NSA snooping: Google seeks OK to reveal more -- as do Yahoo, Facebook

Michael Auslen | USA TODAY

Google's request Tuesday to disclose details about U.S. government demands for user data is being heralded by online privacy activists as just the first step in improving transparency, but national security experts say it would have to clear a number of steep hurdles before being approved.

The company's letter to Attorney General Eric Holder and FBI Director Robert Mueller requests permission to publish aggregate numbers of national security requests, including those made under the Foreign Intelligence Surveillance Act. Federal law prohibits FISA request recipients to disclose any information about them.

"Google is the first to be able to negotiate with the DOJ about how many national security letters they receive," said Kevin Bankston, Center for Democracy and Technology senior counsel and director of the organization's Free Expression Project. "We hope and expect that Google will not be the only company pressing for this."

On Tuesday, Yahoo and Facebook followed Google in urging government transparency, with separate statements.

Google's letter comes in the wake of reports surrounding confidential documents leaked by a government contractor last week, which revealed the National Security Agency has tapped computers at Google and other major Internet companies in search of information about foreigners living outside the U.S.

The number of requests with which Google has complied "falls far short of the claims being made," Chief Legal Officer David Drummond wrote in the letter.

Google's request faces tough odds.

"To my knowledge, there would not be precedent for the director of national intelligence to declassify operational details of that nature" in response to leaked disclosures of a secret program, says Carrie Cordero, Director of National Security Studies at Georgetown University Law Center.

The decision to grant Google's declassification request ultimately would rest with the director of national intelligence, who is the only person other than the president with that authority, says Cordero, a former top adviser on FISA issues at the Justice Department. The chief concern would be the disclosure of specifics on classified intelligence operations, which would be overseen by a secret FISA court.

The FISA Court of Review, which serves as an appellate body on FISA court rulings, has declassified portions of two previous decisions, Cordero says, but those releases "were significant interpretations of the law (and) that's a very high standard."

"For the court and the intelligence community and the director of national intelligence to make a decision to declassify additional information, there would have to be a significant public interest," she adds. "They'll have to make a judgment call as to whether this information meets that standard."

Details about FISA requests would become part of Google's transparency reports, semiannual summaries of data requests from governments around the world. They include details about subpoenas and search warrants, as well as vague breakdowns of the quantity of national security letters received by the company and the number of users affected.

Marc Rotenberg, president of the Electronic Privacy Information Center, said this disclosure would go partway to fostering more transparency online.

"It takes two elements," Rotenberg said. "One is Google being able to say more about how the Department of Justice requests information, and the other is Google itself saying more about the type of information it's disclosing."

Rotenberg said full disclosure from Google would include the breadth of information being provided to the government, which could include data about Gmail, YouTube, search habits and usage of the myriad other services the company owns.

"It's very important for the public and Congress to understand exactly what it is that Google is collecting and handing over to the government," he said.

Google provides on its website some details about the kinds of information that could be handed over to the government as part of various investigations. For example, a subpoena could ask for user registration information such as name, e-mail address and phone number.

Google does not publish specifically what user data has been provided to the federal government in transparency reports.

"We take the point, and we're always looking to improve our transparency reports," Google spokesman Chris Gaither said.

Although information released by Google could be vague, it would still be an unprecedented disclosure of national security information, and some online privacy experts see it as an important first step.

"Presumably it would look like their statistics on national security requests," Eva Galperin, global policy analyst with the Electronic Frontier Foundation, said. "Aggregate information is better than no information at all."

Following Google's request, several other tech companies quickly followed suit, urging the government to allow greater transparency.

"We recognize the importance of privacy and security, and we also believe that transparency around the number of FISA requests will help build public trust," Yahoo said in a statement.

In a statement posted on the company's website, Facebook general counsel Ted Ullyot said the company has refrained from releasing reports in the past that could mislead users because of the disclosure restrictions.

"We would welcome the opportunity to provide a transparency report that allows us to share with those who use Facebook around the world a complete picture of the government requests we receive, and how we respond," Ullyot's statement said. "We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive, and look forward to publishing a report that includes that information."

A Microsoft statement said: "Permitting greater transparency on the aggregate volume and scope of national security requests, including FISA orders, would help the community understand and debate these important issues.

"Our recent Report went as far as we legally could and the government should take action to allow companies to provide additional transparency."

Rotenberg said he hopes the recent outcry about online and telecommunications privacy will lead to greater public interest for insight into the massive amounts of data Google owns.

While the Electronic Privacy Information Center is advocating for Google to request permission to release more specific information about FISA requests, Bankston and the Center for Democracy and Technology have called for more sweeping permissions to publish these details.

"Even better than DOJ granting permission would be Congress changing the law to give clear permission to these companies to be able to report basic information about the scope of the government's access to user information," Bankston said.

He said it's important that national security-related requests for information are more transparent so users regain trust in American computing companies.

"Many across the world are not wanting to entrust their data to an American cloud that they think, and we have seen, is being accessed by government," Bankston said. "This would not endanger national security but would enable a public debate about online privacy."

Contributing: Peter Eisler, Lauren Kirkwood and wire reports