When reports of the National Security Agency’s alleged program to gain “direct access” to large amounts of Internet communications (code-named PRISM) was first reported last week, the technology companies tied to the reports all denied participation in the surveillance program – but they also urged the government to allow for more transparency regarding the requests they do receive.
On Friday evening, after reaching an agreement with the FBI and Department of Justice, Facebook and Microsoft were the first companies to release transparency reports. Facebook revealed that the company received between 9,000 and 10,000 data requests from local, state and federal governments in the last six months of 2012. Within those, access or information about 18,000 to 19,000 individual Facebook accounts were requested. During that same period, Microsoft received between 6,000 and 7,000 requests for access to a total of 31,000 to 32,000 accounts.
“As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range,” Facebook General Counsel Ted Ullyot wrote in a Facebook blog post. “This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.
“These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat,” Ullyot wrote.
Ullyot reminded readers Facebook has more than 1 billion users, maintaining that “a tiny fraction of 1 percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months.”
Microsoft’s deputy general counsel, John Frank, made similar points in a post of his own: “This only impacts a tiny fraction of Microsoft’s global customer base.”
Facebook and Microsoft agreed that the numbers were a step toward providing greater transparency, but because of the nature of the classified and sensitive information, the government has not allowed for more to be disclosed.
“We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues,” Frank wrote.
Earlier this week, Facebook, Google and Microsoft petitioned the government to allow them to share more about the scope and size of the user-data requests.
Google, however, doesn’t think Facebook and Microsoft’s approach is helpful and is instead looking to just reveal the numbers of the requests national security requests on its own.
“We have always believed that it’s important to differentiate between different types of government requests,” Google said in a statement on Friday night. “We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”
According to Reuters, other technology companies have reached agreements with the government to release this sort of limited information about the number of surveillance requests they receive.