NSA/FBI Got Access To Content Of Around 40,000 Yahoo/Google User Accounts In First Six Months Of 2013

from the it's-a-lot dept

Mon, Feb 3rd 2014 1:00pm — Mike Masnick

Last week, we noted that the DOJ and various internet companies had settled their legal fight, which concerned whether or not those companies could reveal the details of how many FISA Court requests they were receiving -- both in terms of how many requests they get and how many accounts are impacted. While Apple immediately released their information, showing very few users impacted, the real interest is in Google, Yahoo and to a lesser extent Facebook. Both Google and Yahoo have put out blog posts updating their transparency report numbers. It appears that both Yahoo and Google decided to go with "option 1" in the settlement, which lets them reports NSLs and FISA orders separately, but in bands of 0-999. The big question with both of them, really, was just how many "customer accounts affected" there would be, and both presented numbers (in slightly different formats). Google showed a historical listing:

Yahoo just shows the most recent:

If you remember, by choosing Option 1, the companies could actually show "customer accounts affected" -- if they had chosen option 2, they could only show targeted customers, leaving out others who were affected as well. But here we see that the number of accounts affected is much larger than the number of requests (though certainly much more limited than some assumed). That is, these requests (which make up a large part of the PRISM program) impact thousands of users, but not millions or "all" as some have claimed. There may very well be other NSA surveillance programs that get data from many more users, but not the FISA orders/PRISM.

Concerning the Google data, you can see that there's been a pretty big increase in the number of users impacted over the past few years, peaking at the end of 2012, but that drop in the beginning of 2013 may be just seasonal. Meanwhile, it's interesting to see that a much larger number of Yahoo accounts have been impacted. Of course, for all we know, there could have been one FISA order to Google and three to Yahoo and then the number of accounts impacted would be around 10,000 per order. But, without more granularity, it's impossible to tell.

What does seem clear is that there are about 40,000 accounts on Yahoo or Google to which the NSA/FBI and others in the intelligence community have access.

Update: Facebook and Microsoft have updated their info as well and it's more of the same:

Microsoft, a major surveillance partner for the US government, received fewer than 1,000 orders from the Fisa court for communications content during the same period, related to between 15,000 and 15,999 “accounts or individual identifiers”.

The company, which owns the internet video calling service Skype, also disclosed that it received fewer than 1,000 orders for metadata – which reveals communications patterns rather than individual message content – related to fewer than 1,000 accounts or identifiers.

[....] Facebook disclosed that during the first half of 2013, it turned over content data from between 5000 and 5999 accounts – a rise of about 1000 from the previous six month period – and customer metadata associated with up to 999 accounts.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: accounts, content, fbi, fisa, fisa orders, fisc, nsa, prism, surveillance, transparency report
Companies: google, yahoo

27 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

This comment has been flagged by the community. Click here to show it

out_of_the_blue, 3 Feb 2014 @ 1:20pm

Yay! "it's impossible to tell." -- JUST AS I TOLD YOU: MEANINGLESS NUMBERS.
But what I want to know is how many MORE of these USELESS items are you going to run about meaningless numbers? -- Cause I HOOT every time and want to look forward to more hooting!
Google. Collecting and collating every bit of you. (176 of 195)

09:19:59[k-362-5]
[ link to this | view in chronology ]
- Anonymous Coward, 3 Feb 2014 @ 1:30pm
  
  Re: Yay! "it's impossible to tell." -- JUST AS I TOLD YOU: MEANINGLESS NUMBERS.
  If OOTB makes a post, and no one bothers to read it, did he actually tell anyone anything?
  [ link to this | view in chronology ]
  - Anonymous Coward, 3 Feb 2014 @ 1:34pm
    
    Re: Re: Yay! "it's impossible to tell." -- JUST AS I TOLD YOU: MEANINGLESS NUMBERS.
    Yes. Just beyond the Source Wall.
    [ link to this | view in chronology ]
    - PRMan, 3 Feb 2014 @ 1:38pm
      
      Re: Re: Re: Yay! "it's impossible to tell." -- JUST AS I TOLD YOU: MEANINGLESS NUMBERS.
      So only Lex Luthor and Darkseid can understand him? Nah, that's giving him too much credit.
      [ link to this | view in chronology ]
- Anonymous Coward, 3 Feb 2014 @ 2:08pm
  
  Re: Yay! "it's impossible to tell." -- JUST AS I TOLD YOU: MEANINGLESS NUMBERS.
  Yay it's impossible to tell how many times people's rights were violated without due cause!
  
