Microsoft and Facebook Come Forward with User Data They’ve Shared with The Government

More information is coming out regarding the NSA’s PRISM program wherein the agency has been requesting/demanding data on U.S. citizens from major Internet companies. (We have further reading on the subject here, here, and here.)

After adamant declarations from some companies, perhaps most notably Facebook--Mark Zuckerberg wrote a personal, angry post about it--that they refused to allow the NSA direct access to company servers, there were plenty of questions remaining about how much data the NSA requested, and from whom.

Facebook's Menlo Park campus

Facebook has directly addressed the situation via a blog post written by the company’s general counsel, Ted Ullyot. First, Ullyot claims that Facebook has pushed back against this trend as strongly as it could, saying that they scrutinize every request; further, he said, “We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law.”

Now, Facebook has managed to convince the NSA to allow it to release at least some data on national security-related data requests, including FISA and National Security Letters. “As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range,” wrote Ullyot. “This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.”

So what do the number look like? Over the course of 6 months (ending December 31st, 2012), the total of local, state, federal requests totalled 9,000-10,000, which resulted in law enforcement looking at between 18,000 and 19,000 user accounts.

NSA datacenter

(Lest anyone start carping about how ironic it is that a data farming company like Facebook is suddenly concerned with user data, note well that there’s an enormous difference between letting a service that you subscribe to [for free] use the data you give it to target ads at you and make money and the government having free reign to spy on its citizens with essentially zero oversight or public scrutiny.)

Microsoft has struck a similar deal, and it too has published some numbers: During the same time period as above, the company received between 6,000 and 7,000 “criminal and national security warrants, subpoenas, and orders” from local, state, and federal entities that affected between 31,000 and 32,000 user accounts.

Both companies were adamant in their respective posts that these generic aggregate numbers aren’t nearly enough for proper public information, but at least it’s a start.

Look, it’s true that if you have nothing to hide, you shouldn’t mind letting someone take a peek at your personal stuff in the name of national security--or for example, in the case of a local sheriff requesting data in order to help locate a missing child--but that’s not the issue here. If the government is allowed to look at your personal data with a shadowy “court order” that’s accompanied by a gag order, what you have to hide could be anything that the government doesn’t like. That includes your political views, who you associate with, groups you belong to, and private communications therein.

Should the government be able to look into potential terrorist organizations by requesting data, and sometimes look into innocent people during investigations? Sure. But if the government has nothing to hide either, it shouldn’t mind us having a look at who it’s requesting data on, when, and why.