Update: This post originally suggested that the Department of Justice’s filing in response to motions by Google and Microsoft would be release Friday, but it has yet to be posted to the Foreign Intelligence Surveillance Court’s public website. However, the Court has granted the companies a 10 day extension to modify their original arguments.
Coming on the heels of an announcement yesterday that the US Office of the Director of National Intelligence will start releasing a transparency report of national security-related requests for user data, the US government disappointingly will be filing a motion to block Google and Microsoft from voluntarily disclosing similar statistics in the company’s own transparency reports.
While Access welcomes further transparency around the NSA’s surveillance activities, the Administration’s continuing efforts to thwarts the attempts of private companies to disclose what user data the government is requesting is deeply troubling.
Both Google and Microsoft publish transparency reports including data about national security orders they recieve, they are currently prohibited by gag orders from publishing statistics about the requests they receive under the Foreign Intelligence Surveillance Act and other national security legislation, a violation of their First Amendment rights. The companies’ motion before the Foreign Intelligence Surveillance Court (FISC) sought permission to publish this information.
The Justice Department’s filing will come after the companies allowed the government to postpone its response to their lawsuits six different times since June. With negotiations having failed, the DNI seemingly sought to preempt the arguments put forward by Google and Microsoft in their motions by releasing its own transparency report, ostensibly making the case that the data will already be publicly available. According to the DNI, the intelligence community “will release the total number of orders issued during the prior twelve-month period, and the number of targets affected by these orders:
- FISA orders based on probable cause (Titles I and III of FISA, and sections 703 and 704).
- Section 702 of FISA
- FISA Business Records (Title V of FISA).
- FISA Pen Register/Trap and Trace ( Title IV of FISA)
- National Security Letters issued pursuant to 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709.”
While this is a step forward in terms of government transparency around its surveillance activities, this announcement falls short of what the “We Need to Know Coalition” — a multistakeholder group including companies like Google and Microsoft, NGOs including Access, CDT, and the ACLU, and trade associations — has called for. The letter sent by the coalition urged Congressional leaders and the Obama Administration to require the government to publish information about the specific numbers of requests, the specific authorities making those requests, and the specific statutes under which those requests are made. Furthermore, the letter calls for the ability to differentiate requests based on content vs. non-content data, and enumerate the number of persons, accounts, or devices affected, and to allow companies to voluntarily disclose the same information.
Unlike Google and Microsoft’s transparency reports, which break down both the number of requests they receive and the number of accounts affected, the DNI’s report will only include the number of requests and targets, which will make the scope of the nation’s surveillance machine to appear far more limited than it actually is. To put this in context, in 2012, there were 212 requests for business records justified under Section 215 of the Patriot Act, but that number also includes requests for the “ongoing, daily” disclosure of communications metadata of the millions of customers of AT&T, Verizon, and Sprint. And how do we know that? Because public disclosure of aggregate numbers of requests pursuant to most of the statutes to be included in the DNI’s report is already required.
It’s also worth noting that the government is only planning on releasing the number of targets, not the exponentially larger number of people who will have their privacy violated when their data are caught in the NSA’s dragnet. Moreover, by grouping statutes together in the categories the government will report statistics for, the DNI is further obfuscating the nature and scope of the government’s surveillance activities, further limiting an informed, public debate about the extent of the intelligence community’s violations into the private lives of users all over the world.
Public disclosure by both the government and the communications providers who hold user data is crucial in keeping both accountable. The new information the Administration plans to release provides no basis for the government’s continuing efforts to gag companies like Google and Microsoft from doing their own transparency reporting.
While transparency is only the first step to bringing surveillance activities into line with human rights standards, the Administration’s continued tepid efforts in this area, demonstrate the need for swift action by Congress.