It isn’t exactly a secret that a lot of people don’t like the idea of the government asking for user data from the tech companies whose services many of us use every day, but recently, those very same tech companies were given the ability to disclose more information about these data requests. Today, we’re seeing Facebook, Google, Yahoo, and LinkedIn doing just that, with each sharing reports on FISA content requests, FISA non-content requests, and NSLs (National Security Letters). While this is encouraging news, the data they’re sharing is a little out of date – though this new agreement with the government allows companies to share more data on these requests, they can only reveal information on requests that are at least six months old.
Therefore, the data we’re seeing today covers the first six months of 2013, ending in June. The data is also vague in that the companies are only allowed to share affected user numbers in groups of 1000, so it’s impossible to know exactly how many users are being targeted in the requests. Regardless, it’s a step in the right direction, and this agreement could open the door for even more transparency in the future. Before getting into the numbers, let’s talk briefly about what kind of data each type of request entails. When FISA makes a request for the disclosure of content, the agency is looking to get its hands on content users have created and perhaps even stored on a company’s servers. As Yahoo points out, this can include stuff like emails, instant messages, photos, or calendar entries.
On the other hand, sometimes FISA makes a request for the disclosure of non-content data. This can include things like your name, IP, billing information, and where you’re sending emails to or receiving emails from. Finally, we come to NSLs, which are requests approved by the FBI that straight up require a company to share non-content information potentially including the names and addresses of users. So, how many of each did these companies receive in the first half of last year? For the period from January 1 to June 30, 2013, Facebook said it received 0-999 requests for content affecting 5,000-5,999 users or accounts, while non-content requests came it at 0-999 for 0-999 users or accounts. NSLs had the exactly same numbers as non-content requests, so both were pretty low considering how absolutely massive Facebook’s user base is.
Google similarly had 0-999 content requests in the six month period, with 9,000-9,999 users or accounts at the center of the requests. Non-content requests once again sat at 0-999 with less than one thousand users affected. Yahoo, just like Facebook and Google, received 0-999 content requests, but they concerned a whopping 30,000-30,999 accounts. We’re noticing a trend here, as Yahoo’s non-content requests and NSLs sat at less than one thousand, just like the number of accounts affected by both. LinkedIn’s report was a little less jarring, as it received 0-249 national security requests impacting 0-249 user accounts.
So, while it’s nice that these companies are now sharing this information, it is a little bit unsettling to see that the requests for content far outweigh the non-content ones in most cases. Google, Facebook, and Yahoo all state that they’re going to continue pushing for further reform and transparency, so here’s hoping that they’re successful in getting the government to let them release more data in the future.