza’ by licking all of the slices and handing one to his brother.

Mark Murphy (profile) says:

Re: Re:

It seems to me that request were made for more transparency, and they got more transparency. It isn’t complete and total transparency, but it’s more than before.

To recap:

  • Twitter thinks it is less transparency
  • Facebook thinks it is less transparency
  • Google thinks it is less transparency
  • Microsoft thinks it is less transparency
  • An anonymous coward thinks it is more transparency
Anonymous Coward says:

Re: Re: Re:

It is not less transparency. It is more transparency granted the presupposition of no transparency at all if they hadn’t asked…

However, I think it is pretty clear that what is being asked for by Google/Twitter is a possibility to show something about the extend of the actual contriversial parts. Since that is not a possibility here, it is a very low value transparency, not showing anything at all about the extend of the more problematic requests. That makes the transparency next to worthless for these companies.

Anonymous Coward says:

We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.

I would argue that no data point is too small to conceal. By confirming that they have received no such orders, they enable a wily opponent to triangulate the data and obtain a “road map” of US intelligence activities.

RyanNerd (profile) says:

But... But... TERRORISM!!

One of the reasons that the number of requests that have to do with national security as a separate quantity is important is because proponents of these invasive and unconstitutional snooping measures keep yelling “but TERRORISM!” to justify their criminal data gathering efforts all in the name of national security. If we have at very least the number of requests pertaining to National Security then those who are screaming about how these invasive privacy violations have actually really prevented terrorist attacks then they may have at least a shaky leg to stand on.
But as it is now with the lack of transparency citizens are left to assume that these arguments of blanket data collection without probable cause and without a warrant are unjustified and certainly unconstitutional.

Anonymous Coward says:

it’s obviously been done like this because there were no threats retrieved or discovered about anyone, from anything, living anywhere, ie, NO TERRORIST THREATS! the one thing that did happen, that should have been discovered if all this surveillance had been any good, was the Boston Incident. the authorities either had learned nothing or ignored what they had learned, because the incident still occurred! therefore the whole surveillance thing was a waste of time and resources as the information used was all the ordinary stuff used by ordinary, local police! bit of a friggin’ joke, dont you think??

NerdOfAllTrades (profile) says:

Can't they work around this?

Google already releases the number of government requests that they get.

Can’t they say, “We have received 100,000 goverment request, including FISA requests.”

And then say, somewhere else, “We have received 50,000 X request, 20,000 Y requests, and 3,000 Z requests. We cannot disclose the number of FISA requests we have received.”

That, technically, would not be telling us how many FISA requests they’ve received, but reading between the lines, the number would look a lot like 27,000.

ike says:

Loophole

“We have always believed that it?s important to differentiate between different types of government requests,? a Google spokesperson said in a statement. ?We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users.

Google should published the aggregated result while continuing to publish the information they currently publish. As such, we could do a simple subtraction to get the information we desire.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...