Google, Facebook and Microsoft have all asked the US government for permission to include data requests made under the Foreign Intelligence Surveillance Act (FISA), requests that are currently so secret that they’re not even allowed to acknowledge if they’ve received any.
During the whirlwind of news about the PRISM/NSA scandal, news has circulated that all three companies are providing large amounts of data to the US National Security Agency (NSA) because of FISA.
Google Asks To Talk About FISA
In today’s letter to the US Attorney General’s office and FBI, Google’s top legal officer, David Drummond, fights back by pointing out that the government doesn’t allow Google to include them — and that if it could as part of its Google Transparency Report, it would show there is no widespread sharing:
Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.
We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.
I’ve added the bold part, notable because it actually acknowledges that Google does indeed get FISA requests. This really wasn’t in doubt, but Google’s standard statement until now was designed to not even admit it might have received any, to avoid violating the law.
This is what it said last week when asked I asked about FISA requests, a standard statement it had been giving anyone who asked:
Due to US legal constraints we don’t discuss any legal requests issued under the national security laws, including provisions in the Foreign Intelligence Surveillance Act (FISA). The exception: We were able to add general data about the number of National Security Letters we receive to our Transparency Report in March after discussions with U.S. government officials.
That was part of a story where I explained the difference between Google, and the other companies, responding to limited one-off requests versus sharing data wholescale, as the PRISM system has been reported as allowing. The stories below have more about this:
- Did Tech Companies Have Checkout & Delivery System For Gov’t Access To Their Data?
- PRISM, The Tech Companies & Monitoring Versus Requests
Google has also explained to Wired that that it uses a secure FTP system to deliver data when it receives legal requests, which is much different than providing an ongoing, on-demand streams without any review.
Facebook & Microsoft Follow With Similar Requests
Facebook issued a similar statement today, after Google’s appeared:
As Mark said last week, we strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe.
In the past, we have questioned the value of releasing a transparency report that, because of exactly these types of government restrictions on disclosure, is necessarily incomplete and therefore potentially misleading to users. We would welcome the opportunity to provide a transparency report that allows us to share with those who use Facebook around the world a complete picture of the government requests we receive, and how we respond.
We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive, and look forward to publishing a report that includes that information.
Microsoft also issued a similar statement after Google’s, as reported by Reuters:
Permitting greater transparency on the aggregate volume and scope of national security requests, including FISA (Foreign Intelligence Surveillance Act) orders, would help the community understand and debate these important issues….
Our recent report went as far as we legally could and the government should take action to allow companies to provide additional transparency.
Unlike Google, neither of the other companies acknowledges receiving FISA requests (though it’s pretty certain they have). Facebook stays safe by not mentioning FISA at all; Microsoft names it but never says that it has actually received FISA requests.