In a pair of blog posts overnight, Facebook and Microsoft released new numbers that shed additional light on the volume of requests that they get from government officials — including national security requests.
The carefully worded disclosures follow efforts by big tech companies to persuade federal officials to let them disclose more information publicly, to address public concern about privacy following reports that the NSA collects large amounts of data from them.
The Facebook post is available here, and reads in part …
We’ve reiterated in recent days that we scrutinize every government data request that we receive – whether from state, local, federal, or foreign governments. We’ve also made clear that we aggressively protect our users’ data when confronted with such requests: we frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law. …
For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months. We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.
And here’s an excerpt from Microsoft’s post.
Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal). This only impacts a tiny fraction of Microsoft’s global customer base. …
We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.
We appreciate the effort by U.S. government today to allow us to report more information. We understand they have to weigh carefully the impacts on national security of allowing more disclosures. With more time, we hope they will take further steps. Transparency alone may not be enough to restore public confidence, but it’s a great place to start.
Both companies are still limited to wrapping the national security numbers into the broader data, and only reporting the data in bands of thousands. “We are still not permitted to confirm whether we have received any FISA orders, but if we were to have received any they would now be included in our aggregate volumes,” writes Microsoft, noting that it hopes the government allows the company to go further in the future.