Feeds

Facebook, Microsoft beg Feds: Let us tell users what YOU asked for...

It's not as much as they think, honest...

Secure remote control for conventional and virtual desktops

Google, Facebook and Microsoft are all calling for more flexibility in disclosing more about that national security requests they receive from the US government.

The lobbying comes amid ongoing controversy about the NSA's controversial PRISM surveillance programme. The PRISM system is alleged to allow signals intelligence analysts to extract audio, photographs, emails, documents, and connection logs from users of internet services including Google (Gmail, YouTube, etc), Facebook, Microsoft (Hotmail, Skype, etc.), Apple, Yahoo, PalTalk and AOL, in order to track the online activities of foreign targets.

The system seems to involve access to a Dropbox-like system which fulfills wiretapping requests made by spooks under the US Foreign Intelligence Surveillance Act (FISA).

The secret system was exposed by CIA techie-turned-whistleblower Edward Snowden. Leaked slides about the scheme suggest annual running costs of just $20m a year; minuscule in the context of the NSA’s estimated overall budget of $10bn a year or more.

The number of requests disclosed by Microsoft, Google via PRISM is far lower than total number of law enforcement requests disclosed in a recent run of transparency reports from the internet giants.

In an open letter to the offices of the Attorney General and the Federal Bureau of Investigation, republished on its official blog, Google called for more flexibility to to publish data about government requests for disclosure made under national security laws.

Greater openness and transparency would help to dispel exaggerated public fears based on reports about PRISM without harming national security, David Drummond, chief legal officer at Google, argues.

Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.

We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.

Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.

Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.

Microsoft and Facebook are also calling on the US government to provide greater transparency about national security requests, as part of efforts to distance themselves from reports casting them as willing stooges in mass snooping on the internet activity of millions. Each firm wants the ability to publish the number and scope of data requests it receives from security agencies and law enforcement, Reuters reports.

Such details would allow the internet giants to fill in the blanks in so-called transparency reports that provide a tally of how internet firms respond to government requests for user data.

Lifting the veil

Google published its first transparency report in 2010, refining it over the years to include requests sorted by country. The latest US figures are available on Google's Transparency Report pages.

Twitter followed suit in July 2012, before releasing an updated version of its summary of requests from law enforcement in January. Microsoft released its first transparency report on how it responds to law enforcement requests back in March.

All these statistics offer only the vaguest ball park figures on so-called National Security Letters. A US District Court in California recently declared NSLs unconstitutional because recipients are prohibited from discussing them.

More importantly, NSLs don't include the number of FISA disclosures; or their scope, in terms of the number of people they affect.

Almost forgotten in the hullabaloo about the PRISM controversy is that Snowden also leaked an even more sensitive Foreign Intelligence Surveillance Court order to Verizon, obliging it to hand over call logs on all its customers every day until July.

We've still no real idea how much data is hoovered up by systems such as PRISM, how long it is retained, or how many people are affected. The leaked slides tell us that PRISM is the most frequently cited tool in NSA reports, but ignores other intelligence gleaned from deep-packet inspection of traffic as it crosses the internet.

In the absence of solid information, privacy-conscious businesses might be inclined to think the worst and even to look for alternatives to US-based cloud services. That's extremely bad news for the likes of Google, Microsoft and Amazon in particular. Hence, Google's efforts to lobby for the ability to be more open are in part, at least, commercially driven.

Twitter's chief lawyer, Alex Macgillivray, backed up calls for greater transparency:

®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.