DOJ Says Tech Companies Can Sort Of Release FISA Numbers, But.. In A Way That Decreases Transparency
from the that's-not-good dept
Last week, we noted that Google had publicly requested from the DOJ that it be allowed to reveal information about the FISA surveillance requests it gets, and put them in its well-respected transparency report. Facebook, Microsoft and Twitter quickly followed with similar requests. Late Friday, the DOJ “gave permission,” but in perhaps the most useless way possible. Facebook was the first to post the data that the DOJ allowed it to post, and you might immediately see the problem:
As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range…
For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
Right. So you may notice that this tells us absolutely nothing about the FISA requests. Because the only way that it could actually reveal anything was to bury them in with every other possible type of request. Facebook did, properly, point out that this wasn’t really all that transparent:
This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.
Microsoft posted something quite similar. And equally useless.
Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal).
Microsoft, too, noted the limitation that the DOJ gave them:
We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.
There is one interesting tidbit:
We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.
Considering that this surveillance program — the so-called “business records” search, which comes from Section 215 of the Patriot Act with a still-secret interpretation by the FISA Court that appears to allow blanket requests for pretty much all data — is the much more serious issue, it’s nice to see Microsoft being able to say that it has received no such orders.
Google and Twitter also both received the same “permission,” but both quickly realized that this was not transparency at all. Lumping in FISA requests with everything else does absolutely nothing to reveal the extent of those FISA requests. In fact, it obfuscates them:
“We have always believed that it’s important to differentiate between different types of government requests,” a Google spokesperson said in a statement. “We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”
Twitter responded with a simple tweet (you expected more?) from legal director Ben Lee, saying:
We agree with @Google: It’s important to be able to publish numbers of national security requests—including FISA disclosures—separately.
So, once again, we have the federal government pretending to be transparent, when it’s really not. It’s only trying to hide the actual number of FISA requests and the number of users impacted. Frankly, this whole demand for excess secrecy over these things makes no sense at all. What could we possibly be “alerting our enemies” to if there were broad general numbers of the number of FISA requests that were sent to Google, Twitter, Facebook and Microsoft? Sure, the actual information requested should remain secret. But the number of requests? That makes no sense at all.
Filed Under: doj, fisa, fisa court, fisa requests, fisc, transparency, transparency report
Companies: facebook, google, microsoft, twitter
Comments on “DOJ Says Tech Companies Can Sort Of Release FISA Numbers, But.. In A Way That Decreases Transparency”
Here we go again, distancing evil NSA from friendly Google.
Google is part of the NSA, a self-funding commericial front.
This “leak” is almost definitely a limited hangout psyop. Anger is being focused at the NSA and diffused from the corporations. All will go on same as before, except that now the people are accustomed to a new level of tyranny.
Paraphrasing Naomi Wolf on Facebook: What’s the point of having the NSA sweep up all this data if the people don’t know about it and aren’t in fear?
Take a loopy tour of Techdirt.com! You always end up same place!
http://techdirt.com/
Where Mike’s “no evidence of real harm” means he wants to let secretive mega-corporations continue to grow.
01:36:53[b-297-8]
Re: Here we go again, distancing evil NSA from friendly Google.
“Google is part of the NSA”
Did that face palm moment give you a concussion
Re: Re: Here we go again, distancing evil NSA from friendly Google.
Most entertaining conspiracy theory I’ve heard in the last five hours… of course the only OTHER conspiracy theory I’ve run across today involved the Illuminati… so the competition isn’t really what you’d call fierce.
Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.
OOTB, let me guess… you also believe the moon lands were a hoax, and there’s a counter earth on the other side of the sun…
On a more serious note, while Google is certainly not the bad guy in this story, they are by no means entirely innocent. Their own continued data mining, and target advertising programs collect massive amounts of sensitive information on their users. Its no small wonder why the NSA harasses them for this data…
On the other hand, perhaps the most important distinction is that Google, being a corporation has to abide by at least some laws, while the NSA has no such restriction, it can make, interpret or ignore laws as it sees fit.
Re: Re: Re:2 Here we go again, distancing evil NSA from friendly Google.
moon landINGs… and targetED advertising, man nothing stinks more than catching typos after you hit submit.
Re: Here we go again, distancing evil NSA from friendly Google.
Google is part of the NSA, a self-funding commericial front.
Marked as funny! You intended to be funny, right?
