Saturday, June 15, 2013

Facebook, Microsoft Release Partial NSA Spying Data, Google, Twitter Opt Out As 'Step Back For Users'

By Susan Duclos

(Headline corrected)

Facebook headlines with "Facebook Releases Data, Including All National Security Requests," which is a tad misleading since the deal made with the Obama administration to release information on FISA requests for user data forces the companies to release the number of requests " in aggregate," without the ability or permission to separate FISA requests for NSA, from local, state and other such requests. It also appears that no specific information on the FISA requests is being released.

......As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.

 For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
Microsoft has also released their numbers:

Here is what the data shows: For the six months ended December 31, 2012, Microsoft received  between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal). This only impacts a tiny fraction of Microsoft’s global customer base.

We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.
[UPDATE] Quick note- Microsoft's "2012 Law Enforcement Requests Report," states "As noted in the data table (available in the PDF below) in 2012, Microsoft and Skype received a total of 75,378 law enforcement requests. Those requests potentially impacted 137,424 accounts."
(Those numbers include Hotmail/Outlook.com, SkyDrive, Xbox LIVE, Microsoft Account, Messenger,Office 365 and Skype) PDF found here. [End Update]


Notice these figures are only for the last six months of 2012, yet according to the Prism chart released recently, collection of user data from Microsoft began in September 2007 and collection of user data from Facebook began in June 2009.

Click image to enlarge

Google opted out of the partial transparency agreement with the Obama administration, telling The Verge why.

We have always believed that it's important to differentiate between different types of government requests. We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.

Benjamin Lee, Legal Director at Twitter, took to Twitter to agree with Google:


Allowing Facebook and Microsoft to tell their users that in the last six months of 2012, anywhere from 39,000 to 51,000 of their users, combined, had their personal information divulged, yet not allowing them to tell their customers how much of that information went to the NSA via FISA secret court orders, is nothing more than lip service and a pretense of transparency on the part of the Obama administration, limited at that.

We also know that a secret court order was granted by the secret Foreign Intelligence Surveillance Court on April 25 and is good until July 19, requiring Verizon, one of the nation's largest telecommunications companies, on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the U.S. and between the U.S. and other countries.

Verizon has over one million customers.

So if you combine the numbers from just the two companies, add in the recent Verizon numbers, realize there is more from Yahoo, Google, PalTalk, AOL, Skype, YouTube, Apple and obviously Twitter, since they issued a statement, and these are just the companies we know of,  that is a massive amount of personal, supposedly private, information being demanded about users, by the government.


Full Wake up America NSA scandal coverage found here.