Google, Facebook, Microsoft and LinkedIn all made headlines today for releasing “transparency” reports about the number of users for which the U.S. government has requested data.
We now know that major Internet companies have given up personal information from between 0-15,999 user accounts, but we don’t know what exactly was given up or whether additional data was taken without the companies’ knowledge.
“The numbers themselves don’t tell us very much at all,” Electronic Frontier Foundation Staff Attorney Nate Cardozo tells me. “These transparency reports only represent a small portion of what the NSA is doing to get data out of these companies. A lot of what the NSA is doing is without the company’s knowledge.”
So, for instance, there are worries that the NSA can simply eavesdrop on any communication by tapping directly into fiber cables. The unconfirmed reports supposedly motivated Microsoft, Yahoo and Google to add stronger encryption of their data streams.
The EFF tells me that this sort of bulk collection wouldn’t show up in a transparency report, because the government is just taking everything and isn’t requesting information on individual users.
Today’s transparency report was the first time that tech companies could disclose the number of requests from the Foreign Intelligence Surveillance Court (FISC), the judicial body that authorizes some of the more controversial elements of the NSA’s spying program.
Facebook has long claimed that being able to release the number of users spied on would counter “sensationalist and inaccurate media accounts” of their relationship with intelligence agencies.
But, these reports still don’t tell us what the NSA may, or may not, be collecting. “The fiber-optic splitters that we know they used at, for instance, AT&T facilities, which capture all IP traffic going down the wire won’t be reflected in these numbers,” says Cardozo.
The relative obscurity of these numbers led the Washington Post’s Andrea Peterson to call transparency reports “mostly a PR stunt.”
I wouldn’t go that far. In the beginning, the transparency reports from Google were a bold move that got the public thinking about government censorship. Since then, Google has raised awareness about all the ways governments around the world try to stifle free speech, such as Brazil’s aggressive speech laws that prevent criticism around elections.
But, for the U.S., the numbers just aren’t that informative and it isn’t necessarily the fault of these companies. Is the government going after dissidents or are more criminals using the Internet? What laws are being invoked to request the information and does it represent the entirety of what is being collected?
I don’t think any reasonable critic ever thought that the government could monitor the activities of millions of individual citizens. The worry is in the bulk storage and how corrupt officials could target dissidents. At 15,000+ users, some of that worry may be justified by the pessimists among us.
I tend to not worry too much about these conspiracies, nor do I believe tech companies are in cahoots with the NSA. The entire scandal is one big theoretical fight over doomsday scenarios.
That said, the reports today really don’t tell us much we didn’t know. Indeed, Google and other tech companies are still suing to be able to release more information. So, the reports neither allay fears nor prove critics right. It’s just a crack of the window that helps folks like the EFF battle in court over a few more specifics.
For the rest of us, not much changes.