DOJ Says Tech Companies Can Sort Of Release FISA Numbers, But.. In A Way That Decreases Transparency

from the that's-not-good dept

Mon, Jun 17th 2013 5:28am — Mike Masnick

Last week, we noted that Google had publicly requested from the DOJ that it be allowed to reveal information about the FISA surveillance requests it gets, and put them in its well-respected transparency report. Facebook, Microsoft and Twitter quickly followed with similar requests. Late Friday, the DOJ "gave permission," but in perhaps the most useless way possible. Facebook was the first to post the data that the DOJ allowed it to post, and you might immediately see the problem:

As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range...

For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.

Right. So you may notice that this tells us absolutely nothing about the FISA requests. Because the only way that it could actually reveal anything was to bury them in with every other possible type of request. Facebook did, properly, point out that this wasn't really all that transparent:

This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.

Microsoft posted something quite similar. And equally useless.

Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal).

Microsoft, too, noted the limitation that the DOJ gave them:

We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.

There is one interesting tidbit:

We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.

Considering that this surveillance program -- the so-called "business records" search, which comes from Section 215 of the Patriot Act with a still-secret interpretation by the FISA Court that appears to allow blanket requests for pretty much all data -- is the much more serious issue, it's nice to see Microsoft being able to say that it has received no such orders.

Google and Twitter also both received the same "permission," but both quickly realized that this was not transparency at all. Lumping in FISA requests with everything else does absolutely nothing to reveal the extent of those FISA requests. In fact, it obfuscates them:

“We have always believed that it’s important to differentiate between different types of government requests,” a Google spokesperson said in a statement. “We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”

Twitter responded with a simple tweet (you expected more?) from legal director Ben Lee, saying:

We agree with @Google: It's important to be able to publish numbers of national security requests—including FISA disclosures—separately.

So, once again, we have the federal government pretending to be transparent, when it's really not. It's only trying to hide the actual number of FISA requests and the number of users impacted. Frankly, this whole demand for excess secrecy over these things makes no sense at all. What could we possibly be "alerting our enemies" to if there were broad general numbers of the number of FISA requests that were sent to Google, Twitter, Facebook and Microsoft? Sure, the actual information requested should remain secret. But the number of requests? That makes no sense at all.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, fisa, fisa court, fisa requests, fisc, transparency, transparency report
Companies: facebook, google, microsoft, twitter

49 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

This comment has been flagged by the community. Click here to show it

out_of_the_blue, 17 Jun 2013 @ 5:37am

Here we go again, distancing evil NSA from friendly Google.
Google is part of the NSA, a self-funding commericial front.

This "leak" is almost definitely a limited hangout psyop. Anger is being focused at the NSA and diffused from the corporations. All will go on same as before, except that now the people are accustomed to a new level of tyranny.

Paraphrasing Naomi Wolf on Facebook: What's the point of having the NSA sweep up all this data if the people don't know about it and aren't in fear?

Take a loopy tour of Techdirt.com! You always end up same place!
http://techdirt.com/
Where Mike's "no evidence of real harm" means he wants to let secretive mega-corporations continue to grow.
01:36:53[b-297-8]
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 17 Jun 2013 @ 5:40am

Hey Mike,

As long as you're milking this, it'd help if you gave us the text of the Act that you're talking about. E.g., http://www.law.cornell.edu/uscode/text/50/1861
[ link to this | view in thread ]
Richard Ahlquist, 17 Jun 2013 @ 5:44am

So what, now we are supposed to trust what they are telling us?
I for one was not shocked by this but do the tech companies honestly expect us to now trust them? Srsly? They can take a flying ..... at a rolling doughnut. I will never trust any of these spineless companies again.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 5:50am

Re:
Fuck off back to the dairy.
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 17 Jun 2013 @ 5:55am

So, once again, we have the federal government pretending to be transparent, when it's really not. It's only trying to hide the actual number of FISA requests and the number of users impacted.

