Facebook Releases Information on Security Data RequestsBrian Womack and Sylvia Wier
Facebook Inc. and Microsoft Corp. said they received thousands of warrants for data from government entities in the U.S. during the second half of 2012.
Facebook received 9,000 to 10,000 requests, while Microsoft got 6,000 to 7,000, their legal executives said in blog posts yesterday. The companies, seeking to reassure users that authorities don’t have unfettered access to personal details, said the numbers are a “tiny fraction” of their user bases.
Google Inc., Facebook and Microsoft asked the U.S. government for more leeway this week to report aggregate numbers of data requests, following reports that the U.S. National Security Agency is collecting millions of residents’ telephone records and the Web communications of foreigners under court order. While the companies have denied giving authorities direct access to their systems, thousands of technology, finance and manufacturing businesses are swapping intelligence with security agencies, four people familiar with the process said.
“With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request” during the six months, Ted Ullyot, Facebook’s general counsel, said in a blog post. “We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.”
Facebook, based in Menlo Park, California, said it complied with 79 percent of the requests. Inquiries sent to Facebook covered between 18,000 and 19,000 accounts and included everything from local governments to NSA requests, according to the company.
Microsoft said the data-security warrants affected 31,000 to 32,000 consumer accounts.
“This only impacts a tiny fraction of Microsoft’s global customer base,” John Frank, Microsoft’s deputy general counsel wrote in a blog post. “We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues.”
Both companies said they will push to release more information to restore public confidence in the security of their data.
Google, based in Mountain View, California, is also holding discussions with authorities to disclose more information about national-security requests, two other people with knowledge of the matter said. The world’s biggest search provider said it has “nothing to hide,” according to an open letter to Attorney General Eric Holder and Federal Bureau of Investigation Director Robert Mueller released this week.
“Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made,” David Drummond, chief legal officer at Google, wrote on a June 11 blog post.
Google, in response to Facebook and Microsoft’s disclosures, said it’s pushing authorities to let it differentiate between varying types of government requests.
“Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately,” the company said in an e-mailed statement, referring to the Foreign Intelligence Surveillance Act.
Andrew Ames, a spokesman for the Justice Department, said the U.S. had “reached agreements with certain providers” to allow the publication of additional data pertaining to government requests for user data -- part of a continued effort to work with data providers “to afford greater transparency to the public while preserving confidentiality required for law enforcement or national security reasons.”
“These aggregate totals include all instances in which a government entity has served lawful process on the providers –- be it a grand jury subpoena or search warrant in a criminal matter, a national security letter, a court order under FISA, or another type of request pursuant to statutory authorization,” Ames said in a statement.
AllThingsD reported the Web companies’ talks with the government yesterday.
The role of private companies has come under scrutiny since Edward Snowden, a computer technician who did work for the NSA, disclosed this month that the agency is collecting data under a U.S. government program code-named PRISM. The project traces its roots to warrantless domestic-surveillance efforts under former President George W. Bush. According to slides provided by Snowden, PRISM gathers e-mails, videos and other private data of foreign surveillance targets through arrangements that vary by company, overseen by a secret panel of judges.
The technology companies said they hand over data to the government only when compelled by law to do so. AOL Inc., Apple Inc. and Paltalk.com released statements saying they’ve never heard of PRISM and don’t give authorities access without a court order.
Google is seeking to disclose requests within the rules of national security laws, including FISA. The three-decade-old law lets intelligence agencies monitor the communications of non-U.S. citizens reasonably believed to be located outside the U.S. and involved in terrorist activities or other crimes.
Along with the NSA, the Central Intelligence Agency, the Federal Bureau of Investigation and branches of the U.S. military have agreements with companies to gather data that might seem innocuous yet could be highly useful in the hands of U.S. intelligence or cyberwarfare units, according to the people, who have either worked for the government or are in companies that have these accords.