Re: Here we go again, distancing evil NSA from friendly Google.
WTF… Are you a former Google employee? They fired you for incompetence and now all you do is spend all day at your gas pump attendant job poking away on your phone on blogs bashing Google.
Re: Re: Here we go again, distancing evil NSA from friendly Google.
I think she’s been sniffing the gas.
This is Cathy: http://3dblogger.typepad.com/wired_state/google_witch_hunters.html
Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.
This is Cathy:
I keep seeing comments saying that this Cathy person is OOTB.
Is there any proof of this connection or is it just someone’s hunch?
Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.
TL;DR
Re: Here we go again, distancing evil NSA from friendly Google.
Can we automatically replace his sig with the following from now on?
Take a loopy tour of out_of_the_Blue! You always end up nowhere near the topic at hand!
Where OOTB “I make up connections where none exist” lives up to his name to derail attempts to talk about topics he dislike.
01:36:53[b-297-8]
Hey Mike,
As long as you’re milking this, it’d help if you gave us the text of the Act that you’re talking about. E.g., http://www.law.cornell.edu/uscode/text/50/1861
Re: Re:
Fuck off back to the dairy.
Re: Re: Re:
If Mike is going to discuss the text of the statute, it makes sense to me that he’d provide the text of the statute. Basic stuff, IMO. I thought that post was relatively civil on my part. Should I start acting like you?
Re: Re: Re: Re:
No. You should go back to the dairy.
Re: Re: Re:2 Re:
Anyone else get the idea that average_joe was a cow in a past life and he’s got some traumatic past involving getting his nipples pinched over and over?
Re: Re: Re: Re:
Keyword relatively. Has in, accusing someone of sodomizing a cat to death with a cucumber would be relatively civil compared to your recent string of missives.
No, that you’ve set the bar so low recently is not a free pass.
Re: Re:
It’s so satisfyingly hilarious that when Mike milks a subject, you get all asshurt.
So what, now we are supposed to trust what they are telling us?
I for one was not shocked by this but do the tech companies honestly expect us to now trust them? Srsly? They can take a flying ….. at a rolling doughnut. I will never trust any of these spineless companies again.
Re: So what, now we are supposed to trust what they are telling us?
spineless companies
Yes, if these companies have the data (as in the case of Google and Twitter) they should go ahead and publish them separately in spite of the “law.” Then let the government go after them…and maybe awaken the sheeple because the bad guy is messing with their Google/Twitter.
Re: Re: So what, now we are supposed to trust what they are telling us?
Well based on what I read they can actually publish it. They are only allowed to publish ranges if it includes all law enforcement requests as well, right?
Well do that, but then publish the non-classified numbers separately. Being that it’s not classified or sealed, it’s a first amendment violation to prevent them from disclosing regular law enforcement requests.
Simple subtraction gives you the rest.
So, once again, we have the federal government pretending to be transparent, when it’s really not. It’s only trying to hide the actual number of FISA requests and the number of users impacted.
It seems to me that request were made for more transparency, and they got more transparency. It isn’t complete and total transparency, but it’s more than before. Let me ask you this: Why is it so important to you that you have these exact numbers? I get the sense that you’re just complaining for the sake of complaining. Can you shed some light on what you’d do with those numbers? Can YOU be more transparent?
Re: Re:
This is a bit like asking for a document that was classified and when they finally say ‘ok, we will send you the document’ the entire thing except for the page numbers is redacted.
This isn’t ‘more transparency’. This is a 6 year old responding to ‘share the pizza’ by licking all of the slices and handing one to his brother.
Re: Re:
To recap:
Re: Re: Re:
How is it LESS transparency if they are now allowed to release numbers that they previously weren’t allowed to release? Am I missing something?
Re: Re: Re: Re:
It’s “LESS” because they were already allowed to release most of these numbers anyway and now they’re not allowed to release them without aggregating them. The numbers are less clear than before hence less transparent.
Re: Re: Re: Re:
C’mon Joe, you’re not that dumb. You know that the numbers are pretty arbitrary and they’re not what people are looking for.
Re: Re: Re: Re:
look at the shiny
Re: Re: Re: Re:
I assume you know the exact number of FISA requests don’t you? I mean, it is TRANSPARENT, right? My guess is that these companies received any number of FISA requests varying from 0 to infinity. Sounds transparent!
