海角大神

The Obama administration鈥檚 decision to allow Internet companies to report broadly the number of national security requests they receive is a step toward improved public transparency for government surveillance, but less than meets the eye, civil libertarians and legal experts say.

In the wake of revelations last year that popular social media companies had been targeted by the National Security Agency鈥檚 PRISM data collection program, five companies filed legal motions before the Federal Intelligence Surveillance Court (FISC) to release more information about government data requests.

Worried the surveillance would tarnish their brands, Facebook, Google, LinkedIn, Microsoft, and Yahoo argued in legal filings that the step toward transparency was necessary to show customers more specifically the degree of surveillance conducted and to reassure them it was a tiny fraction of the total.

New disclosures that the NSA has also been using data from smartphone apps, such as Angry Birds, to collect information on people, set off a new wave of reassurances to customers. ln a statement on Tuesday, Mikael Hed, CEO of the Finnish software company that developed Angry Birds, quickly reassured fans that Rovio did not "collaborate, collude, or share data with spy agencies anywhere in the world."聽Apple, whose iPhones feature Angry Birds, said it was glad to have the ability to report in more detail on government data requests.

On Monday, the US Justice Department, which had long prohibited any release of how many national security requests had been made, unveiled a plan to permit the companies to release a ballpark number of customers affected by national security letter (NSL) requests and targeted under FISC orders they receive from US intelligence agencies.

鈥淭his action was directed by the President earlier this month in his speech on intelligence reforms,鈥� the Justice Department said in a statement. 鈥淲hile this aggregate data was properly classified until today, the office of the Director of National Intelligence, in consultation with other departments and agencies, has determined that the public interest in disclosing this information now outweighs the national security concerns that required its classification.鈥�

Under the compromise agreement, the Internet companies will be allowed to release more information 鈥� not the specific number of criminal orders requested by government 鈥� only the block outline when it comes to NSLs.

For instance, the companies must round to the nearest thousand the number of secret NSL requests by government investigators, FISC order, and the number of customers targeted or affected in both categories. When it comes to FISC orders, the companies will be permitted to identify the number of requests for personal information about their customers, not just those seeking e-mails.

The companies also may choose a simplified reporting of the number of criminal orders by lumping together the various categories. In that case, the total national security, criminal, and FISC orders can be reported in blocks of 250; and total numbers of customers whose data is targeted also in blocks of 250.

The step was hailed by the companies as a victory for public accountability.

"We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive," said Facebook, Google, Microsoft, and Yahoo in a statement. "We're pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we'll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed."

Experts who have examined the impact on Internet business of such NSA practices 鈥� exposed by top-secret documents leaked to the media by former NSA contractor Edward Snowden 鈥� say the shift is likely to be helpful.聽

鈥淭his is a first step, but a very important one,鈥� writes Chris Boam, an expert on privacy law in Vienna, Va., in an e-mail interview. 鈥淔or the companies that have been impacted by the data orders, it shows that they are both pushing back, defending what they see as the rights of the customer, and now getting some concessions to increase transparency.... I think that is very helpful for the brand and business of these firms.鈥�

Some civil libertarians hailed the step as well.

鈥淭his is a victory for transparency and a critical step toward reining in excessive government surveillance,鈥� said Alex Abdo, staff attorney with the American Civil Liberties Union鈥檚 National Security Project, in a statement. 鈥淐ompanies must be allowed to report basic information about what they鈥檙e giving the government so that Americans can decide for themselves whether the NSA's spying has gone too far."

But others were less impressed by the compromise, saying it was more about government and corporate face-saving than it was providing the public with truly useful gauges that enable them to understand the extent of government surveillance of social media.

鈥淚 have a concern that some of this new reporting could be very misleading,鈥� says Elizabeth Goitein, co-director the Brennan Center鈥檚 Liberty and National Security Program at the New York University School of Law, in a phone interview.

For instance, the new plan allows companies to report broadly the number of customers 鈥渁ffected鈥� by NSL requests, while the number of FISC orders that may be reported are only 鈥渃ustomers targeted,鈥� she says.

鈥淚n situations where companies report the number of customers targeted under a FISC order, it is likely to vastly understate the number of customers who may be affected,鈥� Ms. Goitein says. 鈥淐onsider someone sitting in Europe who becomes a target. The government says to a company: 鈥業 want all e-mails that refer to this individual or any e-mails to or from this individual or about this individual.鈥� Well guess what, the number of customers whose communications are swept up in this hunt is a lot more than one, but it will still be reported as one.鈥�

Conversely, the use of the word 鈥渁ffected鈥� for NSL requests might end up 鈥渂eing more revealing,鈥� she admits. 鈥淣o one鈥檚 lying here. But the government is being very careful how it uses the word 鈥渢argeted鈥� when comes to FISC orders. One customer targeted could mean hundreds or thousands affected.鈥�

Stephen Vladeck, a legal expert on national security law at American University, called the move 鈥渁 big symbolic step,鈥� but with key caveats.

鈥淚t鈥檚 only going to give us a sense of the overall state of play,鈥� he writes in an e-mail interview. 鈥淲hile it鈥檚 helpful to know how often these orders are being received by the individual firms, it鈥檚 going to be incredibly difficult to undertake any real assessment of the forest without at least some sense of the individual trees.鈥�

The White House move also fell short of mollifying many in Congress.

鈥淚t鈥檚 just common sense that the government should give the American people a good idea of how many of them have had their information collected,鈥� said Sen. Al Franken (D) of Minnesota in a statement reported by The Washington Post. 鈥淭he Obama Administration still has made no progress on that front.鈥�

The government says the numerical obfuscation is necessary to prevent adversaries from discerning the pulse and direction of federal investigations. But the companies must go even further and delay release of national security order numbers by six months. The companies also must refrain for two years from revealing whether government is tapping into new communications technologies the companies may develop.

All of which leaves some expert circumspect about what will really be known by the release of these numbers.

鈥淲e鈥檒l have a better sense of how often the government is relying upon these authorities,鈥� Mr. Vladeck says, 鈥渂ut not whether such reliance is consistent with the underlying statutory authorities and/or the Constitution in all or even most cases.鈥