After a report earlier today detailing that Facebook had been in talks with the US government to allow it to disclose data requests, this evening the company is reporting that it has made some progress. Facebook general counsel Ted Ullyot says that Facebook "can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters)," although it can only "communicate about these numbers in aggregate, and as a range."
Ullyot says that the government requested information somewhere between 9,000 and 10,000 times over the six-month period ending on December 31st, 2012 — and that those requests ended up affecting between 18,000 and 19,000 Facebook accounts. Unfortunately, these numbers are not very specific — they do not specify which or how many requests originated from the NSA, instead only giving the numbers as a raw total of requests from various local and federal agencies.
Update: Microsoft has also released numbers for the second half of 2012, and like Facebook it can only reveal requests in aggregate. In fact, Microsoft says that "We are still not permitted to confirm whether we have received any FISA orders, but if we were to have received any they would now be included in our aggregate volumes." With that proviso, Microsoft says it received "between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts." Microsoft further explained why its numbers follow the same pattern as Facebook's: both companies can only present numbers "in bands of 1,000."
Google's transparency report for the same period, which as of this writing does not include FISA requests, says that the company received 8,438 requests for data in from the US. Google further breaks down those numbers into subpoenas, search warrants, and "other."
"We will continue to push all governments to be as transparent as possible."
Facebook's Ullyot made mention of Facebook's repeated desire to have more transparency and also made it clear that Facebook has been feeling the heat from the PR debacle that started with the release of the original PRISM presentation. In the context of Facebook's 1.1 billion active users, Ullyot said that "We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive."
Meanwhile, Reuters reports that "several internet companies" are part of the agreement. Both Facebook's statement and Reuters' report say that the numbers these companies can release are only the aggregate numbers, which means this additional level of transparency is only a modest victory. The tiny step forward here is that Facebook and other companies will be able to roll in FISA numbers along with the other requests it receives. Without knowing the specific breakdown of those numbers — which the government presumably still won't let the companies provide — determining just how many came from the NSA is virtually impossible.