Facebook and Microsoft – two companies tagged as giving the Federal Bureau of Investigation (FBI) and National Security Agency (NSA) direct access to their servers for surveillance purposes – are echoing Google’s call for transparency in government surveillance requests.
Google on Tuesday sent a letter to US Attorney General Eric Holder and the FBI and published this copy on its Public Policy blog.
In the letter, Google’s chief legal officer, David Drummond, wrote to Holder seeking permission to publish “aggregate numbers of national security requests, including Foreign Intelligence Surveillance Act [FISA] disclosures”.
Facebook’s General Counsel Ted Ullyot chimed in with a post saying that the company would love to give a transparency report, which both Google and Twitter now do, but Facebook does not.
But such a report would by necessity be misleading, Ullyot wrote, given that government restrictions on disclosure would poke so many holes in it:
"In the past, we have questioned the value of releasing a transparency report that, because of exactly these types of government restrictions on disclosure, is necessarily incomplete and therefore potentially misleading to users.
We would welcome the opportunity to provide a transparency report that allows us to share with those who use Facebook around the world a complete picture of the government requests we receive, and how we respond."
Such nondisclosure obligations regarding how many FISA requests Google receives and the number of user accounts they cover just fuel speculation that “our compliance with these requests gives the U.S. government unfettered access to [Google] users’ data,” which is false, Drummond wrote in his letter.
According to the BBC, Microsoft has also said that greater transparency on government requests for information “would help the community understand and debate these important issues”.
For whatever reason, Twitter was absent from the initial list of nine major internet companies specified as giving the government direct access to servers in information leaked to the Washington Post and the Guardian by (likely soon to be “former”) Booz Allen Hamilton employee Edward Snowden.
Regardless, on Tuesday, Twitter threw its support behind those who’ve demanded more transparency around national security letters (NSLs), such as Google, Senator Jeff Merkley (who, along with 7 other senators of both parties, is pushing a bill to declassify FISA court rulings), and others.
Twitter General Counsel Alex Macgillivray’s Twitter message to that effect:
Completely agree with @Google, @SenJeffMerkley & others - we'd like more NSL transparency and @Twitter supports efforts to make that happen
Outrage over the surveillance program, known as PRISM*, continues to ignite, regardless of the Obama administration’s strenuous efforts to poo-poo the media attention and public reaction sparked by what many interpret as the we-eavesdrop-on-everything program.
For its part, the American Civil Liberties Union (ACLU) has filed a lawsuit against the government over its “dragnet” collection of domestic phone call logs, saying that it’s illegal and asking a judge to order that the program be stopped and its records purged.
Beyond calling for more transparency, the idea of a back door into their servers has seemingly outraged the nine internet companies.
Facebook founder and CEO Mark Zuckerberg, for one, crafted a personal post on Friday to both ask for more transparency and to address what he called “outrageous press reports about PRISM.”*
From his post:
"We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday."
At this point, much of the vehement denial over having a back door to servers could well be attributed to how, exactly, one defines “back door”.
The New York Times, among others, has sketched out how the information hand-off takes place:
Instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key....The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.
....FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before.
*In light of director of national intelligence James R. Clapper’s corrections [PDF] about the project, we know that PRISM is just the name of the computer system that makes the data-Hoover-machine run and not the name of the project itself.
But given that the acronym for the program’s real name – CIPS702FISA, or the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act – is unpronounceable, I think I’ll just pretend, until somebody thinks up a more elegant name, that this whole thing is still called PRISM.