It seems to me that request were made for more transparency, and they got more transparency. It isn't complete and total transparency, but it's more than before. Let me ask you this: Why is it so important to you that you have these exact numbers? I get the sense that you're just complaining for the sake of complaining. Can you shed some light on what you'd do with those numbers? Can YOU be more transparent?
[ link to this | view in thread ]
Michael, 17 Jun 2013 @ 5:58am

Google
What we really need is for someone to have access to all of the phone and email records of Google so we could determine how often the NSA is contacting them about this kind of thing.

Hmm...I wonder where I might find a collection of such information...
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 17 Jun 2013 @ 5:58am

Re: Re:
If Mike is going to discuss the text of the statute, it makes sense to me that he'd provide the text of the statute. Basic stuff, IMO. I thought that post was relatively civil on my part. Should I start acting like you?
[ link to this | view in thread ]
Michael, 17 Jun 2013 @ 6:01am

Re:
This is a bit like asking for a document that was classified and when they finally say 'ok, we will send you the document' the entire thing except for the page numbers is redacted.

This isn't 'more transparency'. This is a 6 year old responding to 'share the pizza' by licking all of the slices and handing one to his brother.
[ link to this | view in thread ]
Zakida Paul (profile), 17 Jun 2013 @ 6:04am

Re: Here we go again, distancing evil NSA from friendly Google.
"Google is part of the NSA"

Did that face palm moment give you a concussion
[ link to this | view in thread ]
Mark Murphy (profile), 17 Jun 2013 @ 6:05am

Re:
It seems to me that request were made for more transparency, and they got more transparency. It isn't complete and total transparency, but it's more than before.

To recap:
- Twitter thinks it is less transparency
- Facebook thinks it is less transparency
- Google thinks it is less transparency
- Microsoft thinks it is less transparency
- An anonymous coward thinks it is more transparency
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:06am

Re:
A small number of FISA requests would make the program look expensive for what it is achieving. A large number of such requests would indicate abuse.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:10am

We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.

I would argue that no data point is too small to conceal. By confirming that they have received no such orders, they enable a wily opponent to triangulate the data and obtain a "road map" of US intelligence activities.
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 17 Jun 2013 @ 6:10am

Re: Re:
How is it LESS transparency if they are now allowed to release numbers that they previously weren't allowed to release? Am I missing something?
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 17 Jun 2013 @ 6:14am

Re: Re:
Seems to me you'd need more information than the number of requests to judge those things.
[ link to this | view in thread ]
TasMot (profile), 17 Jun 2013 @ 6:22am

presenting the counts
These companies are only allowed to present the national security requests mixed in with other numbers, you know, for obfuscation purposes. Is there a way to get the "other" numbers without the obfuscated national security numbers? Because, you know, analysing the "other stuff" without the obfuscation is important too.....
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:25am

Are they allowed to publish the numbers for the other types of requests individually (if they can get them) and let the users do the maths?

:)
[ link to this | view in thread ]
Starke (profile), 17 Jun 2013 @ 6:28am

Re: Re: Here we go again, distancing evil NSA from friendly Google.
Most entertaining conspiracy theory I've heard in the last five hours... of course the only OTHER conspiracy theory I've run across today involved the Illuminati... so the competition isn't really what you'd call fierce.
[ link to this | view in thread ]
Anonymous Howard (profile), 17 Jun 2013 @ 6:30am

Re: Re: Re:
No. You should go back to the dairy.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:33am

Re: Re: Re:
If say 5,000 out of 10,000 requests were FISA requests, then one could conclude that they were interpreting terrorist rather more broadly that the public, like including protest leaders. If there were only one or two, the value of a total surveillance program is called into doubt.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:36am

Re: Re: Re:
Keyword relatively. Has in, accusing someone of sodomizing a cat to death with a cucumber would be relatively civil compared to your recent string of missives.

