recommended reading

Internet Giants, Amid Grumbling, Release New Data on Government Spying

The campus-network room at a data center in Council Bluffs, Iowa.

The campus-network room at a data center in Council Bluffs, Iowa. // Google/AP File Photo

Several Internet behemoths released updated data Monday detailing in broad terms the amount of national security requests for user data they have received from the government, part of transparency reports recently permitted by the Obama administration.

The reports—from Google, Microsoft, Facebook, LinkedIn, and Yahoo—provide information on the number of government requests for user data, the amount of users affected by those requests, and the percentage of requests that yielded a response. Their disclosures join a similar one published last week by Apple.

But the data, detailing an aggregate sweep of six-month intervals, is only allowed to be listed in "bands of 1,000," per government instructions. For example, in detailing its most recent report covering January to June 2013, Microsoft explains that it received fewer than 1,000 orders "seeking disclosure of customer content" and that those orders "related to between 15,000 and 15,999" accounts.

In disclosing the records detailing government-data requests, the tech giants opined that they need to disclose more specific data in order to fully calm the rising tide of privacy and civil-liberty concerns users have expressed in the wake of the Edward Snowden leaks.

"Publishing these numbers is a step in the right direction, and speaks to the principles for reform that we announced with other companies last December," Google said in a blog post. "But we still believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest."

Google called on Congress to adopt stronger transparency measures and said it wants to be able to disclose "precise numbers and types of requests we receive, as well as the number of users they affect in a timely way."

Microsoft's Brad Smith, executive vice president of legal and corporate affairs, was even harsher in his blog post:

"[N]othing in today's report minimizes the significance of efforts by governments to obtain customer information outside legal process. Since the Washington Post reported in October about the purported hacking of cables running between data centers of some of our competitors, this has been and remains a major concern across the tech sector.... However, despite the President's reform efforts and our ability to publish more information, there has not yet been any public commitment by either the U.S. or other governments to renounce the attempted hacking of Internet companies. We believe the Constitution requires that our government seek information from American companies within the rule of law."

The Obama administration announced last week that it would allow Internet companies to disclose government data requests for consumer information, a policy change resulting from negotiations between tech companies—including Microsoft and Google—that had filed lawsuits arguing for more leeway in sharing with users information about government surveillance approved via the Foreign Intelligence Surveillance Court.

The announcement was widely praised as a necessary step forward by privacy advocates, though many, including several members of Congress, quickly cautioned that more needed to be done. Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., said that "further changes still must be enacted into law by Congress."

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.