Facebook and Microsoft for the first time on Friday said they had gotten data requests from the government under the Foreign Intelligence Surveillance Act, but they added that the U.S. government did not permit them to provide specific figures.
Instead, the government allowed the companies to release only broad numbers with no breakdowns. Over the last six months of 2012, Facebook said, it had received as many as 10,000 requests from local, state and federal agencies, which impacted as many as 19,000 accounts. Facebook has 1.1 billion accounts worldwide. Microsoft said that it received between 6,000 and 7,000 similar requests, affecting as many as 32,000 accounts.
The companies said some of the requests were for terrorism investigations. But others were from a local sheriff asking for data to locate a missing child or from federal marshals tracking fugitives. From these statements, it was impossible to ascertain the scale of the FISA requests made by the National Security Agency.
The companies said they have been pressing the U.S. government for permission to talk more openly about the data requests since The Washington Post and Guardian newspapers reported on a secret surveillance program code-named PRISM that was aimed at tracking terrorist activities. The reports cited an NSA PowerPoint presentation that said the agency connected directly to the servers of Facebook, Google, Microsoft and other tech-industry giants. Another NSA document described the program differently.
Facebook and other tech companies have vigorously denied giving the government direct access to their servers. But they said they comply with law enforcement requests approved by a court.
Beyond those statements, the firms have been unwilling to detail how they are cooperating with national security officials. Security experts have said the FISA orders likely prevented the companies from talking publicly about the data requests.
“In light of continued confusion and inaccurate reporting related to this issue, we’ve advocated for the ability to say even more,” Facebook general counsel Ted Ullyot wrote in a blog post late Friday.
As a result of recent negotiations with the government, Ullyot said, the company was permitted for the first time to give a range of how many U.S. local law enforcement and national security-related requests it has received. The government would not allow it to disclose specific numbers.
Facebook had been in “deep discussions with government officials throughout the week and released the information less than one minute” after gaining final government approval, a person familiar with the matter said.
That the company would rush to release a figure that gives the public little idea of the scale of the FISA requests is a sign of the pressure it has been under since the PRISM program was made public.
Google has released a range of the numbers of National Security Letters it got from the government every year since 2009. In each year, it was between zero and 999, except for 2010, when it was between 1,000 and 1,999. These figures do not include FISA requests.
A letter that Google sent to Attorney General Eric H. Holder Jr. and FBI Director Robert S. Mueller III has prompted discussions with federal officials about whether Google can release more detailed information, said a person familiar with the talks.
In a statement late Friday, Google said: “We have always believed that it’s important to differentiate between different types of government requests. We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.”
(Washington Post Co. chairman Donald E. Graham is a member of Facebook’s board of directors.)
Craig Timberg contributed to this report.
Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.