Facebook’s head lawyer Ted Ullyot, has issued a statement defending the company’s data disclosure practices:
“Over the last week we’ve repeatedly called for governments worldwide to be willing to provide more details about programs aimed at keeping the public safe,” said Ullyot. “We’ve also urged them to allow companies to divulge appropriate information about government orders and requests that we receive, in a manner that does not compromise legitimate security concerns.
“Requests from law enforcement entities investigating national security-related cases are by their nature classified and highly sensitive, and the law traditionally has placed significant constraints on the ability of companies like Facebook to even confirm or acknowledge receipt of these requests – let alone provide details of our responses.”
That’s the problem – they can’t even say what they’re doing. Ullyot said Facebook scrutinise every government data request that it receives, from all levels of government. “We’ve aggressively protect our users’ data when confronted with such requests. We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law.
“But particularly in light of continued confusion and inaccurate reporting related to this issue, we’ve advocated for the ability to say even more. Since this story was first reported, we’ve been in discussions with US national security authorities urging them to allow more transparency and flexibility around national security-related orders we are required to comply with. We’re pleased that as a result of our discussions, we can now include in a transparency report all US national security-related requests – which until now no company has been permitted to do.
“As of today, the government will only authorise us to communicate about these numbers in aggregate, and as a range. This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.”
Ullyot said that in the last half of 2012 the total number of user-data requests Facebook received from all government entities in the US, including criminal and national security-related requests, was between 9,000 and 10,000.
“These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those requests was between 18,000 and 19,000 accounts.
“With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of 1% of our user accounts were the subject of any kind of government request in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.
“We will continue to be vigilant in protecting our users’ data from unwarranted government requests, and we will continue to push all governments to be as transparent as possible.”
Facebook’s founder Mark Zuckerberg last week wrote a blog on the same subject, and last week Google issued a similar statement.
In March Microsoft published its first Law Enforcement Requests Report, which outlined how much user data it handed over to law enforcement agencies in 48 countries around the world
The report shows that in Australia last year Microsoft received 2,238 requests for information from Australia’s police and law enforcement agencies, covering 3,081 user accounts on Hotmail, Skype and other online services. The great majority (84.9%) were agreed to, meaning that Microsoft turned over the details of 1,899 accounts. There were “requests resulting in disclosure of only subscriber/transactional (non-content) data”. No further content was handed over.
Australian does not do well on a comparative basis. Only 11,073 requests were received in the US, which has more than 20 times Australia’s population, and only 65% of those were agree to. The country with the dubious distinction of having the highest number of requests was Turkey, with slightly more requests than the US. The only other countries higher than Australia were Taiwan (4,381 requests for about the same population) and France and Germany (with much larger populations).
“To ensure we meet our commitments and responsibilities, we regularly review and update our relevant policies, processes and management systems,” says Microsoft. “As part of that review – and commitment to transparency – we are providing information on the criminal law enforcement requests we receive for customer data.
“Like others in the industry, we believe it is important for the public to have access to information about law enforcement access to customer data, particularly as customers are increasingly using technology to communicate and store private information.”
When you look closely at what Facebook, Google and Microsoft are saying, it actually isn’t very much. They are careful with their users’ data, they comply with the law, and some surveillance is necessary in the modern world. What they are not saying, because they don’t know, is the extent to which the NSA or other agencies are accessing their databases or communications without their knowledge. ‘Plausible deniability, it’s called.
We simply don’t know the extent of such activity. In the absence of any evidence to the contrary, and in light of the increasing body of evidence of the extent o the US Government’s activities (thank you, Ed Snowden), you would have to say there is much more going on than anybody realises.
What’s the old joke? “Just because you’re paranoid doesn’t mean they’re not out to get you. Julian Assange, Bradley Manning, Ed Snowden. There’s a pattern here, and a very disturbing one.