Following reports that they have complied with a broad government spying program, technology companies have begun releasing more information about the national security-related requests for user information made by the federal government.
Facebook published a statement on its blog late Friday which gave a general idea of how many requests for information it received from the government in the second half of last year. Including national security letters, the total was from 9,000 to 10,000, relating to between 18,000 and 19,000 accounts.
Later on Friday, Microsoft posted a similar statement, saying it received from 6,000 to 7,000 criminal and national security warrants, subpoenas, and orders affecting from 31,000 to 32,000 consumer accounts in the U.S. The company said it was forbidden from saying whether any were Foreign Intelligence Surveillance Act orders, but if they were, they would be included in that total.
Both companies stressed that even the overall numbers of requests were tiny in comparison with their user bases. The number of national security-related requests likely make up a relatively small proportion of these requests. According to Ted Ullyot, Facebook’s general counsel:
With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.
John Frank, Microsoft’s deputy general counsel, wrote that what the government had asked for was far more modest than the general monitoring program described by the Guardian and Washington Post last week.
“We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers,” he wrote.
The companies named as participants in the Prism spying program have been pushing the government to allow them to release more information about their level of cooperation, presumably to counter reports that they believe have been blown out of proportion. Earlier in the week, Google said it received from 0 to 999 national security letters related to between 1,000 and 1,999 accounts in all of 2012.
On All Things D, Google argued that the information released by Facebook was inadequate. A company spokesperson told the blog:
We have always believed that it’s important to differentiate between different types of government requests. We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.
Google and Twitter have released transparency reports in the past, but they have not discussed national security letters. Still, these reports have gone further than Friday’s disclosures in one key way: They’ve said how often the companies have complied with the government’s requests for information. In 2012, Google says it complied with 88 percent to 90 percent of government requests for user data from the U.S.; Twitter says it did so from 69 percent to 75 percent of the time.
While Facebook’s statement did not include anything on this, the Wall Street Journal reported that the company had shared at least some information 79 percent of the time.