The Department of Justice has announced a new deal with major tech companies that would allow unprecedented levels of disclosure about government data requests. Among other breakthroughs, the deal would allow each company to publicly announce the number of FISA requests and national security letters it has received in a given year, as well as the total number of users affected. Both numbers will still have to be reported in bands of 250 or 1000. The new order also institutes a two-year buffer for any new company receiving FISA orders or existing companies receiving a new kind of order, which would give law enforcement a crucial window in which agencies can employ new capabilities before they are revealed to the public. The deal will also apply to phone companies, many of which have recently begun reporting law enforcement requests.
"The public interest... now outweighs the national security concerns."
The order was announced by Attorney General Eric Holder, who described it as a clear result of President Obama's plans for NSA reform, which were announced last week and included plans for broader declassification reviews. Holder said that after examining the issue, his office determined that "the public interest in disclosing this information now outweighs the national security concerns that required its classification." The order also comes after numerous court challenges by Google, Apple, and other companies implicated in NSA data collection programs. It remains unclear whether today's order will be enough to satisfy the companies, but the new measures offer significantly more than previous proposals.
The attorney general's letter also acknowledges the existence of bulk collection programs like PRISM that would potentially affect every user of a service, and takes the first steps in acknowledging how such programs might be disclosed in the future. According to the Department of Justice, the NSA's bulk internet metadata program has already been shuttered and the bulk collection of phone records is still being transformed according to the President's reform plans, but if some version of the program survives, it would not necessarily be exempt from transparency reports. As the order says in a footnote, the reforms "will determine the manner in which data about any continued collection of that kind is most appropriately reported."
Apple has already responded to the report, issuing an "Update on National Security and Law Enforcement Orders," which replaces its November report with a more detailed set of numbers in accordance with the new guidelines. According to the new numbers, the company received fewer than 250 requests affecting fewer than 250 accounts.
Update: In response to the order, Google, Apple, Microsoft, Yahoo and LinkedIn have announced they are withdrawing their motion against the FISA court. In a joint statement, the companies said:
We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive. We're pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we'll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.