No, that you've set the bar so low recently is not a free pass.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:38am

Re: Re: Re:
It's "LESS" because they were already allowed to release most of these numbers anyway and now they're not allowed to release them without aggregating them. The numbers are less clear than before hence less transparent.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:38am

Re:
That was my thought. Google said they already publish law enforcement requests, so publishing the aggregate data for that and FISA requests should make it a simple matter of subtraction to find the number of FISA requests alone.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:38am

Re: Re: Re:
Great, let's have it. Where this information now? Oh it's classified? Well then what the fuck are you on about?
[ link to this | view in thread ]
RyanNerd (profile), 17 Jun 2013 @ 6:43am

But... But... TERRORISM!!
One of the reasons that the number of requests that have to do with national security as a separate quantity is important is because proponents of these invasive and unconstitutional snooping measures keep yelling "but TERRORISM!" to justify their criminal data gathering efforts all in the name of national security. If we have at very least the number of requests pertaining to National Security then those who are screaming about how these invasive privacy violations have actually really prevented terrorist attacks then they may have at least a shaky leg to stand on.
But as it is now with the lack of transparency citizens are left to assume that these arguments of blanket data collection without probable cause and without a warrant are unjustified and certainly unconstitutional.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:47am

it's obviously been done like this because there were no threats retrieved or discovered about anyone, from anything, living anywhere, ie, NO TERRORIST THREATS! the one thing that did happen, that should have been discovered if all this surveillance had been any good, was the Boston Incident. the authorities either had learned nothing or ignored what they had learned, because the incident still occurred! therefore the whole surveillance thing was a waste of time and resources as the information used was all the ordinary stuff used by ordinary, local police! bit of a friggin' joke, dont you think??
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 17 Jun 2013 @ 6:48am

Re:
It's so satisfyingly hilarious that when Mike milks a subject, you get all asshurt.
[ link to this | view in thread ]
Lowestofthekeys (profile), 17 Jun 2013 @ 6:49am

Re: Re: Re:
C'mon Joe, you're not that dumb. You know that the numbers are pretty arbitrary and they're not what people are looking for.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:53am

Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.
OOTB, let me guess... you also believe the moon lands were a hoax, and there's a counter earth on the other side of the sun...

On a more serious note, while Google is certainly not the bad guy in this story, they are by no means entirely innocent. Their own continued data mining, and target advertising programs collect massive amounts of sensitive information on their users. Its no small wonder why the NSA harasses them for this data...

On the other hand, perhaps the most important distinction is that Google, being a corporation has to abide by at least *some* laws, while the NSA has no such restriction, it can make, interpret or ignore laws as it sees fit.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:55am

Re: Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.
moon landINGs... and targetED advertising, man nothing stinks more than catching typos *after* you hit submit.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 6:57am

Re: Re: Re:
look at the shiny
[ link to this | view in thread ]
Chuck Norris' Enemy (deceased) (profile), 17 Jun 2013 @ 6:57am

Re: So what, now we are supposed to trust what they are telling us?
spineless companies

Yes, if these companies have the data (as in the case of Google and Twitter) they should go ahead and publish them separately in spite of the "law." Then let the government go after them...and maybe awaken the sheeple because the bad guy is messing with their Google/Twitter.
[ link to this | view in thread ]
Ninja (profile), 17 Jun 2013 @ 7:01am

Re: Here we go again, distancing evil NSA from friendly Google.
Google is part of the NSA, a self-funding commericial front.

Marked as funny! You intended to be funny, right?
[ link to this | view in thread ]
weneedhelp (profile), 17 Jun 2013 @ 7:01am

Re: Here we go again, distancing evil NSA from friendly Google.
WTF... Are you a former Google employee? They fired you for incompetence and now all you do is spend all day at your gas pump attendant job poking away on your phone on blogs bashing Google.
[ link to this | view in thread ]
Ninja (profile), 17 Jun 2013 @ 7:03am

Re: Re: Re:
I assume you know the exact number of FISA requests don't you? I mean, it is TRANSPARENT, right? My guess is that these companies received any number of FISA requests varying from 0 to infinity. Sounds transparent!
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 7:10am

Re: Re:
It is not less transparency. It is more transparency granted the presupposition of no transparency at all if they hadn't asked...

However, I think it is pretty clear that what is being asked for by Google/Twitter is a possibility to show something about the extend of the actual contriversial parts. Since that is not a possibility here, it is a very low value transparency, not showing anything at all about the extend of the more problematic requests. That makes the transparency next to worthless for these companies.
[ link to this | view in thread ]
Tim Griffiths (profile), 17 Jun 2013 @ 7:24am

Re: Here we go again, distancing evil NSA from friendly Google.
Can we automatically replace his sig with the following from now on?

