Internet Giants Disclose FISA Surveillance Requests For Customer Data

A transparency agreement has allowed Google, Yahoo, Microsoft and others to disclose FISA requests for the first time

2 min read
illustration of business cards with company logos
Illustration: Randi Klett; Images: iStockphoto

Technology giants such as Google, Microsoft and Yahoo have started disclosing U.S. government requests for customer information under a new agreement reached last month. But the first such reports on the controversial Foreign Intelligence Surveillance Act (FISA) orders remain limited in how much detail they reveal about the surveillance activities of the U.S. National Security Agency.

The agreement allows companies older than two years old to disclose the number of FISA orders they receive as increments of 1 000—but only with a six-month reporting delay. Previously, companies were prohibited by law from disclosing any information on FISA orders that represent surveillance warrants targeting customer data. FISA orders can target customer "content" such as emails, instant messages and photos, as well as "non-content data" such as a customer's name, location, IP address and billing information.

Some companies had already begun disclosing the number of National Security Letters (NSL) they received. Such letters are issued primarily by the FBI to obtain customer records as part of an extra-judicial process, but do not target customer content details. Companies can also report on NSL requests without observing the six-month delay.

Google, Microsoft, Facebook and Yahoo chose to disclose FISA requests and NSL requests separately in increments of 1 000 (such as a range between 0 and 999). Apple and LinkedIn took a different route under the new agreement by disclosing their FISA and NSL requests combined as increments of 250. Both had fewer than 250 in the first six months of 2013.

The graph below shows which companies had the largest number of affected customers.

1 Jan–30 Jun, 2013

Chart: Josh Romero©2014 IEEE Spectrum

Individual companies also disclosed more information on the various surveillance requests they received in their own reports.

Watchdog groups remain skeptical that the new disclosure agreement provides more meaningful transparency regarding government surveillance, according to The Guardian. So far, counting requests is essentially meaningless, as almost every company has received fewer than 1 000 requests in each six-month period. Spencer Ackerman, reporter for The Guardian, also pointed out that the NSA still collects data outside of the FISA process by tapping into the communications infrastructure of Silicon Valley companies such as Google and Yahoo under executive order 12333.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
An illustration of a series
Carl De Torres

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less