More companies report under loosened rules on national security orders for customer info


By SB Anderson

(Updated 2/18/2014 to add AT&T data).

More major tech companies have weighed in with data they are now allowed to release about how many secret orders for user information and content were made under the Foreign Intelligence Surveillance Act or from the FBI in a National Security Letter.

Yahoo, Microsoft, Google, LinkedIn and Facebook this week joined Apple, which was the first to report last week. All said they’d received the same number of secret government requests in the first half of 2013, but the number of accounts affected by those requests varied widely. (See table below). UPDATE: AT&T released its FISA data and update on National Security Letters on Feb. 18. Link to its report is also below; it includes data on its other criminal and civil requests for data as well.

The Justice Department last week, to settle a lawsuit the companies had brought seeking more transparent reporting, relaxed reporting standards and allowed the FISA data to be made public for the first time. Companies that choose to report the FISA requests and NSL requests combined can use ranges of 0–249; if data is separate, it must be reported in larger ranges — 0-999.

FISA data can cover both the total number of orders made and how many accounts were involved. It can also be broken out by requests for customer information, such as subscriber name, or actual content, such as an e-mail. National Security Letters are limited to only customer information, not content.

FISA and NSA Data (updated 2/18/2014)(Click on image for larger version in new browser window).

The fresh batch of reports largely covered the first half of 2013, although some companies added earlier years as well. Data for the second half of 2013 won’t be available until mid-2014 because of a waiting period required by the new rules for FISA orders.

NSL requests aren’t covered by that waiting period and two of the four companies that reported July-December 2013 numbers for those showed an increase in number of accounts affected over the first half of the year. Yahoo and Google bot said 1,000-1,999 accounts were affected, up from 0-999; Microsoft and Facebook reported no increase.

Google and Yahoo provided the most historical data. While total FISA requests has remained flat, the number of accounts affected by content requests has increased significancy. Google’s rose from 2,000-2,000 in the first half of 2009 and peaked at 12,000-12,999 in the second half of 2012. Microsoft’s peaked at the same time, at 16,000-16,999 in the second half of 2012 vs. 11,000-11,999 a year earlier.

Full details can be found in the individual reports below.