Google Transparency Report Highlights Just How Much We Don't Know About National Security Letters
In an unprecedented win for transparency, yesterday Google began publishing generalized information about the number of
To donate by check, phone, or other method, see our More Ways to Give page.
In an unprecedented win for transparency, yesterday Google began publishing generalized information about the number of
Google has led the way among large companies in providing transparency with respect to legal and law enforcement requests with its transparency report, but until now, it has always left NSL requests out of its tally of requests for user data, in part, presumably, due to concerns about the accompanying gag order. By including this data, even in a generalized way that only tells us that Google received somewhere between 0 and 999 NSLs in 2012, Google has helped to at least shed some limited light on the ways in which the US government uses these secretive demands for data about users.
By law, NSLs can only be used to obtain information "relevant" to certain national security investigations and only then to obtain transactional user data--subscriber data and information such as which user account is communicating with whom--rather than user-generated content such as emails. However, the NSL process suffers from an inherent lack of checks that would curb abuse, such as any kind of meaningful judicial review. The FBI's abuse of this power has been documented both by a series of Congressionally-mandated Department of Justice investigations and in documents obtained by EFF through a Freedom of Information Act request. Yet there are only a handful of lawsuits (including EFF's) challenging the FBI's underlying authority to issue such information demands, despite the hundreds of thousands of NSLs that have been issued over the past decade.
While we continue to be in the dark about the full extent of how the law is being applied, this new data allays fears that NSLs are being used for sweeping access to large numbers of user accounts--at Google, at least. Indeed, though the numbers are rounded to the nearest thousand, there were under a thousand NSLs issued every year from 2009 to 2012, and the total number of user accounts targeted by the requests never exceeded 3,000 users per year, according to Google.
Serious concerns and questions remain about the use of NSLs. For one, this report only gives us a bit of insight into the scope of NSLs for Google, and we strongly believe that other companies should follow Google's lead where possible in order to give us a more complete picture. Second, the company has not released granular information about the nature of the data being requested, although Google assures us in the expanded FAQ that despite evidence of abuse--for an example, see page 66 of this report--the FBI "can't use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses."
Google's addition of NSLs to its transparency report is a big step forward for users who are unsure about what happens with their data. As the company stated in its announcement, "[o]ur users trust Google with a lot of very important data, whether it's emails, photos, documents, posts or videos." We are very glad to see Google working hard to maintain and build that trust, and hope that other companies follow suit.
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Google has led the way among large companies in providing transparency with respect to legal and law enforcement requests with its transparency report, but until now, it has always left NSL requests out of its tally of requests for user data, in part, presumably, due to concerns about the accompanying gag order. By including this data, even in a generalized way that only tells us that Google received somewhere between 0 and 999 NSLs in 2012, Google has helped to at least shed some limited light on the ways in which the US government uses these secretive demands for data about users.
By law, NSLs can only be used to obtain information "relevant" to certain national security investigations and only then to obtain transactional user data--subscriber data and information such as which user account is communicating with whom--rather than user-generated content such as emails. However, the NSL process suffers from an inherent lack of checks that would curb abuse, such as any kind of meaningful judicial review. The FBI's abuse of this power has been documented both by a series of Congressionally-mandated Department of Justice investigations and in documents obtained by EFF through a Freedom of Information Act request. Yet there are only a handful of lawsuits (including EFF's) challenging the FBI's underlying authority to issue such information demands, despite the hundreds of thousands of NSLs that have been issued over the past decade.
While we continue to be in the dark about the full extent of how the law is being applied, this new data allays fears that NSLs are being used for sweeping access to large numbers of user accounts--at Google, at least. Indeed, though the numbers are rounded to the nearest thousand, there were under a thousand NSLs issued every year from 2009 to 2012, and the total number of user accounts targeted by the requests never exceeded 3,000 users per year, according to Google.
Serious concerns and questions remain about the use of NSLs. For one, this report only gives us a bit of insight into the scope of NSLs for Google, and we strongly believe that other companies should follow Google's lead where possible in order to give us a more complete picture. Second, the company has not released granular information about the nature of the data being requested, although Google assures us in the expanded FAQ that despite evidence of abuse--for an example, see page 66 of this report--the FBI "can't use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses."
Google's addition of NSLs to its transparency report is a big step forward for users who are unsure about what happens with their data. As the company stated in its announcement, "[o]ur users trust Google with a lot of very important data, whether it's emails, photos, documents, posts or videos." We are very glad to see Google working hard to maintain and build that trust, and hope that other companies follow suit.
Google has led the way among large companies in providing transparency with respect to legal and law enforcement requests with its transparency report, but until now, it has always left NSL requests out of its tally of requests for user data, in part, presumably, due to concerns about the accompanying gag order. By including this data, even in a generalized way that only tells us that Google received somewhere between 0 and 999 NSLs in 2012, Google has helped to at least shed some limited light on the ways in which the US government uses these secretive demands for data about users.
By law, NSLs can only be used to obtain information "relevant" to certain national security investigations and only then to obtain transactional user data--subscriber data and information such as which user account is communicating with whom--rather than user-generated content such as emails. However, the NSL process suffers from an inherent lack of checks that would curb abuse, such as any kind of meaningful judicial review. The FBI's abuse of this power has been documented both by a series of Congressionally-mandated Department of Justice investigations and in documents obtained by EFF through a Freedom of Information Act request. Yet there are only a handful of lawsuits (including EFF's) challenging the FBI's underlying authority to issue such information demands, despite the hundreds of thousands of NSLs that have been issued over the past decade.
While we continue to be in the dark about the full extent of how the law is being applied, this new data allays fears that NSLs are being used for sweeping access to large numbers of user accounts--at Google, at least. Indeed, though the numbers are rounded to the nearest thousand, there were under a thousand NSLs issued every year from 2009 to 2012, and the total number of user accounts targeted by the requests never exceeded 3,000 users per year, according to Google.
Serious concerns and questions remain about the use of NSLs. For one, this report only gives us a bit of insight into the scope of NSLs for Google, and we strongly believe that other companies should follow Google's lead where possible in order to give us a more complete picture. Second, the company has not released granular information about the nature of the data being requested, although Google assures us in the expanded FAQ that despite evidence of abuse--for an example, see page 66 of this report--the FBI "can't use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses."
Google's addition of NSLs to its transparency report is a big step forward for users who are unsure about what happens with their data. As the company stated in its announcement, "[o]ur users trust Google with a lot of very important data, whether it's emails, photos, documents, posts or videos." We are very glad to see Google working hard to maintain and build that trust, and hope that other companies follow suit.