Facebook has released new details about it's involvement with a National Security Agency program involving suveillance of foreigners called PRISM.
The social network giant said it received between 9,000 and 10,000 requests for user data from various U.S. government entities in the second half 2012. The Facebook said the requests involved the accounts of between 18,000 and 19,000 Facebook users.
Facebook's general counsel Ted Ullyot said, "With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request."
Facebook said topics included missing children investigations, fugitive tracking and terrorist threats.
"These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat," the statement read.
Microsoft Corp also released numbers. It said that in the same period it received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts.
The companies were allowed to be release the limited data following week long negotiations with national security officials.
Ullyot said Facebook was only allowed to talk about total numbers and must give no specifics. But he said the permission it has received is still unprecedented, and the company was lobbying to reveal more.
The numbers do include all national security related requests including those submitted via national security letters and under the Foreign Intelligence Surveillance Act, or FISA, which companies had not previously been allowed to reveal. Ullyot said the company wanted to reveal the information because of "confusion and inaccurate reporting'' on the issue, and to show that only "a tiny fraction of one percent'' of its 1.1 billion users have been affected. In a rare alliance, Facebook, Google and Microsoft Corp. have been pressuring the Obama administration to loosen their legal gag on government surveillance orders.
The companies have sought to distance themselves from the Internet dragnet code-named "PRISM'' that was revealed in leaks last week.
"We have always believed that it's important to differentiate between different types of government requests,'' Google said in a statement. "We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately.''
An after-hours phone message left for Microsoft spokesman Pete Wootton was not immediately returned. Facebook repeated recent assurances that the company scrutinizes every government request, and works aggressively to protect users' data. Facebook said it has a compliance rate of 79 percent on government requests.
"We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested," Ullyot said. "And we respond only as required by law.''
Over the last week, in press statements as well as Mark’s post last Friday, we’ve repeatedly called for governments worldwide to be willing to provide more details about programs aimed at keeping the public safe. We’ve also urged them to allow companies to divulge appropriate information about government orders and requests that we receive, in a manner that does not compromise legitimate security concerns.
Requests from law enforcement entities investigating national security-related cases are by their nature classified and highly sensitive, and the law traditionally has placed significant constraints on the ability of companies like Facebook to even confirm or acknowledge receipt of these requests – let alone provide details of our responses.
We’ve reiterated in recent days that we scrutinize every government data request that we receive – whether from state, local, federal, or foreign governments. We’ve also made clear that we aggressively protect our users’ data when confronted with such requests: we frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law.
But particularly in light of continued confusion and inaccurate reporting related to this issue, we’ve advocated for the ability to say even more.
Since this story was first reported, we’ve been in discussions with U.S. national security authorities urging them to allow more transparency and flexibility around national security-related orders we are required to comply with. We’re pleased that as a result of our discussions, we can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters) – which until now no company has been permitted to do. As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.
For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive. We will continue to be vigilant in protecting our users’ data from unwarranted government requests, and we will continue to push all governments to be as transparent as possible.