Original URL: https://www.theregister.com/2014/01/28/us_gov_allows_some_national_security_disclosures/
Tech giants CAN disclose US spooks' data demands - but with heavy restrictions
Related: Apple received just 250 data requests in 2013
Posted in Security, 28th January 2014 12:57 GMT
Apple has announced that it received less than 250 requests for data from US intelligence agencies in the first half of last year after the Obama administration slightly loosened restrictions on disclosing spooks' data requests.
After months of negotiations between the Obama administration and tech firms, from Yahoo! to Facebook, the Department of Justice filed with the secretive Foreign Intelligence Surveillance Court to allow "more detailed disclosures" about the amount of data the government tries to get out of web companies and communications providers.
The change of heart follows a speech earlier this month by President Obama, when he said he would take steps to reform America's intelligence operations. These would include more declassification of future opinions of the surveillance court that have "broad privacy implications".
The new rules allow tech firms to report numbers of national disclosure orders they get listed by the thousand, but with no specifics about the type of data that's requested – and potential delays in disclosure of up to six months.
Agencies also get elbow room on any requests they make to new platforms or services that haven't already been outed as subject to intelligence orders, getting a two-year delay to hide the fact that they're pursuing new avenues of information.
Although companies are able to disclose more information about intelligence orders, they're still restricted by a number of rules - hence the vague report from Apple. The DoJ allows communications providers to report the number of "national security letters" (NSL) - administrative subpoenas typically used by FBI agents to demand data related to national security - received or the number of customer accounts affected by NSLs in the thousands.
Companies are also allowed to report the number of Foreign Intelligence Surveillance Act (FISA) requests for content they get in the thousands, the number of customer "selectors" - meaning identifiable information like email addresses or usernames - in the thousands and FISA orders for "non-content" like metadata, again restricted to the thousands.
But if companies want to narrow the numbers down under a thousand, they have to conflate NSLs and FISA orders into a single number reported in bands of 250 or affected customer selectors in the same bands. Firms are only allowed to report every six months, subject to the six-month or potential two-year delays.
Apple went for the second option in reporting its figures for the six months up to the end of June last year, when it said it got under 250 intelligence orders in total. The company also said that it received 927 law enforcement account requests for information on 2,330 accounts and that data was disclosed on 747 accounts and non-content data was revealed for 601 of the requests.
"The number of accounts involved in national security orders is infinitesimal relative to the hundreds of millions of accounts registered with Apple," the firm said. ®