When Ed Snowden lifted the lid on the NSA’s PRISM program last summer, major tech firms including Google, Facebook, Microsoft and Yahoo asked the US government if they could provide more information about what sort of data they handed over in response to Foreign Intelligence Surveillance (FISA) court orders.
Under the old rules, Google and others were banned from disclosing how often or what kind of data the NSA collected under FISA court orders, but everything changed last week when the tech giants reached an agreement with the government that allows them to be more transparent.
Now, Google and friends can publish details of the NSA requests they receive in their transparency reports, which reveal how often each company receives information requests from government agencies, and in the case of the US, what kind of legal process was used.
Google has now published its new numbers, and these reveal that the US government is getting its hands on content from thousands of Google accounts (most likely Gmail and Blogger), something that suggests the NSA’s activities could be much bigger than previously thought.
This chart from Google reveals – admittedly in very basic terms – how many times the government has obtained both account information (such as an IP or email address) and content related to people’s accounts (such as their Gmail emails):
There’s two points of note that we can gather from these figures, firstly that NSA requests are rarely related to just one account or person; and secondly, that the NSA is getting greedier, with the number of requests rising sharply every six months.
Other tech firms, including Facebook, Yahoo, Microsoft and LinkedIn, have all published their own figures, illustrating a similar trend, with the NSA’s interest in their user’s data growing slowly but surely over time.
In a blog post, Google says that this is the first Transparency Report it’s been able to publish that covers every kind of data request it receives. It adds that the data is “subject only to delays imposed by the DoJ regarding how quickly we can include certain requests in our statistics.”
As transparent as… Mud?
Truth be told, the numbers aren’t especially revealing at all – Google and others are all restricted to reporting in aggregate ranges, which doesn’t tell us much when it’s only ever received between 0-999 requests for user’s account details. It’s only with the content requests that we can see some differentiation, and even here the figures are far from accurate. Nevertheless, Google says that being allowed to publish these number is “a step in the right direction”, though it believes that this still isn’t transparent enough:
“We still believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest,” wrote Richard Salgado, Google’s Legal Director.
“Specifically, we want to disclose the precise numbers and types of requests we receive, as well as the number of users they affect in a timely way. That’s why we need Congress to go another step further and pass legislation (PDF) that will enable us to say more.”
It’s worth noting too, that these reports only cover a small part of the NSA’s ‘activities’. It’s been alleged that aside from these official requests, the agency has the ability help itself to data in many other ways, without the knowledge or acquiescence of the companies concerned.
For instance, it’s been reported that the NSA can simply eavesdrop on communications by tapping directly into fiber cables. More recently it’s been alleged that government spooks are able to target offline computers with radio transmitters to grab the data stored on them.