Facebook and Microsoft Corp. representatives said that after negotiations with national security officials their companies have been given permission to make new but still very limited revelations about government orders to turn over user data.
The announcements Friday night come at the end of a week when Facebook, Microsoft and Google, normally rivals, had jointly pressured the Obama administration to loosen their legal gag on national security orders.
Those actions came after Edward Snowden, a 29-year-old American who works as a contract employee at the National Security Agency, revealed to The Guardian newspaper the existence of secret surveillance programs that gathered Americans' phone records and other data. The companies did not link their actions to Snowden's leaks.
- Edward Snowden's movements are now limited by a U.K. government request
- 10 whistleblowers and the scandals they spurred
Ted Ullyot, Facebook's general counsel, said in a statement that Facebook is only allowed to talk about total numbers and must give no specifics. But he said the permission it has received is still unprecedented, and the company was lobbying to reveal more.
"With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months.
We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive."
Using the new guidelines, Ullyot said Facebook received between 9,000 and 10,000 government requests from all government entities from local to federal in the last six months of 2012, on topics including missing children investigations, fugitive tracking and terrorist threats. The requests involved the accounts of between 18,000 and 19,000 Facebook users.
The companies were not allowed to make public how many orders they received from a particular agency or on a particular subject. But the numbers do include all national security related requests including those submitted via national security letters and under the Foreign Intelligence Surveillance Act, or FISA, which companies had not previously been allowed to reveal.
The companies remain barred from revealing whether they've actually received FISA requests, and can only say that any they've received are included in the total reported figures.
Up to 32,000 Microsoft accounts affected
Microsoft released similar numbers for the same period, but downplayed how much they revealed.
"We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues," John Frank, Microsoft's vice-president and deputy general counsel said in a statement.
Frank said Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 accounts.
Both attorneys emphasized in their statements that those affected by the orders represent a "tiny fraction" of their huge user bases.
'We already publish criminal requests separately from national security letters. Lumping the two categories together would be a step back for users.' —Google statement
Google did not release its own numbers, saying late Friday that it was waiting to be able to reveal more specific and meaningful information.
"We have always believed that it's important to differentiate between different types of government requests," Google said in a statement.
"We already publish criminal requests separately from national security letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately."
Facebook repeated recent assurances that the company scrutinizes every government request, and works aggressively to protect users' data. Facebook said it has a compliance rate of 79 per cent on government requests.
"We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested," Ullyot said." And we respond only as required by law."