- Big Internet companies are tripping over themselves to bolster their public image
- Apple, Facebook, Google and others deny giving the NSA access to their servers
- The tech companies have released aggregate numbers of total U.S. data requests
- But the disclosures skirt around the central issue of the NSA-snooping controversy
Trust us, we're from Silicon Valley.
America's largest Internet companies are tripping over themselves to bolster their public image following blockbuster disclosures about their role in the U.S. government's controversial data-gathering program.
Ever since news reports suggested that major tech firms — including Apple, Google, Facebook and Yahoo — provide the National Security Agency (NSA) with unfettered or "direct" access to their servers, the companies have been waging an aggressive campaign to demonstrate that they're not government stooges.
Now, several of the top Silicon Valley firms are engaged in a game of one-upmanship to show that they are the most transparent Internet company on the block.
The initial reports about "direct access," as part of a classified U.S. intelligence system called Prism, have turned out to be wrong. But the Prism reports have highlighted long-standing privacy fears about how the largest U.S. tech companies handle their vast troves of user data. The Internet giants have come under scrutiny following reports that the NSA uses Prism to examine data — including e-mails, videos and online chats — that it collects via requests made under the Foreign Intelligence Surveillance Act (FISA), one of the controversial laws at the heart of the current NSA-snooping furor.
Following the Prism leak, which was supplied to the Guardian and the Washington Post by whistle-blower Edward Snowden, Apple, Google, Facebook and Yahoo all issued statements — in strikingly similar legal language — denying that they give the NSA "direct" or unfettered access to their computer servers.
But the companies apparently felt the need to go further than those denials, and in recent days have engaged in a competition to demonstrate their commitment to transparency.
Although Silicon Valley has roots in the U.S. military — the Defense Advanced Research Projects Agency was central to the development of the Internet — today's big tech companies are keen to demonstrate their independence from the government and often display a libertarian streak.
Many engineers in Silicon Valley are sympathetic to "hacker" culture. Above all, Silicon Valley tech titans are wary of losing the trust of consumers, which could endanger their businesses. These companies are no doubt well aware of the numerous more secure alternatives to their services, some of which enable users to roam the Internet anonymously.
Google kicked off the transparency battle last week when it asked U.S. Attorney General Eric Holder and FBI Director Robert Mueller for permission to publish "aggregate numbers of national-security requests, including FISA disclosures — in terms of both the number we receive and their scope."
That request was noteworthy because it was the first time Google had even acknowledged that it receives national-security FISA requests. Facebook and Microsoft quickly followed suit with similar requests. A Department of Justice spokesperson told TIME that the agency is in the process of reviewing the request.
Then, over the weekend, Facebook, which unlike Google has never published a transparency report, reached an agreement with the government allowing it to disclose data on U.S. information requests. Facebook said that for the six months ending Dec. 31, 2012, it received between 9,000 and 10,000 data requests, including criminal and national-security-related requests, covering between 18,000 and 19,000 accounts.
"We're pleased that as a result of our discussions, we can now include in a transparency report all U.S. national-security-related requests (including FISA as well as National Security Letters) — which until now no company has been permitted to do," Facebook general counsel Ted Ullyot said in a not-so-subtle dig at the company's rivals.
Shortly thereafter, Microsoft released similar data, indicating that the company received between 6,000 and 7,000 criminal and national-security requests affecting between 31,000 and 32,000 consumer accounts.
"This only impacts a tiny fraction of Microsoft's global customer base," John Frank, Microsoft's deputy general counsel, said in a blog post. "Transparency alone may not be enough to restore public confidence, but it's a great place to start."
On Monday, Apple joined the party and announced that from Dec. 1, 2012, to May 31, 2013, it received between 4,000 and 5,000 requests from U.S. law enforcement for customer data related to between 9,000 and 10,000 accounts or devices, including both criminal investigations and national-security "matters." Apple said it was releasing the data "in the interest of transparency."
Yahoo followed late Monday, saying it received "between 12,000 and 13,000 requests, inclusive of criminal, Foreign Intelligence Surveillance Act (FISA), and other requests."
Here's the problem. According to the agreement Facebook, Microsoft, Apple and Yahoo reached with the government, the companies were only permitted to release aggregate numbers of total U.S. data requests. Crucially, they were not permitted to separately break out the number of FISA requests.
For this reason, we don't know if they received 50 FISA requests, 500 or 5,000. As a result, the disclosures, while laudable, skirt around the central issue of the NSA-snooping controversy, which is the nature and extent of the companies' participation in secret U.S. national-security investigations.
"We believe the companies should be allowed to break out specific numbers for FISA requests," said Amie Stepanovich, director of the Domestic Surveillance Project at the Electronic Privacy Information Center, a Washington-based public-interest organization. "These numbers would provide nationwide transparency. We also believe that individual users targeted under FISA should receive notice that they were subject to surveillance, even after the fact, so they have the chance to contest the surveillance in court."
For Google, which earlier this year was the first Internet company to disclose requests made for National Security Letters (NSLs) — a separate type of query than FISA requests — the arrangement struck by Facebook, Microsoft, Apple and Yahoo was not satisfactory.
"We have always believed that it's important to differentiate between different types of government requests," Google said in a statement. "We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national-security requests, including FISA disclosures, separately."
Twitter, which was not named in the NSA leak as a participant in the Prism program, quickly threw its support behind Google.
"We agree with Google," Benjamin Lee, Twitter's legal director, said in a Twitter message. "It's important to be able to publish numbers of national-security requests — including FISA disclosures — separately."
Thus, the contours of the transparency battle were drawn. On one side: Facebook, Microsoft and Apple. On the other, Google and Twitter.
For their part, Facebook, Microsoft and Yahoo said they would continue to urge the government to allow them to be more specific about national-security requests, including FISA requests. Facebook said it would continue "to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national-security grounds." Microsoft said: "What we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues."
But only Google has thus far resisted striking a deal with the government on the disclosure of data requests. On Monday, a Google spokesperson told TIME that the company had no update on its negotiations with the government concerning breaking out FISA requests.