  You dolt.
  [ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2014 @ 1:28pm

is it any wonder that the requests get 'rubber stamped' by the FISC judges? they must be worn out doing it!

no wonder either why one of them put in a letter stating they didn't want any more work because they wouldn't be able to do their job properly! their arms must get cramp something rotten!
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 3 Feb 2014 @ 1:57pm

Google
Google is Swell!
[ link to this | view in chronology ]
- Anonymous Coward, 3 Feb 2014 @ 2:02pm
  
  Re: Google
  Lol
  [ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2014 @ 2:04pm

"you can see that there's been a pretty big increase in the number of users impacted over the past few years"

That's the issue I was worried about when I saw the data. It may not be "everyone" or "all" accounts, but that number is jumping significantly when terrorism appears to be slowing (especially in/on US soil)...
[ link to this | view in chronology ]
- That One Guy (profile), 3 Feb 2014 @ 2:14pm
  
  Re:
  I'd disagree, 'official' terrorism has been rising for years(after all, haven't countless people from the government and private companies been constantly trying to keep people afraid and panicky so they'll give up their rights?), it's just 'unofficial' terrorism(the kind that has an actual body-count) that's been falling, probably from them realizing that they've been made redundant.
  [ link to this | view in chronology ]
Anonymoose, 3 Feb 2014 @ 3:55pm

Smoking mirrors
..of course, the picture this paints in aggregate says 'thousands', which is all the talking point anyone needs to try to contain outrage. These numbers reflect what the NSA has asked companies for (via rubber stamp, etc).

But the requests aren't even a bug on the tip of the iceberg vs. the total volume collected on the net's backbone, or compromised via 'focused' hacking and backdoor access.

These handful of thousands are not what the feds have been trapping. They've been trapping everything. On and off the internet. Transaction records, travel patterns, communications, associations, cat pictures posted, reading habits, blah blah blah.

But this agreement allows everyone to pretend that this is contained, non-abusive, and that everyone is on the up and up and it's no big deal.
[ link to this | view in chronology ]
- btrussell (profile), 5 Feb 2014 @ 3:32am
  
  Re: Smoking mirrors
  It is only about one every 6 1/2 minutes, 24 hours a day, 7 days a week. When you are truly paranoid, that is not that many people to be afraid of./s
  [ link to this | view in chronology ]
  - tbg, 5 Feb 2014 @ 7:51pm
    
    Re: Re: Smoking mirrors
    neat name, your first would not be brent would it? lol
    [ link to this | view in chronology ]
    - btrussell (profile), 7 Feb 2014 @ 1:51am
      
      Re: Re: Re: Smoking mirrors
      Thanks! No, but it is my real name initials.
      [ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2014 @ 5:10pm

1
1
1
1......is too fucking to much.......yeah, i said it, I DO NOT TRUST THEIR LYING MORALITY AUTHORITARIAN THREATENING ILLUSIONARY BULLSHIT
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

krolork (profile), 3 Feb 2014 @ 5:31pm

We need a revolution.
[ link to this | view in chronology ]
Anonymous Coward, 3 Feb 2014 @ 7:13pm

So we're seeing X (thousands) of requests of up to Y (tens of thousands) of accounts in size.

With Z (unknown) overlap of targetted accounts per requests,

( X * Y ) - Z = we've-seen-too-much

How many of those X requests we're submitted as evidence to the disinfecting light of a courtroom?

If zero (or a secret number) then we cannot know if it was "worth it".

We must conclude these folks are fisherman in the sense that they go fishing, and not in the sense that they catch fish.
[ link to this | view in chronology ]
Ninja (profile), 4 Feb 2014 @ 2:17am

We now know this is mainly targeting regular citizens that happen to be engaged in something the Govt dislike or being of some ethnic group (Muslims!) perceived as threats. Real criminals probably don't even use those services (not the worst ones at least, we still have the dumb ones out there).
[ link to this | view in chronology ]
[deleted], 4 Feb 2014 @ 5:45am

Wait, there is more!
Per Holder, there were some 50k convictions using evidence laundering, before they started backpaddling and admitted in open court.

Here is my question:

If NSA tipped off and FBI found that one suspect is up to no good, while another in same case is clear, did they withheld exculpatory evidence as well?

If so, then we have way bigger mess then they admit. And its outright criminal.

Therefore, I am patiently awaiting #ggreenwald to release Supreme Court justices dirt in due course. It may turn, they were on board all along.
[ link to this | view in chronology ]
FM Hilton, 4 Feb 2014 @ 10:50am

Funny, this happened shortly after
I blame Mike totally for this:

The same day that he posted this article, Yahoo decided to start crapping out. First, the whole thing went down, rather a very startling event. I'd never seen that happen before, and I've used it for over 15 years. Total disconnection.

