Edward Snowden’s disclosures about the NSA’s intrusive surveillance programs sparked widespread public uproar and concern among regulatory bodies. One of the leaked items detailed PRISM, a slide that indicated the agency had access to servers belonging to many major consumer technology companies.
Under existing law, companies are required to provide information they hold about individuals when proper legal processes are followed and there is a demonstrated legal basis for the request.
Recently, the US government relaxed certain restrictions that had prevented technology firms from disclosing details about national security requests. As a result, companies can now publish broader information about what kinds of data they were asked to provide—though the disclosures remain somewhat general and limited in scope.
The new reporting requirements instruct companies to produce aggregated statistics that cover a wide range of requests and lack fine-grained detail, and these disclosures must be delayed by at least six months. For instance, figures for the latter half of 2013 will not be available until mid-2014.
The PRISM revelations damaged the public reputations of the companies implicated and eroded user trust. In response, several technology firms have pushed for greater transparency to reduce the risk of a repeat, and to reassure enterprise and consumer customers that their data is secure on corporate servers.
Facebook, Google, Microsoft, and Yahoo have each begun publishing statistics related to FISA requests and other national security data demands. Year-over-year figures show that the number of requests reported by each company rose noticeably:
Requests (by year)
Google (2011): 7,000–7,999
Google (2013): 9,000–9,999
Microsoft (2011): 11,000–11,999
Microsoft (2013): 15,000–15,999
Facebook (2012): 4,000–4,999
Facebook (2013): 5,000–5,999
“Publishing these numbers is a step in the right direction,” said Richard Salgado, Google’s legal director for law enforcement and information security, in a company blog post.
The shift toward greater disclosure raises ongoing questions: should governments be more transparent about national security data requests, or would increased transparency hinder legitimate efforts to protect national security? Debates continue as companies and policymakers balance user privacy, corporate trust, and lawful surveillance needs.