DOJ Says Tech Companies Can Sort Of Release FISA Numbers, But.. In A Way That Decreases Transparency
from the that's-not-good dept
As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range...Right. So you may notice that this tells us absolutely nothing about the FISA requests. Because the only way that it could actually reveal anything was to bury them in with every other possible type of request. Facebook did, properly, point out that this wasn't really all that transparent:
For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.Microsoft posted something quite similar. And equally useless.
Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal).Microsoft, too, noted the limitation that the DOJ gave them:
We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.There is one interesting tidbit:
We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.Considering that this surveillance program -- the so-called "business records" search, which comes from Section 215 of the Patriot Act with a still-secret interpretation by the FISA Court that appears to allow blanket requests for pretty much all data -- is the much more serious issue, it's nice to see Microsoft being able to say that it has received no such orders.
Google and Twitter also both received the same "permission," but both quickly realized that this was not transparency at all. Lumping in FISA requests with everything else does absolutely nothing to reveal the extent of those FISA requests. In fact, it obfuscates them:
“We have always believed that it’s important to differentiate between different types of government requests,” a Google spokesperson said in a statement. “We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”Twitter responded with a simple tweet (you expected more?) from legal director Ben Lee, saying:
We agree with @Google: It's important to be able to publish numbers of national security requests—including FISA disclosures—separately.So, once again, we have the federal government pretending to be transparent, when it's really not. It's only trying to hide the actual number of FISA requests and the number of users impacted. Frankly, this whole demand for excess secrecy over these things makes no sense at all. What could we possibly be "alerting our enemies" to if there were broad general numbers of the number of FISA requests that were sent to Google, Twitter, Facebook and Microsoft? Sure, the actual information requested should remain secret. But the number of requests? That makes no sense at all.