Second, now the darn bookmarks and other sets on my yahoo page are crapping out.

I think the NSA is onto you, Mike, and they're punishing people for using it.

I hate conspiracy theorists, but I'm close to becoming one, after this.
[ link to this | view in chronology ]
rbg, 4 Feb 2014 @ 1:09pm

Apple Technicians play dumb
yes and if you get put on the list, you get signed up as a "developer" customer in that Apple uses your account for software development. Applecare technicians have been trained to play dumb. When you find an obvious sign that something is not right the technician asks "what are you doing looking at the
/var folder" come on get a clue Apple.
[ link to this | view in chronology ]
tbg (profile), 4 Feb 2014 @ 1:15pm

This is what made me a target
I helped a friend write a complaint to a Judicial Ethics Commission pointing out
blatant fraud, and unethical conduct by a Judge and Amicus Attorney.
Approximately 4 days before the complaint was to be filed, I had 3 windows based computers on my home network rendered to Digit zeros with with evidence documents and other exhibits for the complaint destroyed.
At the time, I didn't really know what happened and just assumed it was a virus that hit my network and all I needed to do was to do were reinstalls of the computer operating systems and all would be well. I was wrong. Even to this day, I continue to have network and computer problems.
After the network attack, the windows computers were rendered as junk. I ordered a new Macbook Pro thinking that a new computer would solve the network problems. The network problems continued. Shortly after the new Macbook Pro was delivered to my home from the Apple online store, I discovered that the EFI Firmware Password had been set before it was delivered. Somebody had tampered with this computer before it arrived at my home. Apple stated that they did not know how this would have happened and they agreed to replace the computer with the one that I
am now using.
I continued to have problems.The recent NSA leaks confirmed my suspicions that I was targeted, but I still have a hard time believing that the government would do such a thing.
After the Snowden revelations, I was determined that I was going to find out for sure and press the issue with Apple. I could never get Apple to do any followup calls to address my issues. Before this
ordeal, I knew very little about computers, but I have educated myself to an extent and Apple cannot or will not answer my questions. When no Sr. Apple Technician in the United States will return my calls, it seems that all my calls to Applecare are routed to Applecare in Canada.
Recently a Sr. Level Apple Advisor in Canada stated to me that when Apple initially replaced the computer which had the firmware tampered with, they replaced it with a computer that did not have the standard operating system that it should have had. The replacement computer had a modified operating system installed.

This is when Apple technicians start giving the run around and never return calls which is where I am at now. I am tired of them asking me "Why did you install that font" What are you doing in Terminal? It's my computer and I can look at anything i want.
[ link to this | view in chronology ]
- Clownius, 5 Feb 2014 @ 8:05am
  
  Re: This is what made me a target
  Serious nuke it. Wander a few towns over and grab a generic system and put Linux on it. Depending on your confidence go for a distribution thats either simple or super secure.
  
  Trust no one....
  
  That system will be hundreds of times more secure even with a simple distribution of Linux than one you believe has been tampered with.
  [ link to this | view in chronology ]
- Anonymous Coward, 5 Feb 2014 @ 2:29pm
  
  Re: This is what made me a target
  If you're gonna fight the powah, better spend some money on vps's which you vpn through. Only one might be more than enough. Gotta know what good companies out there exist, there's loads. And if even more paranoid, run IPBlock (linux) or peerblock on windows but do not use their useless free lists, there is one specific german made pay list that is really good at making attempts at communicating with your computer falling into a black hole...
  [ link to this | view in chronology ]
  - Anonymous Coward, 5 Feb 2014 @ 2:30pm
    
    Re: Re: This is what made me a target
    Also : your files aren't destroyed most likely....well now they are that you formatted over those hard drives...but had you installed an OS and a good data recovery program on a different drive..your data would be most likely retrievable.
    [ link to this | view in chronology ]
    - tbg, 5 Feb 2014 @ 4:18pm
      
      Re: Re: Re: This is what made me a target
      no I am not going to fight anyone other than document the cases and abnormalities with applecare so there will come a point when I can say I have called in to applecare over 1000 times and they never fixed the problem
      [ link to this | view in chronology ]
  - tbg, 5 Feb 2014 @ 4:16pm
    
    Re: Re: This is what made me a target
    The powah as you refer to them are nothing more than a band of rogue criminals . They will be caught. It's real interesting when I call applecare and start have them go through the font book step by step. Everyone especially applecare that the base of a system starts with the fonts. If you have bad fonts the whole system is bad. It looks like now I am trying to shore up the font book and get rid of all the red xs
    [ link to this | view in chronology ]