As with other technology companies, Yahoo said that the report includes statistics for requests made through national security letters and those made under the Foreign Intelligence Service Act, in addition to other requests from law enforcement.
The company also broke down how many of those requests yielded data — 37 percent disclosed the content of Yahoo accounts, such as words in e-mails, photos or uploaded files. In about 55 percent of the requests made, the company disclosed information about its users that did not involve content but gave information such as names, location data and e-mail addresses. In six percent of cases, the requests yielded no data because, for example, “the account didn’t exist or there was no data for the date range specified by the request,” Yahoo said.
The company also shared the number of requests it received from the governments of 16 other countries. The statistics do not include Yahoo properties that have received fewer than nine requests in the reporting period, excluding Yahoo Columbia and Yahoo Hispanic America. It also omits data from Yahoo Japan, in which Yahoo now owns a minority stake.
Requests to Tumblr, owned by Yahoo, are also not included in the report, though Yahoo said the blogging platform will release its own report in the future.
In a company blog post, Yahoo underscored that it takes steps to fight requests that it believes do not comply with the law.
“Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful,” wrote Ron Bell, Yahoo’s general counsel.
In 2008 Yahoo unsuccessfully challenged amendments to the Foreign Intelligence Surveillance Act as unconstitutional. A FISA court judge recently ruled in July that the company had the right to ask the U.S. government to consider sharing more information on that court case.
In Friday’s report, the company said it disagrees with the U.S. government’s current policy on the disclosure of national security letters, or NSLs. The government will allow some providers to publicly disclose a range of the NSLs they receive, but only by 1,000 at a time. That means that even if a company receives one such request, they must say they’ve received anywhere from zero to 1,000 of them.
Yahoo and other technology firms are working to get permission to release the exact numbers of these types of requests.
“We strenuously disagree with the government’s position and will continue to advocate for greater transparency regarding requests made under national security authorities,” the company said in its report. “If we succeed in persuading the U.S. Government to allow greater transparency, we will disclose additional details in future reports, and we will also update this report with more details related to national security requests as permitted.”
Bell said that Yahoo plans to release a transparency report every six months.