Facebook, Microsoft beg Feds: Let us tell users what YOU asked for...

It's not as much as they think, honest...

The Essential Guide to IT Transformation

Google, Facebook and Microsoft are all calling for more flexibility in disclosing more about that national security requests they receive from the US government.

The lobbying comes amid ongoing controversy about the NSA's controversial PRISM surveillance programme. The PRISM system is alleged to allow signals intelligence analysts to extract audio, photographs, emails, documents, and connection logs from users of internet services including Google (Gmail, YouTube, etc), Facebook, Microsoft (Hotmail, Skype, etc.), Apple, Yahoo, PalTalk and AOL, in order to track the online activities of foreign targets.

The system seems to involve access to a Dropbox-like system which fulfills wiretapping requests made by spooks under the US Foreign Intelligence Surveillance Act (FISA).

The secret system was exposed by CIA techie-turned-whistleblower Edward Snowden. Leaked slides about the scheme suggest annual running costs of just $20m a year; minuscule in the context of the NSA’s estimated overall budget of $10bn a year or more.

The number of requests disclosed by Microsoft, Google via PRISM is far lower than total number of law enforcement requests disclosed in a recent run of transparency reports from the internet giants.

In an open letter to the offices of the Attorney General and the Federal Bureau of Investigation, republished on its official blog, Google called for more flexibility to to publish data about government requests for disclosure made under national security laws.

Greater openness and transparency would help to dispel exaggerated public fears based on reports about PRISM without harming national security, David Drummond, chief legal officer at Google, argues.

Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.

We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.

Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.

Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.

Microsoft and Facebook are also calling on the US government to provide greater transparency about national security requests, as part of efforts to distance themselves from reports casting them as willing stooges in mass snooping on the internet activity of millions. Each firm wants the ability to publish the number and scope of data requests it receives from security agencies and law enforcement, Reuters reports.

Such details would allow the internet giants to fill in the blanks in so-called transparency reports that provide a tally of how internet firms respond to government requests for user data.

Lifting the veil

Google published its first transparency report in 2010, refining it over the years to include requests sorted by country. The latest US figures are available on Google's Transparency Report pages.

Twitter followed suit in July 2012, before releasing an updated version of its summary of requests from law enforcement in January. Microsoft released its first transparency report on how it responds to law enforcement requests back in March.

All these statistics offer only the vaguest ball park figures on so-called National Security Letters. A US District Court in California recently declared NSLs unconstitutional because recipients are prohibited from discussing them.

More importantly, NSLs don't include the number of FISA disclosures; or their scope, in terms of the number of people they affect.

Almost forgotten in the hullabaloo about the PRISM controversy is that Snowden also leaked an even more sensitive Foreign Intelligence Surveillance Court order to Verizon, obliging it to hand over call logs on all its customers every day until July.

We've still no real idea how much data is hoovered up by systems such as PRISM, how long it is retained, or how many people are affected. The leaked slides tell us that PRISM is the most frequently cited tool in NSA reports, but ignores other intelligence gleaned from deep-packet inspection of traffic as it crosses the internet.

In the absence of solid information, privacy-conscious businesses might be inclined to think the worst and even to look for alternatives to US-based cloud services. That's extremely bad news for the likes of Google, Microsoft and Amazon in particular. Hence, Google's efforts to lobby for the ability to be more open are in part, at least, commercially driven.

Twitter's chief lawyer, Alex Macgillivray, backed up calls for greater transparency:


The Essential Guide to IT Transformation

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Microsoft says 'weird things' can happen during Windows Server 2003 migrations
Fix coming for bug that makes Kerberos croak when you run two domain controllers
Cisco says network virtualisation won't pay off everywhere
Another sign of strain in the Borg/VMware relationship?
Forrester says Australia, not China, is next boom market for cloud
It's cloudy but fine down under, analyst says
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.