Re: Re: Re:
It is not less transparency. It is more transparency granted the presupposition of no transparency at all if they hadn’t asked…
However, I think it is pretty clear that what is being asked for by Google/Twitter is a possibility to show something about the extend of the actual contriversial parts. Since that is not a possibility here, it is a very low value transparency, not showing anything at all about the extend of the more problematic requests. That makes the transparency next to worthless for these companies.
Re: Re:
A small number of FISA requests would make the program look expensive for what it is achieving. A large number of such requests would indicate abuse.
Re: Re: Re:
Seems to me you’d need more information than the number of requests to judge those things.
Re: Re: Re: Re:
If say 5,000 out of 10,000 requests were FISA requests, then one could conclude that they were interpreting terrorist rather more broadly that the public, like including protest leaders. If there were only one or two, the value of a total surveillance program is called into doubt.
Re: Re: Re: Re:
Great, let’s have it. Where this information now? Oh it’s classified? Well then what the fuck are you on about?
Google
What we really need is for someone to have access to all of the phone and email records of Google so we could determine how often the NSA is contacting them about this kind of thing.
Hmm…I wonder where I might find a collection of such information…
We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.
I would argue that no data point is too small to conceal. By confirming that they have received no such orders, they enable a wily opponent to triangulate the data and obtain a “road map” of US intelligence activities.
presenting the counts
These companies are only allowed to present the national security requests mixed in with other numbers, you know, for obfuscation purposes. Is there a way to get the “other” numbers without the obfuscated national security numbers? Because, you know, analysing the “other stuff” without the obfuscation is important too…..
Are they allowed to publish the numbers for the other types of requests individually (if they can get them) and let the users do the maths?
🙂
Re: Re:
That was my thought. Google said they already publish law enforcement requests, so publishing the aggregate data for that and FISA requests should make it a simple matter of subtraction to find the number of FISA requests alone.
Re: Re: Re:
My thought too. They don’t need permission from the federal government to do that.
Re: Re: Re:
They could also do something similar with the ranges.
“We’ve received between (read: more than) 15576 and (read: less than) 15578 requests during the specific time frame.”
Re: Re: Re: Re:
Better idea, abuse the range request by lowering the accuracy.
Technically between 70,000 and 900 million contains the real number in the range.
But... But... TERRORISM!!
One of the reasons that the number of requests that have to do with national security as a separate quantity is important is because proponents of these invasive and unconstitutional snooping measures keep yelling “but TERRORISM!” to justify their criminal data gathering efforts all in the name of national security. If we have at very least the number of requests pertaining to National Security then those who are screaming about how these invasive privacy violations have actually really prevented terrorist attacks then they may have at least a shaky leg to stand on.
But as it is now with the lack of transparency citizens are left to assume that these arguments of blanket data collection without probable cause and without a warrant are unjustified and certainly unconstitutional.
it’s obviously been done like this because there were no threats retrieved or discovered about anyone, from anything, living anywhere, ie, NO TERRORIST THREATS! the one thing that did happen, that should have been discovered if all this surveillance had been any good, was the Boston Incident. the authorities either had learned nothing or ignored what they had learned, because the incident still occurred! therefore the whole surveillance thing was a waste of time and resources as the information used was all the ordinary stuff used by ordinary, local police! bit of a friggin’ joke, dont you think??
Why do I need to be afraid of a foreign ‘enemy’ when my own government is acting this way? All the violations of constitutional rights I was raised to despise Russia and China for are now somehow magically justified if done to us by our own government? What’s the real difference between any of them?
Or is that a secret too?
Re: Re:
There is a subtle difference between governments.
Under the socialist system, the government owned the corporations, and ran the country to suite the elite.
Under capitalism, the corporations own the government, and run the country to suite the elite.
Can't they work around this?
Google already releases the number of government requests that they get.
Can’t they say, “We have received 100,000 goverment request, including FISA requests.”
And then say, somewhere else, “We have received 50,000 X request, 20,000 Y requests, and 3,000 Z requests. We cannot disclose the number of FISA requests we have received.”
That, technically, would not be telling us how many FISA requests they’ve received, but reading between the lines, the number would look a lot like 27,000.
So why didn’t the companies then post the total number of requests in aggregate and then, post the total number of requests without the FISA requests added in?
Seems simple to me, they would have obeyed the rules, yet still got the info out.
Loophole
Google should published the aggregated result while continuing to publish the information they currently publish. As such, we could do a simple subtraction to get the information we desire.