Technology companies will be allowed to reveal more details about government data requests under a tentative agreement with the U.S. Department of Justice.
The deal announced on Monday is in line with efforts by President Barack Obama’s administration to create more transparency about law enforcement and national security orders.
The agreement, which must be approved by the Foreign Intelligence Surveillance Court, enables “communications providers to make public more information than ever before about the orders they have received to provide data to the government,” according to a letter on Monday from the U.S. Office of the Deputy Attorney General.
The letter was sent to Facebook, Google, LinkedIn, Microsoft, and Yahoo, all of which had filed motions with the court asking for permission to publish more information on orders and directives that sought user information. The companies are withdrawing their motions.
In a joint statement, the companies praised the deal, but said “we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.”
The American Civil Liberties Union said “it is commendable that the companies pressed the government for more openness, but even more is needed.”
“Congress should require the government to publish basic information about the full extent of its surveillance, including the significant amount of spying that happens without the tech companies’ involvement,” the ACLU said in a statement.
Under the agreement, the Director of National Intelligence has declassified data disclosed in aggregate, within certain limits. This includes data related to the Foreign Intelligence Surveillance Act, which in some cases couldn’t be disclosed at all in the past.
Companies now have two options for publicly reporting data. Under the first option, statistics on Foreign Intelligence Surveillance Act (FISA) orders and National Security Letters (NSLs) can be published every six months.
For FISA requests, there must be a six-month delay between the publication date and the period covered in the report. Information about NSLs, including the number of customer accounts affected by NSLs, can be reported within ranges of 1,000, starting with 0-999. The same rule applies to FISA orders and the customer selectors, or search terms, targeted in them. There are no restrictions on reporting on criminal process inquiries.
If a company develops a new service, the government can use a “New Capability Order” exception to force the company to delay its reporting of orders for two years.
The second option lets companies report the total number of national security requests they received, including NSLs and FISA orders, within ranges of 250. That limit also applies to the total number of customer selectors targeted in FISA orders and NSLs, the letter said.