For the six months ending Dec. 31, 2012, Facebook received between 9,000 and 10,000 requests for user data from U.S. government entities at all levels, local and national, related to between 18,000 and 19,000 accounts, outgoing Facebook General Counsel Ted Ullyot revealed in a release on Facebook’s Newsroom.
The information was made available after Facebook contacted U.S. Attorney General Eric Holder earlier this month seeking permission to share its data in the wake of the furor over the National Security Agency’s Prism initiative, in which a top-secret document revealed that the NSA obtained direct access to the servers of Internet companies including Facebook, Google, Apple, Microsoft, Yahoo, PalTalk, Skype, and AOL.
Microsoft Vice President and Deputy General Counsel John Frank told AP that during the same time period for which Facebook revealed its data, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas, and orders affecting between 31,000 and 32,000 accounts, and Frank said in a statement:
We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues.
Google, meanwhile, did not release specific figures, with the company saying in a statement, as reported by AP:
We have always believed that it’s important to differentiate between different types of government requests. We already publish criminal requests separately from national security letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA (Foreign Intelligence Surveillance Act) disclosures, separately.
Ullyot wrote in the release:
Requests from law-enforcement entities investigating national-security-related cases are by their nature classified and highly sensitive, and the law traditionally has placed significant constraints on the ability of companies like Facebook to even confirm or acknowledge receipt of these requests, let alone provide details of our responses.
We’ve reiterated in recent days that we scrutinize every government data request that we receive — whether from state, local, federal, or foreign governments. We’ve also made clear that we aggressively protect our users’ data when confronted with such requests: We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law.
But particularly in light of continued confusion and inaccurate reporting related to this issue, we’ve advocated for the ability to say even more.
Since this story was first reported, we’ve been in discussions with U.S. national security authorities urging them to allow more transparency and flexibility around national security-related orders we are required to comply with. We’re pleased that as a result of our discussions, we can now include in a transparency report all U.S. national security-related requests (including FISA, as well as National Security Letters) — which until now no company has been permitted to do. As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.
For the six months ending Dec. 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal- and national-security-related requests) was between 9,000 and 10,000. These requests run the gamut from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9,000 to 10,000requests was between 18,000 and 19,000 accounts.
With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of 1 percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal- and national-security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.
We will continue to be vigilant in protecting our users’ data from unwarranted government requests, and we will continue to push all governments to be as transparent as possible.
Readers: Do the figures released by Facebook and Microsoft put you any more at ease regarding the NSA Prism story?
Image courtesy of Shutterstock.