EFF has joined a broad coalition of technology companies and other civil liberties groups in demanding that online services be allowed to report for the first time complete information about the government’s requests for user data. In a letter addressed to President Barack Obama, Congressional leaders, and top intelligence officials, over 50 organizations laid out the need for more transparency around national security requests.
This letter comes after last month's revelations about previously classified National Security Agency datamining programs have shed new light on when the government can issue requests for user data that companies are not allowed to disclose.
In particular, no company has been allowed to reveal to users or in transparency reports complete information about National Security Letters, Section 702 FISA requests, and Section 215 business records requests.
These restrictions present a complication for the conclusions in EFF's annual "Who Has Your Back?" report. While the report still provides a comparison of different online companies' commitments to transparency about their interactions with law enforcement, we now know that these transparency reports paint an incomplete picture.
So to build on the information in "Who Has Your Back?" EFF, along with every one of the companies that received a star for releasing a transparency report—Dropbox, Google, LinkedIn, Microsoft, Sonic.net, Spideroak, and Twitter—calls on the government to lift these restrictions. Service providers should not be prevented from disclosing in transparency reports for each category of request (including NSLs, Section 702 FISA requests, and Section 215 business records requests):
- the number of requests the provider has received
- the number of users or accounts affected by the requests, and
- the number of times the provider contested the request.
These companies also joined Apple, Facebook, Tumblr, and Yahoo!, which were included in "Who Has Your Back?" but have not previously published transparency reports, as signatories to the letter.
The letter also goes further, requesting that Congress pass legislation to clarify companies' rights to publish comprehensive transparency reports, and that the government must publish its own reports about its use of its national security authority. From the letter:
Basic information about how the government uses its various law enforcement–related investigative authorities has been published for years without any apparent disruption to criminal investigations. We seek permission for the same information to be made available regarding the government’s national security-related authorities.
This information about how and how often the government is using these legal authorities is important to the American people, who are entitled to have an informed public debate about the appropriateness of those authorities and their use, and to international users of US-based service providers who are concerned about the privacy and security of their communications.
The many benefits of transparency reports are clear. It is through these reports that the public is able learn about the scope and scale of government access to our personal data. This transparency is what allows us to collectively make informed decisions about when and whether these requests are appropriate.
It's important, then, to have robust and accurate information to work from. That begins with removing the government’s unnecessary restrictions on accurate company reporting.