Facebook, Microsoft release limited data on surveillance

Washington, June 15: Facebook, which has more than 1.1 billion users worldwide and Microsoft have released limited information about the number of surveillance requests by the US government's National Security Agency .

Facebook thus became the first tech giant to release the data as the companies struggle with the fallout from disclosures about a secret government data-collection programme, PRISM. The Facebook received between 9,000 and 10,000 US requests for user data in the second half of 2012, covering 18,000 to 19,000 of its users' accounts.

Microsoft's total was about 32,000 accounts over the same six month period ending December 31, 2012.

Microsoft's Vice President and Deputy General Counsel John Frank said that for last six months of 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. local, state and federal governmental entities.

Meanwhile, Google is negotiating with the US government over whether it could only publish a combined figure for all requests.

The majority of those requests are routine police inquiries, a person familiar with the company said, but under the terms of the deal with Justice Department, Facebook is precluded from saying how many were secret orders issued under the Foreign Intelligence Surveillance Act. All information about requests under FISA are deemed secret.

The disclosures about PRISM, and related revelations about broad-based collection of telephone records, have triggered widespread concern and congressional hearings about the scope and extent of the information-gathering.

Details about PRISM were leaked by former US security consultant Edward Snowden and revealed by The Guardian and the Washington Post last week.

The United States has launched a criminal investigation after the former CIA technical assistant blew the lid on the National Security Agency's vast electronic surveillance operation.

Snowden is hiding in Hong Kong and has said that he will fight against any attempt to extradite him.

What is PRISM?

It is a eavesdropping programme used by US intelligence agencies. Microsoft, Yahoo, Google, Facebook, Apple, AOL, Skype and YouTube are among those companies involved in the programme.

Data monitored could include search histories, emails, social media interactions, connection logs, audio and video.
Washington Post says PRISM program is the most significant contributor to US president Barack Obama's daily briefings.

Twitter is still not participating in PRISM.

Dilemma of the companies

The big internet companies in particular have been torn by the need to obey US laws that forbid virtually any discussion of foreign intelligence requests and the need to assuage customers.

Under FISA requests, the companies are unclear how much information needs to be given. Several companies have said they had never been asked to turn over everything from an entire country, for example. However, the intelligence agencies could ask for all correspondence by an account holder, or even all correspondence from the users' contacts.

Facebook, Google and Microsoft had all publicly urged the US authorities to allow them to reveal the number and scope of the surveillance requests after documents leaked to the Washington Post and the Guardian suggested they had given the government "direct access" to their computers as part of PRISM.

Google, Facebook and Microsoft have already directly contradicted the Guardian and Washington Post reports about "direct access" to their servers.

Both newspapers have since backtracked, and it now appears that at least some of the companies allowed neither government-controlled equipment on their property nor direct searches without company employees vetting each inquiry.

Google provides information only on request via an old-school data-transfer protocol called FTP and that Google legal staff must approve each request.

Beyond that, it is now clear that many of the companies have objected, at times strenuously, to both individual requests and the broad sweep of the program. There have been frequent disagreements over how to handle specific requests.

Facebook statement by Ted Ullyot (Facebook General Counsel)

Over the last week, in press statements as well as Mark's post last Friday, we've repeatedly called for governments worldwide to be willing to provide more details about programs aimed at keeping the public safe. We've also urged them to allow companies to divulge appropriate information about government orders and requests that we receive, in a manner that does not compromise legitimate security concerns.

Requests from law enforcement entities investigating national security-related cases are by their nature classified and highly sensitive, and the law traditionally has placed significant constraints on the ability of companies like Facebook to even confirm or acknowledge receipt of these requests - let alone provide details of our responses.

We've reiterated in recent days that we scrutinize every government data request that we receive - whether from state, local, federal, or foreign governments. We've also made clear that we aggressively protect our users' data when confronted with such requests: we frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law.

But particularly in light of continued confusion and inaccurate reporting related to this issue, we've advocated for the ability to say even more.

Since this story was first reported, we've been in discussions with U.S. national security authorities urging them to allow more transparency and flexibility around national security-related orders we are required to comply with. We're pleased that as a result of our discussions, we can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters) - which until now no company has been permitted to do. As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we're continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.

For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) - was between 9,000 and 10,000. These requests run the gamut - from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.

With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.

We will continue to be vigilant in protecting our users' data from unwarranted government requests, and we will continue to push all governments to be as transparent as possible.

With agencies inputs