Microsoft, Facebook release surveillance info

Facebook and Microsoft have struck agreements with the US government to release limited information about the number of surveillance requests they receive.

The move was a reaction to the fallout from disclosures about the US' secret data-collection program PRISM.

Facebook became the first to release aggregate numbers of requests, saying it received between 9000 and 10,000 US requests for user data in the second half of 2012, covering 18,000 to 19,000 of its users' accounts. Facebook has more than 1.1 billion users worldwide.

The majority of those requests are routine police inquiries, a person familiar with the company said, but under the terms of the deal with Justice Department, Facebook is precluded from saying how many were secret orders issued under the Foreign Intelligence Surveillance Act.

Until now, all information about requests under FISA, including their existence, were deemed secret.

Microsoft said it had received requests of all types for information on about 31,000 consumer accounts in the second half of 2012. In a "transparency report" Microsoft published earlier this year without including national security matters, it said it had received criminal requests involving 24,565 accounts for all of 2012.

If half of those requests came in the second part of the year, the intelligence requests constitute the bulk of government inquiries. Microsoft did not dispute that conclusion.

Google said late yesterday it was negotiating with the government over whether it could only publish a combined figure for all requests. It said that would be "a step back for users," because it already breaks out criminal requests and National Security Letters, another type of intelligence inquiry.

Facebook, Google and Microsoft had all publicly urged the US authorities to allow them to reveal the number and scope of the surveillance requests after documents leaked to the Washington Post and the Guardian suggested they had given the government "direct access" to their computers as part of the National Security Agency (NSA) program.

The disclosures about PRISM, and related revelations about broad-based collection of telephone records, have triggered widespread concern and congressional hearings about the scope and extent of the information-gathering.

The big technology companies in particular have been torn by the need to obey US laws that forbid virtually any discussion of foreign intelligence requests and the need to assuage customers.

"We hope this helps put into perspective the numbers involved and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive," Facebook wrote on its site.

Facebook said it would continue to press to divulge more information.

The person familiar with the company said that it at least partially complied with US legal requests 79 percent of the time, and that it usually turned over just the user's email address and IP address and name, rather than the content of the person's postings or messages.

It is believed that FISA requests typically seek much more information. But it remains unclear how broad the FISA orders might be.

Google, Facebook and Microsoft have already directly contradicted the Guardian and Washington Post reports about "direct access" to their servers.

Contrary to the Guardian and Washington Post initial stories, Microsoft, Facebook and Google said they allowed neither government-controlled equipment on their property nor direct searches without company employees vetting each inquiry.

Google has been the most forthright on the technology issue, saying that it provides information only on request via an old-school data-transfer protocol called FTP and that Google legal staff must approve each request.

Beyond that, it is now clear that many of the companies have objected, at times strenuously, to both individual requests and the broad sweep of the program. It remains unclear how successful they have been.

PRISM reportedly involved nine companies including Microsoft, Facebook and Google, as well as Apple, AOL, PalTalk, YouTube and Skype.

Only one company, Yahoo, is known to have taken the highly unusual step of appealing an order from the Foreign Intelligence Surveillance Court. The company argued in 2008 that the order violated the Fourth Amendment protection against unreasonable searches and seizures.

But US District Judge Bruce Selya, who headed the FISA court's Court of Review, ruled the data collection program did not run afoul of the Bill of Rights.

Twitter, which has positioned itself as a hard-line defender of free speech and customer privacy, is still not participating in PRISM. But people familiar with talks between the tech companies and the government said it will likely be forced to comply.

In Twitter's case, as in that of some other companies, the objections have ostensibly been about the technological difficulty in complying with orders and the format in which the information will be shared, people familiar with the situation say.