Internet Giants Disclose FISA Surveillance Requests For Customer Data

Illustration: Randi Klett; Images: iStockphoto

Technology giants such as Google, Microsoft and Yahoo have started disclosing U.S. government requests for customer information under a new agreement reached last month. But the first such reports on the controversial Foreign Intelligence Surveillance Act (FISA) orders remain limited in how much detail they reveal about the surveillance activities of the U.S. National Security Agency.

The agreement allows companies older than two years old to disclose the number of FISA orders they receive as increments of 1 000—but only with a six-month reporting delay. Previously, companies were prohibited by law from disclosing any information on FISA orders that represent surveillance warrants targeting customer data. FISA orders can target customer "content" such as emails, instant messages and photos, as well as "non-content data" such as a customer's name, location, IP address and billing information.

Some companies had already begun disclosing the number of National Security Letters (NSL) they received. Such letters are issued primarily by the FBI to obtain customer records as part of an extra-judicial process, but do not target customer content details. Companies can also report on NSL requests without observing the six-month delay.

Google, Microsoft, Facebook and Yahoo chose to disclose FISA requests and NSL requests separately in increments of 1 000 (such as a range between 0 and 999). Apple and LinkedIn took a different route under the new agreement by disclosing their FISA and NSL requests combined as increments of 250. Both had fewer than 250 in the first six months of 2013.

The graph below shows which companies had the largest number of affected customers.

1 Jan–30 Jun, 2013

Chart: Josh Romero
©2014 IEEE Spectrum

Individual companies also disclosed more information on the various surveillance requests they received in their own reports.

Watchdog groups remain skeptical that the new disclosure agreement provides more meaningful transparency regarding government surveillance, according to The Guardian. So far, counting requests is essentially meaningless, as almost every company has received fewer than 1 000 requests in each six-month period. Spencer Ackerman, reporter for The Guardian, also pointed out that the NSA still collects data outside of the FISA process by tapping into the communications infrastructure of Silicon Valley companies such as Google and Yahoo under executive order 12333.

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement