Technology companies will soon be able to disclose more details about the number of national security orders and requests they receive, according to a joint statement from Attorney General Eric Holder and Director of National Intelligence James Clapper. Under the new rules, companies will be allowed to reveal summaries of the aggregate numbers of Foreign Intelligence Surveillance (FISA) Court orders and National Security Letters and the number of customer accounts targeted under those orders.
As a result, Facebook, Google, Yahoo, LinkedIn, and Microsoft are dropping their petition to the FISA Court requesting the ability to tell consumers more about this type of data. This creates some good headlines for tech companies who were on the defense in the wake of leaks from former National Security Agency contractor Edward Snowden.
But that's all transparency reports produced by tech companies are about: good PR. These transparency reports are better than nothing, but they don't represent a meaningful way to measure the true scope of governments' access to private data.
"It is commendable that the companies pressed the government for more openness, but even more is needed." argued Alex Abdo, staff attorney with the American Civil Liberties Union’s National Security Project. In July, the ACLU and several other civil liberties organizations filed an amicus brief in the FISA Court supporting requests for further transparency from Google and Microsoft. "Congress should require the government to publish basic information about the full extent of its surveillance, including the significant amount of spying that happens without the tech companies’ involvement.”
The Office of the Director of National Intelligence announced in August that the government would be releasing information related to orders issued under some national security authorities, including NSLs and FISA Court orders, on an annual basis with the caveat that its ability to discuss those activities is limited by a "need to protect intelligence sources and methods."
But five months since the announcement, that data still hasn't been released. And the government could stand to be more transparent about other activities -- including providing information about takedown and data requests from other law enforcement agencies. A growing number of tech companies release transparency reports covering some of this information. But the varied release schedules, differing structures, and disparate hosting of this information make it difficult to compare them. And there are doubtless many lower-profile companies that receive government orders and requests but aren't providing the public with statistics.
So as long as this data can only be seen on a piecemeal, company-by-company basis it's impossible to gauge the larger picture. And as Abdo suggests, the disclosure of orders and requests by tech companies will still leave surveillance activities that occur without their cooperation in the dark -- activities which the Snowden documents suggest have vast privacy implications.
For instance, The Washington Post revealed that the spy agency was tapping into the links between Google and Yahoo data centers -- a tactic that could provide significant access to user data without the tech companies' knowledge or consent. Obviously, Google and Yahoo couldn't have informed the public about spying they didn't know was going on. Ultimately, the only entities who can supply comprehensive reporting on these issues are governments themselves.