Ever since it came out that government agencies were relying on data from Internet companies to track people, the debate over privacy has been raging. Monday, the government announced new rules.
Matt Apuzzo and Nicole Perlroth had these details in the New York Times:
The Obama administration says it will allow Internet companies to give customers a better idea of how often the government demands their information, but will not allow companies to disclose what is being collected or how much.
The new rules — which have prompted Google, Microsoft, Yahoo and Facebook to drop their respective lawsuits before the nation’s secret surveillance court — also contain a provision that bars start-ups from revealing information about government requests for two years.
Attorney General Eric H. Holder Jr. and James R. Clapper, director of national intelligence, said the new declassification rules were prompted by President Obama’s speech on intelligence reform earlier this month.
“Permitting disclosure of this aggregate data addresses an important area of concern to communications providers and the public,” Mr. Holder and Mr. Clapper said in a joint statement.
The Wall Street Journal story by Devlin Barrett and Danny Yadron pointed out that the revelations came after Edward Snowden disclosed the government’s requests:
The agreement represents another concrete consequence of the revelations about government spying by former National Security Agency contractor Edward Snowden. Earlier this month, President Barack Obama said the U.S. would stop storing huge amounts of phone-call data in NSA computers, though where that data would be stored has yet to be decided.
Monday’s agreement also suggests the Obama administration would rather reach compromises on such disclosures than wait to see whether courts or Congress order more far-reaching transparency measures.
The pact on disclosures focuses specifically on the government’s scrutiny of Internet traffic, and doesn’t apply to the phone-records program that also has been the subject of intense debate since Mr. Snowden’s revelations. It aims to strike a balance between the companies’ desires to say more about government searches and the government’s interest in not having the details of such requests revealed in a way that would tip off targets of investigations.
Among the biggest changes under the agreement: For the first time, companies can disclose how many court orders they receive from the Foreign Intelligence Surveillance Court, a specialized tribunal for national-security matters whose decisions typically are secret.
PCWorld’s Jeremy Kirk outlined the two options companies have for reporting data under the new rules:
Companies now have two options for publicly reporting data. Under the first option, statistics on Foreign Intelligence Surveillance Act (FISA) orders and National Security Letters (NSLs) can be published every six months.
For FISA requests, there must be a six-month delay between the publication date and the period covered in the report. Information about NSLs, including the number of customer accounts affected by NSLs, can be reported within ranges of 1,000, starting with 0-999. The same rule applies to FISA orders and the customer selectors, or search terms, targeted in them. There are no restrictions on reporting on criminal process inquiries.
If a company develops a new service, the government can use a “New Capability Order” exception to force the company to delay its reporting of orders for two years.
The second option lets companies report the total number of national security requests they received, including NSLs and FISA orders, within ranges of 250. That limit also applies to the total number of customer selectors targeted in FISA orders and NSLs, the letter said.
The Associated Press story by Jesse J. Holland offered this criticism of the new rules from companies and lawmakers:
“Permitting disclosure of this aggregate data addresses an important area of concern to communications providers and the public,” Attorney General Eric Holder and Director of National Intelligence James Clapper said in a joint statement.
The five companies welcomed the deal, but said more needs to be done. “We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive,” the companies said in a joint statement. “While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.”
Apple also released a statement. “We believe strongly that our customers have the right to understand how their personal information is being handled, and we are pleased the government has developed new rules that allow us to more accurately report law enforcement orders and national security orders in the U.S.,” the company said on its website.
Sen. Ron Wyden called it a “positive first step.” ”Though there is still a great deal of work to do, today’s announcement is good for American companies and the Americans they employ and serve,” he said.
As Wyden said, it’s a good start, but there are many more issues about the intersection of government security and personal privacy that will need to be sorted out. The debate started by Edward Snowden will continue, especially as Internet companies collect more and more personal information.