More than two weeks after the NSA’s secret surveillance program, PRISM, was leaked to the world, the companies involved are understandably still taking some heat from its users. Facebook and Microsoft, however, have worked out a deal with the US government to begin including national security-related requests in its transparency reports. Measures that both companies are surely hoping will help alleviate some of the fears that resulted from many of the exaggerated initial reports regarding PRISM.
Facebook revealed that for the second half of 2012, the company received between 9,000 and 10,000 requests from the government for information. These requests affected between 18,000 and 19,000 of Facebook user accounts.
Microsoft says for the same period in 2012, it’s received “between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts.”
The catch, as you’ve probably already noticed, is that the numbers are a little too vague to be of use to anybody. That’s because the deal that the companies have worked out with the US government only allows them to communicate the numbers in aggregate and in bands of 1,000 — which is why there’s a pattern between both companies’ numbers.
Google, on the other hand, doesn’t agree with publishing the numbers with such restrictions. In fact, they think that it’s a “step back for users.” Here’s what a Google spokesperson told The Verge:
We have always believed that it’s important to differentiate between different types of government requests. We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.
Twitter’s Legal Director, Benjamin Lee, followed up shortly after tweeting:
We agree with @Google: It’s important to be able to publish numbers of national security requests—including FISA disclosures—separately.
It makes sense that Google and Twitter have chosen not to go the same route as Microsoft and Facebook — Google in particular already has a detailed breakdown of the type of requests it receives, having to use aggregate numbers in a limited range would only make their transparency reports less useful.
But it’s also hard not to fault Facebook and Microsoft for doing what they did. This entire PRISM fiasco must be one the biggest PR nightmares for them in recent years and at the end of day, it’s much better than no numbers at all. Hopefully more transparency (and specifics) will be allowed in these reports in the future. Due to their sensitive nature, however, I’m not holding my breath.