Twitter and Microsoft join calls to disclose data requests
Microsoft and Twitter have joined calls by Google and Facebook to be able to publish more detail about how many secret requests they receive to hand over user data under the controversial Foreign Intelligence Surveillance Act (Fisa).
“Permitting greater transparency on the aggregate volume and scope of national security requests, including Fisa orders, would help the community understand and debate these important issues,” Microsoft said in an emailed statement to the Reuters news agency.
At Twitter, the chief lawyer, Alex Macgillivray, tweeted: “We’d like more NSL [national security letter] transparency and Twitter supports efforts to make that happen.”
A national security letter is used by US government agencies such as the FBI and NSA to demand access to data from companies – who are forbidden from revealing that they have been served such a request.
Google, Microsoft and Twitter publish “transparency reports” detailing how many government requests they receive for user data in various countries, but those for the US do not include Fisa requests or other NSL demands. Facebook has not so far published a transparency report.
Microsoft said: “Our recent report went as far as we legally could and the government should take action to allow companies to provide additional transparency.”
Microsoft and Twitter joined in as the PR fallout of the revelations by the Guardian over the past week about the extent of NSA access to user data continued to grow. Google’s chief legal officer, David Drummond, reiterated the company’s protests that it had not allowed the NSA “direct or indirect” access to its servers and had not allowed the NSA to install equipment on its premises.
In a letter from Google to the US attorney general, Eric Holder, also published on its corporate blog, the company once again said allegations that the US government had “unfettered access to our users’ data are simply untrue”.
But, the letter added, the fact that Google was not allowed to disclose requests made for information under the Foreign Intelligence Surveillance Act (Fisa) “fuel[s] that speculation”.
Fisa requests come with gag orders, meaning Google, Facebook and other tech companies cannot say whether they have received them.
Drummond wrote in the letter to Holder: “We therefore ask you to help make it possible for Google to publish in our transparency report aggregate numbers of national security requests, including Fisa disclosures – in terms of both the number we receive and their scope.
“Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.”
A statement from Facebook’s general counsel, Ted Ullyot, said the company “would welcome the opportunity to provide a transparency report that allows us to share with those who use Facebook around the world a complete picture of the government requests we receive, and how we respond.
“We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive, and look forward to publishing a report that includes that information”.
The tech companies have spent days categorically denying knowingly participating in Prism. Internal NSA documents state that Prism involves “collection directly from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple”.
Drummond and Google co-founder Larry Page said the company provided data to the government “only in accordance with the law”. They also said that no “back door” to Google’s information had been set up and that they had never heard of Prism until approached by the Guardian last week.
Mark Zuckerberg, the founder and chief executive of Facebook, described the press reports about Prism as “outrageous”.
The Guardian revealed last week that seven technology companies – Google, Facebook, Skype, PalTalk, Microsoft, Apple and Yahoo – were involved in the Prism surveillance scheme run by the NSA.
It is understood that the NSA approached those companies and asked them to enable a “dropbox” system whereby legally requested data could be copied from their own server out to an NSA-owned system. That has allowed the companies to deny that there is “direct or indirect” NSA access, to deny that there is a “back door” to their systems, and that they only comply with “legal” requests – while not explaining the scope of that access.
Twitter was not mentioned in the Prism programme because it declined to comply with the NSA’s dropbox proposal.
Technology companies are increasingly concerned about the effect on public confidence in their security as the revelations over Prism have widened. “If data isn’t stored on your hard drive any more but instead in the cloud, and you can’t trust a company with storing that, it becomes an existential crisis,” one Silicon Valley source told the Guardian.
“But that’s where the world is moving. The world isn’t going back to having your data sitting on your computer. The law needs to come into confirmity with the cloud and the protection that people expect from that.”