[Update: Someone from Google has responded to us (by tweet!) We'll update this post as we get more questions answered]
Google made headlines today for a letter to the federal government requesting the right to release more information on compliance with spy orders. The letter claims that if the public knew how many requests for data the National Security Agency demanded, they would dispel rumors that it’s giving away sweeping access to federal spies.
“We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide,” wrote Chief Legal Officer, David Drummond.
I’m calling BS. Google’s transparency reports only disclose the number of requests made of each service. In understanding FISA orders, it’s important to realize that it’s possible for one court order to gather troves of data. “FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said,” explained The New York Times.
As a case in point, the leaked court order to allow the government to collect phone records of all U.S. Verizon calls could have been a single, solitary FISA request.
“It’s not necessarily the case that disclosing raw numbers will be helpful, but it depends on the type of order they receive,” explains Mark Rumold of the Electronic Frontier Foundation, “In the business records context (the Verizon order), the government disclosed raw numbers, but that didn’t provide meaningful information because they were using a single order to obtain records on millions.”
The good folks at the EFF are right in that any step towards more transparency is helpful. As the EFF reminds me, Google has been a laudable industry pioneer in disclosing censorship requests, and helping to bring public attention to America’s growing spying apparatus.
But this latest letter doesn’t give us any indication that disclosing the number of requests would help. We reached out to Google and have yet to receive a response.
Google responded to us, saying that they would like to include the number of users affected, as they currently do on the transparency reports. ”We know that sometimes a single government request can cover more than one user or account. That’s why the Transparency Report today includes, for criminal requests and National Security letters, the number of requests and the number of users/accounts affected. We would certainly like to extend that approach to any additional kinds of legal requests we add to the Transparency Report in the future,” a Google representative wrote to us in an email.
The problem is, if the Times article is to be believed, the NSA can request data on search logs, which means it could scan millions of users. Even under the best scenario, the NSA couldn’t have let Google do this, because it would be tantamount to disclosing how many services it’s sweeping. In other words, Google’s letter is asking for permission to essentially reveal the PRISM program itself.
The letter, then, is a more roundabout way of telling the American people that Google is gagged and, therefore, can’t control wild speculation. I’m sympathetic to Google’s situation, even if the letter itself seems an odd way of expressing their frustration.
More importantly, it doesn’t get us any closer to meaningful public oversight. We don’t know what data is being requested, if it’s being abused, or if it’s effective. In other words, we still lack solutions.