Secrets about the NSA’s surveillance programs continue to command the world’s attention. To maintain their reputations, some of the communications companies involved are advocating that the US government allow them to reveal more about their participation in the programs.
The main obstacles to corporate transparency, according to Google, Facebook, and others, are gag orders that usually accompany government data requests authorized by the Foreign Intelligence Surveillance Act (FISA), the law used to justify the PRISM and Verizon phone records surveillance programs. Gag orders are barriers that create legal consequences for the release of certain information, and while the punishment varies by law, the companies also fear political repercussions for violating gag orders. They have taken different steps, collectively and individually, to push back against the legal curtain of silence.
Transparency reporting and Prism
Some companies, such as Google, Microsoft, and Twitter, have previously released transparency reports, which provide aggregated numbers of data requests and the number of users affected by requests. Before the exposure of PRISM and the Verizon phone records requests, these reports did not include data from FISA programs due to gag orders.
Access advocates for the release of transparency reports, which allow users to track government requests and corporate compliance by shining a harsh light on governments that abuse their power and revealing gaps in corporate policies. However, these reports are only as good as their data, and gag orders hamper the effort to paint a comprehensive picture of government requests for user data.
Users have demanded more information on the programs, and a partial compromise has taken hold. Since the release of PRISM and the Verizon phone record requests, the companies have been allowed to include FISA orders in their transparency reports, but only if the reports group the total number of FISA requests and requests that come directly from the Department of Justice in the form of National Security Letters. Grouping requests, while better than not including the data at all, still provides an unclear picture of why the government is requesting our data.
Corporate responses to Prism revelations
So far, the companies have taken different legal and policy approaches to revealing FISA request numbers.
Since PRISM was revealed, Microsoft, Yahoo, Apple, and Facebook have released statistics on the number of requests they receive under the program, but that information is aggregated with NSL requests.
While Yahoo has failed to distinguish the number of PRISM and NSL requests, they did indicate that the majority of requests were related to traditional criminal investigations, so were not FISA related. Additionally, Yahoo has argued before the FISA court that PRISM requests themselves are unconstitutional under the Fourth Amendment, which protects against unreasonable searches and seizures, though their challenge was rejected by the FISA court, the same that approved the use of the program.
Google is attempting to provide more clarity on data requests. They recently filed a lawsuit, which argues that they should be able to provide separate data on the total number of FISA requests from NSL requests. Google has claimed that they have the First Amendment right to distinguish between the two.
Recommendations for instituting transparency
Publishing separate data is a responsible way to provide some transparency to the programs. There is no risk posed to national security by separating the two types of data. Providing the total number of requests authorized by FISA would allow the public to know how widespread the practice is while maintaining the secrecy of specific investigations. The public can then decide whether they approve of how these programs are used.
In the case of NSLs, gag orders sent to technology companies have already been declared unconstitutional by some federal courts, as they interfere with free speech without being narrow enough in design to ensure each order is made to protect national security. Each gag order should be individually evaluated to ensure its necessity. Bipartisan legislation, introduced by Representatives Amash and Conyers, titled the LIBERT-E Act, would expand the ability for companies to challenge gag orders under Section 215 of the Patriot Act. That provision was used to gather Verizon’s phone records.
The technology companies involved in the PRISM and Verizon phone records program should support oversight and transparency to ease the concerns of spooked users that their data is not being misused and that their rights are being respected. The US government should be willing to allow companies to provide further details on data requests as a first step towards winning back much of the trust lost by internet users.