Under new Department of Justice rules, technology and telecommunications companies are now allowed to provide more information about government requests for customer data. However, they will still be restricted from disclosing what is being collected, or how much.
The new rule comes days after President Obama promised changes in how long requests from the Foreign Intelligence Surveillance Court could be kept secret and how they could be reported. Technology companies such as Microsoft, Google, Twitter, and Facebook had been petitioning the White House to be allowed to inform users about these requests. Up until now, these companies were barred from discussing these requests under a gag order.
“The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities,” Attorney General Eric Holder and the Director of National Intelligence James R Clapper said in a joint statement on Monday.
Companies will now be able to report how many 250 FISA orders and national security letters they received, in increments of 250. They can also disclose the number of “selectors,” or the kinds of data being requested, such as usernames, email addresses, and IP addresses. While information on surveillance orders can be made public every six months, the actual reports must be delayed by six months.
“We’re pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed,” Microsoft said in a statement. The company said the public has a right to know about the volume and types of national security requests it receives.
Apple promptly amended its transparency report to reflect the new rules, reporting 0-249 total orders received affecting 0-249 customer accounts. Apple also reported 927 law enforcement requests impacting 2,330 accounts. Apple said that it complied with 81 percent of account requests where some data was disclosed.
“This data represents every U.S. national security order for data about our customers regardless of geography,” Apple said in a statement. “We did not receive any orders for bulk data. The number of accounts involved in national security orders is infinitesimal relative to the hundreds of millions of accounts registered with Apple.”
Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including iPCMag.com where she is a networking and security analyst. She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products.