Both Facebook and Microsoft said late Friday that they had been given permission from the U.S. government to disclose how many times the two companies had been asked to turn over user information to the Feds as part of a national security order.
However, the data comes with so many caveats that little information can be gleaned from it. For their part, Google and Twitter opted out of similar disclosures, precisely for those reasons.
For the six months ended December 31, 2012, Microsoft received between 6000 and 7000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities, the company said in a blog post. For its part, Facebook said that it had received 9,000 requests of the same nature during the same period.
Both Facebook and Microsoft have been named in reports by the Guardian and The Washington Post alleging that many of the Web's top companies have actively participated in a program, dubbed Prism, that supplied information on Web searches, emails, and other user communications whenever the government requested. AOL, Facebook, Microsoft, Google, and the other companies named in the report denied the allegations, with both Facebook and Google doing so vociferously. Edward Snowden, a former employee of the National Security Agency, later outed himself as the source of the information.
Director of National Intelligence James R. Clapper then claimed that the Prism program would only collect information under court order, with an eye toward gathering foreign intelligence under the Foreign Intelligence Surveillance Act, or FISA.
In response, Facebook and Microsoft asked the government to disclose national security requests in its existing disclosures of data.
"For the first time, we are permitted to include the total volume of national security orders, which may include FISA orders, in this reporting," Microsoft said Friday evening. "We are still not permitted to confirm whether we have received any FISA orders, but if we were to have received any they would now be included in our aggregate volumes."
Microsoft and Facebook both said that they operated under a number of constraints imposed upon them by the federal government: Both were permitted to report FISA orders, but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies for a six-month period. Both companies were also asked to report their requests as a range of numbers. Microsoft, which has several Web services that could be subject to FISA and other requests, was also required to report all of the requests it received for all of its services, in aggregate.
If all that sounds so vague to be almost useless, well, Google felt the same way. Google told the Verge:
"We have always believed that it's important to differentiate between different types of government requests," Google said. "We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately."
We agree with @Google: It's important to be able to publish numbers of national security requests—including FISA disclosures—separately.— Benjamin Lee (@BenL) June 15, 2013
Both Microsoft and Facebook said that the requests were miniscule, compared to their user base, with Facebook claiming that it represented less than a tiny fraction of one percent of their user accounts.
"We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive," Facebook said.