Peter Micek contributed to this post.
Access welcomes Facebook’s release today of its first Global Government Requests Report detailing the number of requests for user data the company receives from governments around the world.
With today’s announcement, Facebook joins a growing chorus of companies issuing transparency reports, casting much-needed light on government access to user data and company policies on assistance with law enforcement. This is something Access and other civil society groups called for earlier this year when Facebook joined the Global Network Initiative, a multistakeholder body that assesses and advises companies on privacy and free expression issues, as a full member.
Along with other companies like Apple, Google, Microsoft, Twitter, and Yahoo! and civil society organizations including CDT, EFF, ACLU, and Access, Facebook has been pressing the Obama Administration and Congress to allow internet, telephone, and web-based service providers to regularly report specific data regarding intelligence information requests. The companies and civil society groups also called on the government to establish its own transparency report with specific data on the number of requests, statutes, authorities, and affected individuals.
Readers of the Report will note that Facebook cites the number of requests from the U.S. government as a range, 11,000-12,000, as they are prohibited by law from using specific numbers when referencing national security-related requests. In this Report, Facebook combines national security requests with those related to criminal investigations.
While today’s Report does help to provide a more complete picture of the scope of government invasions of users’ privacy, it is not as detailed as other companies’ inaugural disclosures, listing only the total number of requests, the number of users/accounts requested, and the percentage of requests where some data were disclosed organized by country. The aggregation of the number of criminal investigation and national security-related requests, in particular, makes it hard to assess the extent to which Facebook user data is being acquired by the intelligence community.
Even with the aggregation though, the Report and the FAQs shine a light on US surveillance practices. Specifically, in the FAQs, Facebook states:
Does this report contain every request you have received from every government around the world during the time period stipulated?
Yes. This report contains every request for user data we received for the first six months of 2013.
Does this report contain requests related to criminal matters, or national security matters, or both?
The report contains the total number of requests we’ve received from each government, including both criminal and national security requests.
Facebook has been identified as a participant in the NSA’s PRISM program. Assuming the mechanism used by the US government to acquire user data under PRISM falls under the definition of “request” then PRISM does not seem to constitute the mass surveillance operation that many have made it out to be.
Indeed, the greatest violations of user privacy are occurring higher upstream in the network, at points where most internet traffic flows through a limited number of fiber optic lines, including underseas cables. Under programs with names like BLARNEY, FAIRVIEW, OAKSTAR, LITHIUM, STORMBREW, and TEMPORA, the NSA and the UK’s GCHQ spy on *all* telephone and internet traffic passing through the fiber optic cables that connect most of the world as well as roughly 75% of the U.S. domestic network. But as a Top Secret slide leaked by Edward Snowden advises its audience, presumably those in intelligence services, “You Should Use Both.”
Unlike the internet sector companies, telecoms companies — from the common names like AT&T, Verizon, BT, and Vodafone to lesser-known providers like Level 3 and Global Crossing — have yet to voluntarily release any data on their compliance with government requests. This omission is gaining attention as telcos are named in reports saying they comply with US and UK intelligence agency requests to deliver access to underseas cables, as well as metadata on all phone calls.
Access welcomes the Facebook Report, and agrees with the company’s assessment that this is “an important first report,” with more information coming in subsequent releases. Likewise, we see transparency reporting as the first step toward greater accountability, by governments and private sector companies alike. Access looks forward to working with Facebook and other companies seeking to be more transparent about the ways in which governments access their users’ data.