The intelligence leaks by Edward Snowden were “staggering,” a secret Pentagon report has concluded. Here is what multiple pages of the 12 pages it declassified from that report look like, naturally. (Via The Guardian)
story: )
The chart below summarizes how the major tech companies surveyed by the Electronic Frontier Foundation fared as it relates to “privacy policies, terms of service, public statements, and courtroom track record.”
Nine companies this year received the highest six-star rating, compared to two in last year’s survey. A total of 20 companies are now releasing so-called transparency reports about government requests for data compared to 7 a year ago, EFF’s survey showed.
“The sunlight brought about by a year’s worth of Snowden leaks appears to have prompted dozens of companies to improve their policies when it comes to giving user data to the government,” EFF’s Rainey Reitman said in a release.
Full Report (HTML) | Full Report (PDF) | SILK’s aggregated database of transparency reports (HTML)
Steve Aftergood of the Secrecy News blog aptly called the report ‘practically irrelevant’ and notes its importance “has receded in the wake of the far more substantial disclosures of the post-Snowden era,” but nonetheless, the Justice Department this week officially declared how many times it snooped on us all in 2013.
In its annual report to Congress on activity under the Foreign Intelligence Surveillance Court Act, (download PDF) the Justice Department said it made 1,655 applications to the Foreign Intelligence Surveillance Court. None of those requests for electronic surveillance, physical search or both was turned down. That total is down about 11% over 2012.
The FBI issued 14,219 secret National Security Letters demanding customer records from businesses. Those covered 5,334 individuals. Requests and people affected were down 7% and 11% respectively.
The report also said it sought “business records” from the surveillance court 178 times, but as Aftergood noted in light of information disclosed in and since the Snowden era began nearly a year ago, “the bland term “business records” extends in principle to everyone’s telephone call records.”
SOURCE: OnTheBeat graphics using EPIC.org compilation from Federation of American Scientists document collection.
We’ve done a lot of stories on the transparency reports that major companies release with details on the number of requests they’ve gotten from law enforcement agencies for user information and/or data, so we thought it was time to keep a running list of where you can find those reports.
And here it is:
U.S. law enforcement requests for data about Google users set a new record, data that Google released about the second half of the year yesterday showed.
Wielding subpoenas in 2 out of 3 cases, agencies asked 21,500 times — 59 times a day — for information about nearly 40,000 users and/or accounts. Unlike court orders and warrants, subpoenas are not necessarily issued by a court.
The number of requests was down slightly in the second half of the year (3%) and the number of users/accounts was down a bit more (16%). It is unclear whether the enormous publicity over monitoring of personal data after Edward Snowden released a plethora of explosive NSA documents in the Spring may have been a factor in the slight decline. The drop in the second half of 2013 as the first ever reported on a half-year basis since Google started releasing the data after the second half of 2009.
The data released on Thursday focused on requests that are unrelated to national security, i.e., involving the National Security Agency, FBI and secret Foreign Intelligence Surveillance Court. Aggregate data about those cases was released in February after the Obama administration slightly reduced restrictions on public release.
Google has been releasing the so-called “Transparency Reports” since 2009; some of its peers and competitors didn’t follow suit until the last year. The requests from law enforcement in some cases cover just information about an account holder or user, such as address; in other cases, authorities ask for actual content produced by the user (e.g., Gmail, YouTube, etc.). In 2013, at least some data was released in just over 4 in 5 cases.
The U.S. by far remained the leader in requests, accounting for 43% of all requests (up slightly over the first half), distantly followed by France, Germany and India in the second half of the year. The number of countries that made requests was up in the second half of the year, but about half were for 20 or fewer.
Broken down by first and second halves of years
For good measure, Google released this animated cartoon about how it deals with warrants.
AT&T said on Tuesday that it received secret orders under the Federal Intelligence Surveillance Act in the first half of last year involving up to 37,000 customer accounts. Those accounts were included in up to 2,000 orders from the Justice Department; half of those requests were for actual content from customers in as many as 36,000 accounts. The other half demanded just account data.
As many as 2,999 other requests came from the FBI as “National Security Letters,” and involved up to 4,999 accounts. Those letters can only demand information about a customer account, not personal data such as documents or emails.
The Justice Department in late January, to settle a lawsuit the companies had brought seeking more transparent reporting, relaxed reporting standards and allowed the FISA data to be made public for the first time. Companies that choose to report the FISA requests and NSL requests combined can use ranges of 0–249; if data is separate, it must be reported in larger ranges — 0-999.
FISA data can cover both the total number of orders made and how many accounts were involved. It can also be broken out by requests for customer information, such as subscriber name, or actual content, such as an e-mail. National Security Letters are limited to only customer information, not content.
AT&T on Tuesday also released its first ever data on non-national security related civil and criminal court requests for user data and information. Other communications and internet companies, such as Google, have been releasing “transparency reports” with this data for several years.
During 2013, AT&T received an average of 827 requests a day from law enforcement — 301,816 for the years, most involging criminal cases and issued by subpoenas, which are believed to typically only cover data about a user and account, not content created. Just under 1 in 5 requests came via more powerful court order or warrant. Only about 1% of requests were rejected by AT&T and for about 5% of the requests, AT&T had no or only partial information to release.
About 100,000 “emergency” requests were received, such as those related to a 911 call. About 38,000 request were for a customer’s location, as well as all numbers for a particular cell tower.
(Updated 2/18/2014 to add AT&T data).
More major tech companies have weighed in with data they are now allowed to release about how many secret orders for user information and content were made under the Foreign Intelligence Surveillance Act or from the FBI in a National Security Letter.
Yahoo, Microsoft, Google, LinkedIn and Facebook this week joined Apple, which was the first to report last week. All said they’d received the same number of secret government requests in the first half of 2013, but the number of accounts affected by those requests varied widely. (See table below). UPDATE: AT&T released its FISA data and update on National Security Letters on Feb. 18. Link to its report is also below; it includes data on its other criminal and civil requests for data as well.
The Justice Department last week, to settle a lawsuit the companies had brought seeking more transparent reporting, relaxed reporting standards and allowed the FISA data to be made public for the first time. Companies that choose to report the FISA requests and NSL requests combined can use ranges of 0–249; if data is separate, it must be reported in larger ranges — 0-999.
FISA data can cover both the total number of orders made and how many accounts were involved. It can also be broken out by requests for customer information, such as subscriber name, or actual content, such as an e-mail. National Security Letters are limited to only customer information, not content.
(Click on image for larger version in new browser window).
The fresh batch of reports largely covered the first half of 2013, although some companies added earlier years as well. Data for the second half of 2013 won’t be available until mid-2014 because of a waiting period required by the new rules for FISA orders.
NSL requests aren’t covered by that waiting period and two of the four companies that reported July-December 2013 numbers for those showed an increase in number of accounts affected over the first half of the year. Yahoo and Google bot said 1,000-1,999 accounts were affected, up from 0-999; Microsoft and Facebook reported no increase.
Google and Yahoo provided the most historical data. While total FISA requests has remained flat, the number of accounts affected by content requests has increased significancy. Google’s rose from 2,000-2,000 in the first half of 2009 and peaked at 12,000-12,999 in the second half of 2012. Microsoft’s peaked at the same time, at 16,000-16,999 in the second half of 2012 vs. 11,000-11,999 a year earlier.
Full details can be found in the individual reports below.