Ever since Edward Snowden began leaking classified documents about NSA surveillance, Google and other tech companies have wanted to reveal the extent of NSA’s access—pursuant to orders of the secret FISA Court—to their customers’ accounts.
They have wanted to disclose specifics on NSA access not just because they care about transparency, but because they expected the information to be reassuring: showing the actual incidence of court-sanctioned surveillance to be much lower than customers feared, based on news stories using NSA documents leaked by Snowden.
Google, Yahoo, Microsoft and Facebook (among others) filed motions in the secret FISA Court–with the support, incidentally, of an amicus brief filed by the First Amendment Coalition–requesting modifications to gag orders that had barred them from virtually all public comment. In January the Justice Department acceded to some of the requests, agreeing to new censorship rules permitting disclosure, albeit on a delayed basis, of NSA requests resulting in access to companies’ user data, including access to user content (e.g., emails).
This week the companies made the newly okayed disclosures. They revealed, for the period January to June of 2013, that . . .
-Google provided content on somewhere between 9,000-9,999 accounts.
-Yahoo provided content on somewhere between 30,000-30,999 accounts.
-Microsoft provided content on somewhere between 15,000-15,999 accounts.
-Facebook provided content on somewhere between 5,000-5,999 accounts.
The numbers are substantial–some 60,000 accounts for all four firms; half of that for Yahoo alone–but they are, of course, just a fraction of all the companies’ accounts. Facebook by itself has over 200 million users in the US, and more than one billion worldwide.
Does this mean fears about out-of-control NSA surveillance are disconnected from reality? Not necessarily. The tech companies have disclosed information on NSA access for the cases that they know about. Call these the “front door” cases in which NSA, playing by the rules, knocks on the tech firms’ doors, announces itself, and presents its papers from the FISA Court.
But what of NSA’s secret “back door” access to the companies’ user data and message contents? I’m referring to news accounts, first published in the Washington Post in November, about NSA’s copying of Google user data and content–secretly, without Google’s knowledge–by exploiting unprotected communications links in Europe. The news accounts were based on Snowden documents .
If NSA does, in fact, have a secret backdoor channel into Google’s users data and communications, it hardly matters how scrupulous the agency is in adhering to applicable legal rules restricting access through Google’s front door.
Google of course can’t be transparent about the government’s access to customer information when Google itself is aware of only part of that access. And Google’s customers, particularly its customers residing outside the US, will continue to doubt Google’s ability to protect their privacy.
–PETER SCHEER