Photo

SAN FRANCISCO — A small but significant caveat in a new agreement brokered between the Obama administration and Google, Facebook, Yahoo and Microsoft could cast a long shadow over America’s technology start-ups.

Intelligence officials agreed only to allow communication providers to disclose more specific information about data sought by government agents because of a new provision that bars services less than two years old from disclosing such information for a period of two years.

That caveat effectively means that no one will know whether the government is eavesdropping on a new email platform or chat service for two years.

Ladar Levison, the founder of Lavabit, the email service used by Edward Snowden that was the target of a government investigation last year, said the new rules would cast a pall over new technology companies while doing little for the established companies.

“While our courts are allowed to keep ethically dubious court orders secret, it will remain impossible to trust private data to American companies,” Mr. Levison said. “As an American businessman, this reality is terribly upsetting.”

Until now, technology companies were forbidden from acknowledging government requests they received under the Foreign Intelligence Surveillance Act. Now, under the terms of the new agreement, the government will allow companies that are older than two years old to disclose the number of FISA orders they receive in increments of 1,000. They can publish that number in increments of 250, if they lump the number of FISA requests with the number of so-called National Security Letters they receive.

Companies will also be allowed to release the number of customer “selectors” – user names, email addresses or Internet addresses, for instance – that the government sought information about and will be allowed to publish the information every six months, with a six-month delay.

Because of those amended rules, Google, Facebook, Yahoo and Microsoft agreed to dismiss their lawsuits before the Foreign Intelligence Surveillance Court.

But Mr. Levison said the number of FISA requests was less important than the kind of information sought by each request. If a FISA order asks a company to turn over its source code or encryption keys, for example, one order could affect thousands of users.

Photo

“They’re asking companies to do some pretty scary things, well beyond what they would ask for in a normal criminal order and doing it because there is no civilian oversight,” Mr. Levison said. “What we really need is information about the means and methods the government is using to conduct these investigations.”

Other privacy advocates note that though it seems like bigger technology companies are throwing their younger counterparts to the wolves, the belief that there is no legal precedent for Monday’s agreement means start-ups are still free to mount their own legal challenges to disclosure restrictions.

“We were disappointed that the technology companies abandoned their fight in FISC which we believed they were going to win,” said Nate Cardozo, a staff lawyer with the Electronic Frontier Foundation, referring to the Foreign Intelligence Surveillance Court. “The start-ups are still free to raise their own challenges, which, frankly, they would win.”

“The First Amendment goes a lot further than today’s settlement,” Mr. Cardozo added.