Internet firms allowed to disclose details of U.S. data requests

WASHINGTON — After legal action and months of lobbying, Internet and telecommunications companies won permission from the Obama administration Monday to disclose broad details about the data requests they have been secretly complying with under national security orders.

The companies and civil liberties groups praised the new rules, but they still will not allow the companies to reveal exactly what information is collected or even precisely how much is turned over.


In a letter to lawyers for Facebook, Google, LinkedIn, Microsoft and Yahoo, Deputy Atty. Gen. James Cole said the companies can disclose rough approximations of how many customer accounts were targeted under national security orders. The numbers can only be revealed for six-month periods in ranges of 250 or 1,000, and only six months after they were reported to the government.

Until Monday's announcement, the information was classified. The companies have pressed to be able to disclose information about the requests because they believe that it will reassure customers concerned about their privacy. They have said that the number of accounts subject to national security data demands — and the amount of information turned over — is small.

Apple responded quickly to the new rule, disclosing Monday that it had responded to between zero and 249 requests from Jan. 1, 2013, to June 30, 2013, affecting between zero and 249 customer accounts.

"Apple has always believed that our customers have the right to understand how their personal information is being handled," spokeswoman Kristin Huguet said. "We applaud the administration for taking this important step toward greater transparency. Our business does not rely on collecting large amounts of personal data about our customers, which is reflected in the figures we are releasing under the new transparency rules."

Other tech companies, including Microsoft and Google, did not release any numbers, but issued a statement, saying: "We're pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we'll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed."

The companies had filed a motion with the Foreign Intelligence Surveillance Court, which oversees national security orders, arguing they had a 1st Amendment right to release the information. They dropped that motion Monday as part of a deal with the Justice Department.

"This is a victory for transparency and a critical step toward reining in excessive government surveillance," said Alex Abdo, a staff attorney with the American Civil Liberties Union's National Security Project. "Companies must be allowed to report basic information about what they're giving the government so that Americans can decide for themselves whether the NSA's spying has gone too far."

Atty. Gen. Eric H. Holder Jr. and James Clapper, the director of national intelligence, announced the agreement, saying in a joint statement, "Through these new reporting methods, communications providers will be permitted to disclose more information than ever before to their customers."

President Obama had directed Holder and Clapper to come up with a methodology for the disclosures this month during his speech on intelligence reforms.

"The office of the Director of National Intelligence, in consultation with other departments and agencies, has determined that the public interest in disclosing this information now outweighs the national security concerns that required its classification," the statement said.

Tech companies have been under pressure at home and losing customers abroad since Edward Snowden, a former National Security Agency contractor, revealed in June that companies have been turning over customer data to the intelligence agency under various secret programs.

In some cases, FBI agents obtain customer information through national security letters, which are akin to subpoenas except that they cannot be disclosed by the recipient and usually cannot be successfully challenged in court.

That the FBI was making such requests was already known, but Snowden revealed the existence of broad orders from the secret federal court requiring ongoing data transfers to the NSA of customer communications relevant to terrorism or foreign intelligence.

The new rules allow companies to disclose in ranges of 1,000 the number of national security letters they received, the number of customer accounts affected, the number of court orders for content and metadata, and the number of customer "selectors" — usually email addresses — covered in those orders.


Companies can also chose to disclose the number of national security requests and selectors in bands of 250. Apple took this route.

For tech companies that have not previously been subject to such requests, there will be a two-year lag in reporting the information to avoid tipping off targets.

Dilanian reported from Washington and Chang from Los Angeles.