Yahoo discloses user data requests from US law enforcement
By John Ribeiro
Yahoo has received between 12,000 to 13,000 requests for user data from law enforcement agencies in the U.S. between Dec. 1 and May 31 this year, the company said Monday.
The most common of these requests concerned fraud, homicides, kidnappings, and other criminal investigations, Yahoo CEO Marissa Mayer and General Counsel Ron Bell wrote in a blog post.
The company did not disclose how many of the requests for customer data were under the Foreign Intelligence Surveillance Act (FISA), which has been at the center of a controversy after reports surfaced that the government was collecting data from a large number of users under the Act, including call metadata from telephone customers of Verizon.
“Like all companies, Yahoo! cannot lawfully break out FISA request numbers at this time because those numbers are classified; however, we strongly urge the federal government to reconsider its stance on this issue,” the executives wrote.
Companies seek greater transparency
The Internet company joins other companies like Apple, Facebook and Microsoft that disclosed similar numbers over the weekend in a bid to convey greater transparency to their users, after reports in the Guardian and the Washington Post alleged that the U.S. National Security Agency has real-time access to content on the servers of Google, Facebook and other Internet companies as part of a surveillance program called Prism. The companies have denied their participation.
Following widespread criticism of the U.S. government’s surveillance programs and the role of the Internet companies, Facebook, Google, Twitter and Microsoft last week called for greater transparency in disclosure of data on government requests for customer information.
In a letter to U.S. Attorney General Eric Holder and director of the Federal Bureau of Investigation, Robert Mueller, Google’s Chief Legal Officer David Drummond, for example, asked that the company should be allowed to publish in its Transparency Report aggregate numbers of national security requests, including disclosures under FISA, in terms of both the numbers received and their scope. Government restrictions on disclosure of the information has fueled speculation “that our compliance with these requests gives the U.S. government unfettered access to our users’ data,” Drummond added.
After obtaining limited permission from U.S. authorities, Facebook and Microsoft released data on requests from the government, but both didn’t say how many were related to national security.
Facebook said it had received between 9,000 and 10,000 requests from all government entities in the U.S. including local authorities for the six months ending Dec. 31. The company, after discussions with security authorities, is allowed to include in a transparency report as part of an aggregate number and as a range all national security-related requests including FISA as well as National Security Letters, which was prohibited earlier. Microsoft said it had got between 6,000 and 7,000 requests affecting 31,000 to 32,000 consumer accounts for the same period.
Apple said that from Dec. 1 to May 31, it received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters, it said.
Yahoo said Monday it plans to issue later this summer its first global law enforcement transparency report, which will cover the first half of the year. Other companies like Google already provide such updates, though Facebook’s General Counsel Ted Ullyot said in a post last week that the company had not issued a transparency report in the past, as it would be incomplete and misleading because of the government restrictions on disclosure.
Orders by the Foreign Intelligence Surveillance Court often come with a “gag order” that prevents those receiving the order to publicly discuss it. The order from the court that authorized the U.S. National Security Agency to collect telephony metadata from customers of Verizon in the U.S. also came with a gag order.