Facebook Makes The First Big Dent On FISA, Releases Data On All U.S. Government Data Requests

Updated. As the PRISM scandal shows no signs of dying down in the public consciousness, Facebook has just released the fullest account to date of the requests it has received from United States law enforcement and governmental authorities for the data surrounding its users.

To borrow a phrase from local news sizzle reels, the numbers may surprise you.

In a report issued today on Facebook’s company blog, general counsel Ted Ullyot wrote:

“For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.

With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.”

More information can be found here, and we’re updating the story as it develops.

UPDATE: Microsoft has followed suit, releasing its own figures on official U.S. data requests including FISA orders in its own blog post shortly following Facebook’s disclosures, writing:

“For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal).”

But at first blush, those numbers may not seem as scary as the initial reports on governmental surveillance of web activity would imply. Though the government under FISA does have the right to request as much information as it would like in the name of national security, it seems that those requests have affected a relatively tiny fraction of Facebook users.

For a bit of background: Facebook this week joined several other technology giants including Microsoft and Google in publicly asking the government to change the restrictions prohibiting them from being fully transparent about the extent of their cooperation in the U.S. government’s surveillance activities.

Thus far, requests that Facebook has received from the National Security Agency (NSA) have been kept secret because they are by definition confidential orders executed under the Foreign Intelligence Surveillance Act (FISA) — the secrecy is mandated in the name of keeping American citizens safe from equally secretive terrorist organizations. In short, anything under FISA is just like Fight Club — the first and most important rule is that it isn’t discussed.

Facebook has said recently that one reason it has refrained from issuing public statements about its involvement with governmental authorities (such as Google does with its Transparency Report) is because the existence of FISA would make such statements incomplete. In many ways, these companies’ hands have been tied if they want to keep complying with the law.

Now, many of us would love to see whistleblowers within these tech firms flout the law and talk about what exactly is going on, as Edward Snowden has — FISA be damned. Michael Arrington, who I personally think has been nailing exactly how the tech industry should be viewing this issue from day one on his Uncrunched blog, has issued a some compelling calls for industry folks to do just that — but up until now, we’ve only had tech companies asking for a bit more leeway and permission to talk.

While staying within the confines of the law, Facebook today has made a significant stride toward really opening up the way that the government handles its information gathering and disclosures — it will be interesting to see how other companies follow suit.