WASHINGTON – The U.S. government and leading Internet companies Monday announced a compromise that will allow those companies to reveal more information about how often they are ordered to turn over customer information to the government in national security investigations.
The Justice Department reached agreements with Google Inc., Microsoft Corp., Yahoo Inc., Facebook Inc. and LinkedIn Corp. that will resolve those companies’ legal challenges before the Foreign Intelligence Surveillance Court. The companies had asked judges to allow them to disclose data on national security orders the companies have received under the Foreign Intelligence Surveillance Act.
The delivery of customer information to the government from Internet companies has been under examination in the United States following leaks about National Security Agency surveillance by former NSA systems analyst Edward Snowden.
Some of those companies were among several U.S. Internet businesses identified as giving the NSA access to customer data under the program known as PRISM. But the companies had said they wanted to make the disclosures in order to correct inaccuracies in news reports and to calm public speculation about the scope of the companies’ cooperation with the government. The providers wanted to show that only a tiny fraction of their customers’ accounts have been subject to legal orders.
The government had opposed those requests, but reached a deal with the companies late last week that will give customers a better idea of how much information is being collected.
“Permitting disclosure of this aggregate data addresses an important area of concern to communications providers and the public,” Attorney General Eric Holder and Director of National Intelligence James Clapper said in a joint statement.
The five companies welcomed the deal, but said more needs to be done. “We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive,” the companies said in a joint statement. “While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.”
Apple also released a statement. “We believe strongly that our customers have the right to understand how their personal information is being handled, and we are pleased the government has developed new rules that allow us to more accurately report law enforcement orders and national security orders in the U.S.,” the company said on its website.
Sen. Ron Wyden called it a “positive first step.” “Though there is still a great deal of work to do, today’s announcement is good for American companies and the Americans they employ and serve,” he said.
Following the Snowden leaks last summer, the FBI allowed communications providers to report in a limited way the number of orders for data they received from the government and the number of accounts affected by such orders. However, the FBI only agreed to disclosure of a single, aggregate number of criminal and national security-related orders to the companies from all U.S. governmental entities, plus local and state entities.
Under the compromise announced Monday, Internet companies will be able to release more information, but still only in very general terms when it comes to national security investigations. They can report the number of criminal-related orders from the government. They also will be able to release, rounded to the nearest 1,000, the number of secret national security-related orders from government investigators; the number of national security-related orders from the FISA court, and the number of customers affected by both. In the FISA orders, the companies will be able to say the number of requests for personal information about their customers versus their actual e-mails.
The companies can also choose a simplified reporting process that allows them to report the number of criminal-related orders, and then national security or intelligence orders in increments of 250 and the total number of customers targeted, also in groups of 250.
“These new reporting methods enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government,” Deputy Attorney General James Cole said in a letter to the five Internet companies.
The companies will have to delay releasing the number of national security orders by six months. They also had to promise that if they come up with new technology or new forms of communication, they are not able to reveal that the government can tap into that new technology for two years.
The American Civil Liberties Union, which filed a brief supporting the tech firms in their bid to disclose more information, said Monday that the deal “partially” lifts an information gag on the companies. But the group praised the agreement as “a victory for transparency.”
Alex Abdo, a lawyer with the ACLU’s National Security Project, said: “It is commendable that the companies pressed the government for more openness, but even more is needed. Congress should require the government to publish basic information about the full extent of its surveillance.”