Google took an unprecedented and fantastic step towards greater transparency earlier this week by releasing data about National Security Letters that it receives, but there is another class of government orders for user data that we are still totally in the dark about: Foreign Intelligence Surveillance Act (FISA) court orders. More transparency – even in broad brush strokes – related to how FISA orders are used to access user data would be extremely helpful for users concerned about government access and the opaque FISA process.
Congress passed FISA in 1978 to create a legal framework for conducting surveillance during foreign intelligence investigations. Prior to the passage of this law, there was some ambiguity about the role of the courts and Congress in regulating the Executive's conduct in national security investigations. But FISA changed that: it created a procedure and a specialized court, the so-called FISA court, to oversee national security surveillance and to serve as a check on the government's surveillance powers.
Unlike most American courts, the FISA court is a secret court, so its proceedings are done behind closed doors and any orders it issues come accompanied with a gag order (meaning that people and companies who receive an order can't tell anyone about it). There are open questions about how the government is interpreting and implementing many provisions of FISA, including the recently reauthorized FISA Amendments Act and Section 215 of the PATRIOT Act, the so-called “business records” provision. The specifics remain shrouded in secrecy, but Senators Ron Wyden, Mark Udall, Rand Paul, and Jeff Merkley, among others, have indicated repeatedly that Americans would be “stunned” to find out how the government is interpreting and using these provisions.
Given the secrecy surrounding FISA and the public condemnation of elected officials, it's understandable that the public is concerned about how the law is being interpreted and used as well. Releasing data about FISA court orders, even aggregated data, would help shed light on what is, presumably, the most secretive tool in the federal government's surveillance toolkit. Such a release from Google, for example, could demonstrate (or disprove) that FISA orders do NOT authorize dragnet surveillance of large numbers of Google users at once.
Getting more clarity would be a good thing for Google users and the American public, and we hope that Google finds a way to navigate the legal waters in order to publish aggregated data about the orders it receives through FISA.