Google, Facebook In Transparency Battle Over PRISM Disclosures
Last night, what might be called a “transparency battle” erupted between Google and Facebook following Facebook’s disclosure of government-related user-data requests:
For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
Google then responded with a critique of Facebook’s disclosure. Google argues that FISA (foreign intelligence) related requests from the US should be separately identified vs. ordinary law enforcement data requests:
“We have always believed that it’s important to differentiate between different types of government requests. We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”
In other words, Google is saying: “we’re more transparent than you.” In fairness, Google has a much longer history and track record of publishing reports about government information requests than does Facebook. But, it’s sort of absurd that the competition between the companies plays out at every opportunity, even in this context.
Twitter then supported Google’s position that FISA requests should be identified separately.
Microsoft also published its own report but said, like Facebook, the US would only allow it to disclose law-enforcement requests in the aggregate rather than segment out FISA requests:
Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal). This only impacts a tiny fraction of Microsoft’s global customer base.
We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.
All of these statements are seemingly motivated by the companies’ desire to restore trust among users after the NSA Prism disclosures of last week. While the public seems to express disapproval over its emails being read, it’s not clear how much fallout there’s been for the tech companies accused of complicity with NSA surveillance.
From informal and anecdotal observation, there doesn’t seem to be any change in user behavior or mass effort to hold tech companies “accountable” in any way. The tech companies argue they’re required by US law to comply with NSA-FISA requests. Indeed, they are.
Most of the public’s ire — to the extent it exists — is directed toward the US. Polls taken by Pew, Gallup and CBS in the immediate aftermath of the NSA revelations show varying degrees of ambivalence or disapproval of government surveillance.
But, the entire issue is complex and the story is becoming more complicated as the NSA leaker Snowden begins to divulge more US classified information to the Chinese in an effort to make himself an intelligence asset and thereby avoid extradition.