Jesse J. Holland
WASHINGTON — The government and leading Internet companies on Monday announced a compromise that will allow those companies to reveal how often they are ordered to turn over customer information in national security investigations.
The Justice Department said it had reached agreements with Google, Microsoft, Yahoo, Facebook and LinkedIn that would put an end to those companies’ legal challenges before the Foreign Intelligence Surveillance Court. The companies had asked judges to allow them to disclose data on national security orders the companies have received under the Foreign Intelligence Surveillance Act.
The delivery of customer information to the government from Internet companies has been under examination following leaks about National Security Agency surveillance by former NSA systems analyst Edward Snowden.
Some of those companies were among several U.S. Internet businesses identified as giving the NSA access to customer data under the program known as PRISM. But the companies had said they wanted to make the disclosures in order to correct inaccuracies in news reports and to calm public speculation about the scope of the companies’ cooperation with the government. The providers wanted to show that only a tiny fraction of their customers’ accounts have been subject to legal orders.
The government had opposed those requests, but reached a deal with the companies late last week.
“Permitting disclosure of this aggregate data addresses an important area of concern to communications providers and the public,” Attorney General Eric Holder and Director of National Intelligence James Clapper said in a joint statement.
Following the Snowden leaks, the FBI allowed communications providers to report in a limited way the number of orders for data they received from the government and the number of accounts affected by such orders. However, the FBI agreed to disclosure only of a single, aggregate number of criminal and national security-related orders to the companies from all U.S. governmental entities, plus local and state entities.
Under the compromise announced Monday, Internet companies will be able to report the number of criminal-related orders from the government. They also will be able to release, rounded to the nearest thousand, the number of secret national security-related orders from government investigators; the number of national security-related orders from the FISA court and the number of customers those orders affected, and whether those orders were for just email addresses or covered additional information.
The companies can also choose a simplified reporting process that allows them to report the number of criminal-related orders, and then national security or intelligence orders in increments of 250 and the total number of customers targeted, also in groups of 250.
“These new reporting methods enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government,” Deputy Attorney General James M. Cole said in a letter to the five Internet companies.
The companies will have to delay releasing the number of national security orders by six months. They also had to promise that if they come up with new technology or new forms of communication, they are not able to reveal that the government can tap into that new technology for two years.