Tech Companies Shed Light On U.S. Government Information Requests
“If you want to keep a secret, you must also hide it from yourself.” George Orwell 1984.
In today’s world, the things we say and do online leave behind ever growing trails of personal information. We entrust our emails, conversations, searches, location information and so much more to companies like Facebook and Google with every click of the mouse. But what happens when the United States Government asks these companies to hand over their users’ so called private information?
Last week, Google, Facebook, Yahoo, and Microsoft released details about the number of information requests that they receive from the U.S. government under the Foreign Intelligence Surveillance Act (FISA), a controversial and fairly unknown law that facilitates several of the National Security Agency’s most clandestine surveillance programs. FISA was originally enacted in 1970 and has been amended in recent years to include the physical and electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers” – which may include American citizens and permanent residents suspected of espionage or terrorism.
According to the reports, tens of thousands of customers have their data turned over to the U.S. government every six months under FISA – but the requests seem to involve only a small fraction of the total number of user accounts at the tech companies.
Hoping to show limited involvement in controversial surveillance efforts, the tech industry has pushed for greater transparency. Indeed, these reports come about two weeks after the tech giants reached a deal with the government to be more transparent about the requests – but it’s a compromise that privacy and civil liberties watchdogs say doesn’t go far enough.
For example the tech companies are still prohibited from revealing the information requests in a timely and specified manner. The reports are subject to a six-month long delay before publication, and the terms of the agreement prevent companies from itemizing the data collections. Specifically, the companies are only allowed to disclose number amounts in broad bands of 1,000 – so the publications contain numerical ranges, such as 0-999, making it impossible to know the actual number of FISA requests or user accounts in question.
According to Kevin Bankston, the policy director for the Open Technology Institute in Washington, the amount of detailed information companies are able to provide about their involvement in U.S. surveillance is “far less than what we need for adequate accountability from the government.”
And the tech companies seem to agree. “We believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest,” said Richard Salgado, Google’s legal director for law enforcement and information security, in a post on the company’s official blog.
Clearly the publications are a step in the right direction, but a step towards what? The broadening ability of the government to associate people’s real life identities with their online activities marks a privacy milestone that further blurs an already complicated area. Somehow the legal system needs to better balance our 1st and 4th Amendment rights with respect to online privacy – maybe they should digitize them.
