by Joe Mullin, ars technica
After the NSA leaks began last summer, tech companies asked for permission to reveal more information about what kind of user data they provide in response to Foreign Intelligence Surveillance Court orders.
Today, several companies including Google, Yahoo, LinkedIn, Facebook, and Microsoft are revealing the first information about the amount of user data they're handing over to FISA requests. The disclosures are very broad data that just gives a range of how many users had information requested on them. But it's a small victory for the group of companies, which pushed to be allowed to publish more about the data collection when they petitioned the intelligence court back in August.
However, the companies didn't get everything desired. Google, for instance, asked to break out the information in terms of "FISA orders based on probable cause," "Section 702 of FISA," "FISA Business Records," and "FISA Pen Register/Trap and Trace," but it apparently won't be allowed to go into such specifics.
Rather, the information is just broken down into FISA requests that get user content (think actual e-mails) and how many requests there were for "non-content" information. All of the information must be reported on a six-month delay, so the reports out today go up to mid-2013.
Here's the number of accounts that the government grabbed data from using FISA, broken down by company, for the most recent time period (January through June 2013). It's important to remember these numbers are not equal to the numbers of people being surveilled, since people can and do have multiple accounts.
All of the companies received less than 1,000 total requests in this time frame, suggesting that many of the requests are for large numbers of accounts. If Microsoft had 500 requests for information, for instance, and shared content on 15,000 accounts in response, that would be an average of 30 accounts per info request.
Here's the most relevant and recent data published today, from January to June of 2013:
Microsoft provided content on somewhere between 15,000-15,999 accounts.
Google provided content on somewhere between 9,000-9,999 accounts.
Facebook provided content on somewhere between 5,000-5,999 accounts.
Yahoo provided content on somewhere between 30,000-30,999 accounts.
LinkedIn provided content on somewhere between 0-249 accounts, in response to both National Security Letters (NSLs) and FISA requests.
The companies have more data available through the linked sites. Google provides data going back to 2009, and Microsoft provides data going back to 2011.
(Companies had the option of reporting the numbers in more narrow bands of 250, but only if they lumped both NSLs and FISA requests into the same number. Of the five companies, only LinkedIn chose to report in that manner.)
The companies sought the right to publish the additional information after the first batch of headlines about leaked NSA documents suggested that the government had direct access to servers at Google, Microsoft, and Facebook through the PRISM program. The companies denied that insinuation, later describing PRISM as more of a government-mandated lockbox of information.
"On June 6, The Guardian published a story mischaracterizing the scope and nature of Google's receipt of and compliance with foreign intelligence surveillance requests," wrote Google in its initial petition on the matter. "In particular, the story falsely alleged that Google provides the US government with 'direct access' to its servers."