WASHINGTON – The United States agreed to give technology firms the ability to publish broad details of how their customer data has been targeted by US spy agencies, officials said Monday.
Facing a legal challenge and a furious public debate, Attorney General Eric Holder and Director of National Intelligence James Clapper said the companies would now be allowed to disclose figures on consumer accounts requested.
“The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers,” the officials said in a joint statement.
In a letter to tech giants Facebook, Google, LinkedIn, Microsoft and Yahoo, the Justice Department freed them to release the approximate number of customer accounts targeted.
President Barack Obama’s administration has faced pressure from the tech sector following leaked documents outlining vast surveillance of online and phone communications. The companies have said the reports have already begun to affect their business.
Facebook, Google, LinkedIn, Microsoft and Yahoo, which sued for the right to publish more data, said in a joint statement they were pleased with the settlement.
“We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive,” the companies said.
“We’re pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.”
Under the agreement filed with the secretive Foreign Intelligence Surveillance Court the companies will be able to disclose the numbers, within ranges.
They will have an option to reveal within bands of 1,000 the numbers of “national security letters” and specific court orders. Another option will be to disclose, in bands of 250, all the national security requests, lumped together.
The reports will have a six-month lag time, so data for the second half of 2014 may be published in mid-2015, according to the agreement.
Previously, the existence of orders made by the secret for access to private online data was itself classified, to the outrage of the firms.
In addition to the bare numbers of targeted consumers, the companies will also be permitted to disclose the number but not the nature of selection criteria for broader Internet sweeps.
Civil liberties groups welcomed the deal, while arguing for even more transparency.
“This is a victory for transparency and a critical step toward reining in excessive government surveillance,” said Alex Abdo, an ACLU attorney.
But Abdo said more is needed: “Congress should require the government to publish basic information about the full extent of its surveillance, including the significant amount of spying that happens without the tech companies’ involvement.”
Kevin Bankston of the New America Foundation’s Open Technology Institute, called the news “an important victory in the fight for greater transparency around the NSA’s surveillance programs” but said the agreement “falls far short of the level of transparency that an unprecedented coalition of Internet companies, privacy advocates and civil liberties organizations called for this summer.”
“Meaningful transparency means giving companies the ability to publish the specific number of requests they receive for specific types of data under specific legal authorities,” Bankston said.
“Fuzzing the numbers into ranges of a thousand — and even worse, lumping all of the different types of surveillance orders into a single number — serves no national security purpose while making it impossible to effectively evaluate how those powers are being used.”
US tech firms have claimed that reports on the US government’s secretive data collection programs have distorted how they work with intelligence and law enforcement. The firms have been asking for permission to disclose more on the nature of the requests and what is handed over.
Google’s petition said that despite reports to the contrary, the US government “does not have direct access to its servers” and that it only complies with “lawful” requests.
The issue caught fire after Edward Snowden, a former IT contractor at the National Security Agency, revealed that US authorities were tapping into Internet user data.
[Updated]
