When news of the National Security Agency's online surveillance program Prism broke last week, big tech companies reported to be involved, including Facebook, Google, and Microsoft, were quick to publish carefully worded denials. Those denials, however, left some wiggle room, and it now seems that there was some form of cooperation: Over the weekend, The New York Times reported that company insiders admitted that although they did not provide direct access to their servers, they did "comply with individual court orders, including under FISA [the Foreign Intelligence Surveillance Act]."
Several of those denials also contained interesting calls for greater transparency. Google, for example, responded that "this episode confirms what we have long believed—there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive," and declared that "the level of secrecy around the current legal procedures undermines the freedoms we all cherish."
In retrospect, this passage is rather telling, because it now looks as if one of the reasons for the swift denials was that the companies were legally prohibited from discussing the content of FISA requests, or even acknowledging their existence.
Google has now openly confirmed that it received and complied with FISA requests, and along with Microsoft and Facebook, has called for the government to allow greater disclosure of the requests it receives and complies with. Via The New York Times:
Google, Facebook and Microsoft on Tuesday asked the government for permission to reveal details about the classified requests they receive for the personal information of foreign users.
They made the request after revelations about the National Security Agency's secret Internet surveillance program, known as Prism, for collecting data from technology companies like e-mail messages, photos, stored documents, videos and online chats. The collection is legally authorized by the Foreign Intelligence Surveillance Act, which forbids companies from acknowledging the existence of requests or revealing any details about them.
Google for the first time publicly acknowledged it had received FISA requests and said it had complied with far fewer of the requests than it received. Facebook and Microsoft did not go as far as discussing requests they had received but, like Google, said they wanted to be able to publish information on the volume and scope of the government requests.
Here's an example of how limited Google is right now in terms of what it can reveal:
Google has said it scrutinizes each government request and narrows the scope if it is overly broad. In 2010, it became the first major tech company to publish a transparency report detailing certain government requests for user information. In March, after long negotiations with law enforcement, it added national security letters, which the F.B.I. uses to ask for information and which companies are generally not permitted to disclose. Still, Google was allowed to report only that it received zero to 999 such letters.
Just like the restrictions that legislators face on revealing even the most basic surveillance program details to the public, the level of secrecy here is effectively designed to make oversight all but impossible. You can't make an informed judgment, or have a meaningful public debate, about what the government's doing because the people and organizations who know aren't allowed to tell you.