Tech Companies Shine Some Light on National Security Requests
Newly released reports from Web and telecom service providers such as Facebook reveal for the first time that tens of thousands of Americans have had the contents of their accounts sent to government investigators in the name of national security.
Not all companies release such information the same way, but by compiling several of their “transparency reports,” it is clear that a substantial portion of government requests for customer data are being made under the Foreign Intelligence Surveillance Act (FISA). The act allows for extensive electronic evidence to be gathered about people suspected of being involved in terrorism or espionage, and requests are made through a special court whose findings are generally secret.
It has always been legal for companies to report the number of conventional law enforcement requests. Since last summer, in the wake of Edward Snowden’s revelations about the National Security Agency’s surveillance efforts, the FBI and the Department of Justice have allowed companies to also report FISA requests made by the government.
Now Verizon, Google, Facebook, Yahoo, Tumblr, Microsoft, and AT&T have all disclosed FISA request numbers for the first six months of 2013. They chose the option to report FISA requests for “content” (posts, e-mails, texts, photos, etc.) and “non-content” (subscriber information and call records), together with the number of individual customers specified in each of those requests, in bands of 1,000. They also report National Security Letters (NSLs), which are requests from the FBI for limited customer data.

Facebook, Yahoo, and Tumblr reported total U.S. government requests, a figure that includes national security-related requests.

Microsoft and Google both report conventional law enforcement requests and national security-related requests separately.

Apple, LinkedIn, Dropbox, and Cloudflare, a content delivery network, chose the option to add up all national security requests, including FISA requests and National Security Letters, and report them as one number, in bands of 250.

Absent from the group of companies that chose to report national security requests is Twitter, which reported 833 conventional U.S. law enforcement requests that specified 1,323 individual accounts.
Several companies have expressed a desire to disclose national security requests with more precision, and in greater detail, in future reports. In Twitter’s latest report, Jeremy Kessel, manager of global legal policy, criticized the requirement to report in large ranges, which he said “do not provide meaningful or sufficient transparency for the public, especially for entities that do not receive a significant number of—or any—national security requests.”
The next round of transparency reports is due in about six months.
Keep Reading
Most Popular
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
How Rust went from a side project to the world’s most-loved programming language
For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Design thinking was supposed to fix the world. Where did it go wrong?
An approach that promised to democratize design may have done the opposite.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.