Web providers reach deal with feds on releasing customer info

This is an archived article that was published on sltrib.com in 2014, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.

Washington • The government and leading Internet companies on Monday announced a compromise that will allow those companies to reveal more information about how often they are ordered to turn over customer information to the government in national security investigations.

The Justice Department reached agreements with Google Inc., Microsoft Corp., Yahoo Inc., Facebook Inc. and LinkedIn Corp. that would resolve those companies' legal challenges before the Foreign Intelligence Surveillance Court. The companies had asked judges to allow them allow them to disclose data on national security orders the companies have received under the Foreign Intelligence Surveillance Act.

The delivery of customer information to the government from Internet companies has been under examination in the United States following leaks about National Security Agency surveillance by former NSA systems analyst Edward Snowden.

Some of those companies were among several U.S. Internet businesses identified as giving the NSA access to customer data under the program known as PRISM. But the companies had said they wanted to make the disclosures in order to correct inaccuracies in news reports and to calm public speculation about the scope of the companies' cooperation with the government. The providers wanted to show that only a tiny fraction of their customers' accounts have been subject to legal orders.

The government had opposed those requests, but reached a deal with the companies late last week that would give customers a better idea of how much information is being collected.

"Permitting disclosure of this aggregate data addresses an important area of concern to communications providers and the public," Attorney General Eric Holder and Director of National Intelligence James Clapper said in a joint statement.

The five companies welcomed the deal, but said more needs to be done. "We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive," the companies said in a joint statement. "While this is a very positive step, we'll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed."

Apple also released a statement. "We believe strongly that our customers have the right to understand how their personal information is being handled, and we are pleased the government has developed new rules that allow us to more accurately report law enforcement orders and national security orders in the U.S.," the company said on its website.

Sen. Ron Wyden, D-Ore., called it a "positive first step." "Though there is still a great deal of work to do, today's announcement is good for American companies and the Americans they employ and serve," he said.

Following the Snowden leaks, the FBI allowed communications providers to report in a limited way the number of orders for data they received from the government and the number of accounts affected by such orders. However, the FBI only agreed to disclosure of a single, aggregate number of criminal and national security-related orders to the companies from all U.S. governmental entities, plus local and state entities.

Under the compromise announced Monday, Internet companies will be able to release more information, but still only in very general terms when it comes to national security investigations. They can report the number of criminal-related orders from the government. They also will be able to release, rounded to the nearest thousand, the number of secret national security-related orders from government investigators; the number of national security-related orders from the FISA court, and the number of customers affected by both. In the FISA orders, the companies will be able to say the number of requests for personal information about their customers versus their actual e-mails.

The companies can also choose a simplified reporting process that allows them to report the number of criminal-related orders, and then national security or intelligence orders in increments of 250 and the total number of customers targeted, also in groups of 250.

"These new reporting methods enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government," Deputy Attorney General James M. Cole said in a letter to the five Internet companies.

The companies will have to delay releasing the number of national security orders by six months. They also had to promise that if they come up with new technology or new forms of communication, they are not able to reveal that the government can tap into that new technology for two years.

The American Civil Liberties Union, which filed a brief supporting the tech firms in their bid to disclose more information, said Monday that the deal "partially" lifted an information gag on the companies. But the group praised the agreement as "a victory for transparency."

Alex Abdo, a lawyer with the ACLU's National Security Project, said: "It is commendable that the companies pressed the government for more openness, but even more is needed. Congress should require the government to publish basic information about the full extent of its surveillance."

———

Associated Press writer Stephen Braun in Washington, AP National Writer Martha Mendoza in San Jose, Calif., and AP Technology Writer Barbara Ortutay in New York contributed to this report.

———

Follow Jesse J. Holland on Twitter at http://www.twitter.com/jessejholland .