Feeds

Facebook, Microsoft beg Feds: Let us tell users what YOU asked for...

It's not as much as they think, honest...

Choosing a cloud hosting partner with confidence

Google, Facebook and Microsoft are all calling for more flexibility in disclosing more about that national security requests they receive from the US government.

The lobbying comes amid ongoing controversy about the NSA's controversial PRISM surveillance programme. The PRISM system is alleged to allow signals intelligence analysts to extract audio, photographs, emails, documents, and connection logs from users of internet services including Google (Gmail, YouTube, etc), Facebook, Microsoft (Hotmail, Skype, etc.), Apple, Yahoo, PalTalk and AOL, in order to track the online activities of foreign targets.

The system seems to involve access to a Dropbox-like system which fulfills wiretapping requests made by spooks under the US Foreign Intelligence Surveillance Act (FISA).

The secret system was exposed by CIA techie-turned-whistleblower Edward Snowden. Leaked slides about the scheme suggest annual running costs of just $20m a year; minuscule in the context of the NSA’s estimated overall budget of $10bn a year or more.

The number of requests disclosed by Microsoft, Google via PRISM is far lower than total number of law enforcement requests disclosed in a recent run of transparency reports from the internet giants.

In an open letter to the offices of the Attorney General and the Federal Bureau of Investigation, republished on its official blog, Google called for more flexibility to to publish data about government requests for disclosure made under national security laws.

Greater openness and transparency would help to dispel exaggerated public fears based on reports about PRISM without harming national security, David Drummond, chief legal officer at Google, argues.

Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.

We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.

Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.

Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.

Microsoft and Facebook are also calling on the US government to provide greater transparency about national security requests, as part of efforts to distance themselves from reports casting them as willing stooges in mass snooping on the internet activity of millions. Each firm wants the ability to publish the number and scope of data requests it receives from security agencies and law enforcement, Reuters reports.

Such details would allow the internet giants to fill in the blanks in so-called transparency reports that provide a tally of how internet firms respond to government requests for user data.

Lifting the veil

Google published its first transparency report in 2010, refining it over the years to include requests sorted by country. The latest US figures are available on Google's Transparency Report pages.

Twitter followed suit in July 2012, before releasing an updated version of its summary of requests from law enforcement in January. Microsoft released its first transparency report on how it responds to law enforcement requests back in March.

All these statistics offer only the vaguest ball park figures on so-called National Security Letters. A US District Court in California recently declared NSLs unconstitutional because recipients are prohibited from discussing them.

More importantly, NSLs don't include the number of FISA disclosures; or their scope, in terms of the number of people they affect.

Almost forgotten in the hullabaloo about the PRISM controversy is that Snowden also leaked an even more sensitive Foreign Intelligence Surveillance Court order to Verizon, obliging it to hand over call logs on all its customers every day until July.

We've still no real idea how much data is hoovered up by systems such as PRISM, how long it is retained, or how many people are affected. The leaked slides tell us that PRISM is the most frequently cited tool in NSA reports, but ignores other intelligence gleaned from deep-packet inspection of traffic as it crosses the internet.

In the absence of solid information, privacy-conscious businesses might be inclined to think the worst and even to look for alternatives to US-based cloud services. That's extremely bad news for the likes of Google, Microsoft and Amazon in particular. Hence, Google's efforts to lobby for the ability to be more open are in part, at least, commercially driven.

Twitter's chief lawyer, Alex Macgillivray, backed up calls for greater transparency:

®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
EMC, HP blockbuster 'merger' shocker comes a cropper
Stand down, FTC... you can put your feet up for a bit
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.