Take a loopy tour of out_of_the_Blue! You always end up nowhere near the topic at hand!
Where OOTB "I make up connections where none exist" lives up to his name to derail attempts to talk about topics he dislike.
01:36:53[b-297-8]
[ link to this | view in thread ]
Pragmatic, 17 Jun 2013 @ 7:24am

Re: Re: Here we go again, distancing evil NSA from friendly Google.
I think she's been sniffing the gas.

This is Cathy: http://3dblogger.typepad.com/wired_state/google_witch_hunters.html
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 7:26am

Re: Re: Re: Re:
Anyone else get the idea that average_joe was a cow in a past life and he's got some traumatic past involving getting his nipples pinched over and over?
[ link to this | view in thread ]
Votre (profile), 17 Jun 2013 @ 7:37am

Why do I need to be afraid of a foreign 'enemy' when my own government is acting this way? All the violations of constitutional rights I was raised to despise Russia and China for are now somehow magically justified if done to us by our own government? What's the real difference between any of them?

Or is that a secret too?
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 8:35am

Re:
There is a subtle difference between governments.
Under the socialist system, the government owned the corporations, and ran the country to suite the elite.
Under capitalism, the corporations own the government, and run the country to suite the elite.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 9:44am

Re: Re:
My thought too. They don't need permission from the federal government to do that.
[ link to this | view in thread ]
NerdOfAllTrades, 17 Jun 2013 @ 10:32am

Can't they work around this?
Google already releases the number of government requests that they get.

Can't they say, "We have received 100,000 goverment request, including FISA requests."

And then say, somewhere else, "We have received 50,000 X request, 20,000 Y requests, and 3,000 Z requests. We cannot disclose the number of FISA requests we have received."

That, technically, would not be telling us how many FISA requests they've received, but reading between the lines, the number would look a lot like 27,000.
[ link to this | view in thread ]
Anonymous Coward, 17 Jun 2013 @ 11:31am

Re: Re:
They could also do something similar with the ranges.

"We've received between (read: more than) 15576 and (read: less than) 15578 requests during the specific time frame."
[ link to this | view in thread ]
Dementia (profile), 17 Jun 2013 @ 11:55am

So why didn't the companies then post the total number of requests in aggregate and then, post the total number of requests without the FISA requests added in?

Seems simple to me, they would have obeyed the rules, yet still got the info out.
[ link to this | view in thread ]
Gwiz (profile), 17 Jun 2013 @ 12:11pm

Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.
This is Cathy:

I keep seeing comments saying that this Cathy person is OOTB.

Is there any proof of this connection or is it just someone's hunch?
[ link to this | view in thread ]
ike, 17 Jun 2013 @ 12:15pm

Loophole
"We have always believed that it�s important to differentiate between different types of government requests,� a Google spokesperson said in a statement. �We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users.
Google should published the aggregated result while continuing to publish the information they currently publish. As such, we could do a simple subtraction to get the information we desire.
[ link to this | view in thread ]
BearGriz72 (profile), 17 Jun 2013 @ 3:59pm

Re: Re: Re: Here we go again, distancing evil NSA from friendly Google.
TL;DR
[ link to this | view in thread ]
Jesse (profile), 17 Jun 2013 @ 7:02pm

Re: Re: So what, now we are supposed to trust what they are telling us?
Well based on what I read they can actually publish it. They are only allowed to publish ranges if it includes all law enforcement requests as well, right?

Well do that, but then publish the non-classified numbers separately. Being that it's not classified or sealed, it's a first amendment violation to prevent them from disclosing regular law enforcement requests.

Simple subtraction gives you the rest.
[ link to this | view in thread ]
Anonymous Coward, 18 Jun 2013 @ 1:30pm

Re: Re: Re:
Better idea, abuse the range request by lowering the accuracy.
Technically between 70,000 and 900 million contains the real number in the range.
[ link to this | view in thread ]