In an effort to reassure users, Facebook discloses that in the United States, it has received legal orders to turn over details on about one-thousandth of one percent of user accounts. Washington State Attorney General Rob McKenna and Facebook General Counsel Ted Ullyot, in this file photo. (Credit: Jay Greene/CNET) Facebook today became the first Internet company to disclose the total number of legal orders it receives for user data, including ones from the National Security Agency and from state, local, and federal police performing criminal investigations. The total: About one-thousandth of one percent of user accounts. That's 18,000 to 19,000 accounts over a six month period. Ted Ullyot, Facebook's general counsel disclosed that number today in an effort to lay to rest privacy concerns after a pair of articles last week incorrectly reported that a program called "PRISM" provided the NSA with "direct access" to Internet companies' servers. That caused near-panic among the more privacy sensitive Facebook users, and led to speculation about whether the NSA was secretly vacuuming up over a billion user profiles from the company's servers. Even after the two newspapers, the Washington Post and the Guardian backed away from their incendiary initial claims, and even after Facebook CEO Mark Zuckerberg and Google CEO Larry Page offered blanket denials, the companies asked the government if they could clear their name. Facebook's disclosure -- and a similar one expected shortly from Google -- is the result. Ullyot wrote in a blog post this afternoon that: We're pleased that as a result of our discussions, we can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters) - which until now no company has been permitted to do. As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we're continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds. For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) - was between 9,000 and 10,000. These requests run the gamut - from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts. With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive. During a congressional hearing yesterday, FBI director Robert Mueller declined to respond to questions about lifting the gag order applying to tech companies. "I think that's being looked at by Justice at this point," he said. Google, Apple, Yahoo, Microsoft, Facebook, and other Internet companies were left reeling after a pair of articles on Thursday alleged that they provided the National Security Agency with "direct access" to their servers. By late Friday, however, CNET reported that was not true, and the Washington Post backtracked from its original story on PRISM. So did the Guardian. In an editorial Tuesday, the paper said the process met legal "standards" and was subject to "judicial review." Google already releases many statistics about government surveillance as part of its transparency report, including, as of March, information on secret National Security Letters sent by the FBI. But a source familiar with the situation told CNET earlier this week the company had not secured permission to disclose information about secret court orders. James Clapper, the head of national intelligence, confirmed last week that the Internet companies were receiving legal orders sent to them "pursuant to Section 702 of the Foreign Intelligence Surveillance Act." After the Foreign Intelligence Surveillance Court limited a Bush-era warrantless surveillance program's scope, Congress enacted the FISA Amendments Act, which established a new procedure for foreign surveillance. Section 702 requires that the government obtain the secret Foreign Intelligence Surveillance Court's approval of "targeting" and "minimization" procedures, and that the court review the agencies' certification describing how proposed surveillance techniques will comply with the law. Judges must consider whether the targeting procedures are "reasonably designed" to exclude Americans and purely domestic surveillance. Amnesty International and journalists launched a legal challenge to Section 702 (which is sometimes called 1881a, for its location in the law books). They argued their confidential communications with foreign correspondents would be intercepted under Section 702 in violation of the Fourth Amendment. But in February 2013, the U.S. Supreme Court rejected their challenge by a 5-4 vote, with Justice Samuel Alito writing that their allegations were too "speculative" and the Section 702 process is subject to ongoing "oversight" and "review."
In an effort to reassure users, Facebook discloses that in the United States, it has received legal orders to turn over details on about one-thousandth of one percent of user accounts.
Washington State Attorney General Rob McKenna and Facebook General Counsel Ted Ullyot, in this file photo.
(Credit: Jay Greene/CNET)
Facebook today became the first Internet company to disclose the total number of legal orders it receives for user data, including ones from the National Security Agency and from state, local, and federal police performing criminal investigations.
The total: About one-thousandth of one percent of user accounts. That's 18,000 to 19,000 accounts over a six month period.
Ted Ullyot, Facebook's general counsel disclosed that number today in an effort to lay to rest privacy concerns after a pair of articles last week incorrectly reported that a program called "PRISM" provided the NSA with "direct access" to Internet companies' servers.
That caused near-panic among the more privacy sensitive Facebook users, and led to speculation about whether the NSA was secretly vacuuming up over a billion user profiles from the company's servers. Even after the two newspapers, the Washington Post and the Guardian backed away from their incendiary initial claims, and even after Facebook CEO Mark Zuckerberg and Google CEO Larry Page offered blanket denials, the companies asked the government if they could clear their name.
Facebook's disclosure -- and a similar one expected shortly from Google -- is the result. Ullyot wrote in a blog post this afternoon that:
We're pleased that as a result of our discussions, we can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters) - which until now no company has been permitted to do. As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we're continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.
For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) - was between 9,000 and 10,000. These requests run the gamut - from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.
During a congressional hearing yesterday, FBI director Robert Mueller declined to respond to questions about lifting the gag order applying to tech companies. "I think that's being looked at by Justice at this point," he said.
Google, Apple, Yahoo, Microsoft, Facebook, and other Internet companies were left reeling after a pair of articles on Thursday alleged that they provided the National Security Agency with "direct access" to their servers. By late Friday, however, CNET reported that was not true, and the Washington Post backtracked from its original story on PRISM. So did the Guardian. In an editorial Tuesday, the paper said the process met legal "standards" and was subject to "judicial review."
Google already releases many statistics about government surveillance as part of its transparency report, including, as of March, information on secret National Security Letters sent by the FBI. But a source familiar with the situation told CNET earlier this week the company had not secured permission to disclose information about secret court orders.
James Clapper, the head of national intelligence, confirmed last week that the Internet companies were receiving legal orders sent to them "pursuant to Section 702 of the Foreign Intelligence Surveillance Act."
After the Foreign Intelligence Surveillance Court limited a Bush-era warrantless surveillance program's scope, Congress enacted the FISA Amendments Act, which established a new procedure for foreign surveillance.
Section 702 requires that the government obtain the secret Foreign Intelligence Surveillance Court's approval of "targeting" and "minimization" procedures, and that the court review the agencies' certification describing how proposed surveillance techniques will comply with the law. Judges must consider whether the targeting procedures are "reasonably designed" to exclude Americans and purely domestic surveillance.
Amnesty International and journalists launched a legal challenge to Section 702 (which is sometimes called 1881a, for its location in the law books). They argued their confidential communications with foreign correspondents would be intercepted under Section 702 in violation of the Fourth Amendment. But in February 2013, the U.S. Supreme Court rejected their challenge by a 5-4 vote, with Justice Samuel Alito writing that their allegations were too "speculative" and the Section 702 process is subject to ongoing "oversight" and "review."
