Feds Reach Tentative Deal with Major Tech Companies on NSA Data Requests

Transparency can be a strange thing and not all transparency is completely transparent. At least that’s what it looks like when it comes to national security issues, NSA data surveillance, major tech companies, and what we’ve come to know since the Edward Snowden leaks have changed how we view our personal data and privacy in an always connected world.

One of the many issues that immediately surfaced when the Snowden leaks began was the allegation that major tech companies like Microsoft, Apple, Google, Yahoo, LinkedIn, and Facebook were complicit in allowing the NSA to grab data willingly through back doors. Of course those companies denied the existence of such a collaboration, and have been publicly aggressive in demanding that the Federal Government allow greater transparency in how this spying work is done. Lawsuits were filed. Meetings were held with the President. Commissions were appointed. Tech companies faced potentially damaging pressure to their business models from customers and trust in both government and commercial concerns was (and still is) wavering.

Until today these companies were forbidden to disclose much of anything, including whether any cooperation existed beyond the standard boilerplate of “we comply with existing laws.” But today the U.S. Justice Department and the Director of National Intelligence announced a tentative deal that would allow those companies, and others, to at least report aggregate data on the number of requests they receive. There are restrictions on what can be reported and the numbers of requests have to be reported in batches of 250 or 1000 depending on the type of government request.

More specific reporting as to the type of requests can be used if reporting conforms to the 1000 batch model. As an example, if a company received 1200 requests in a reporting period it could report that it received less than 2000 requests during that period. If reporting is in a more general sense (combining different types of national security requests) this can be done in increments of 250. As an example, Apple today immediately posted that it received less than 250 National Security requests in a time period from January 1, 2013 to June 30, 2013.

The new order also includes a two-year buffer for any new company receiving FISA orders or existing companies receiving a new kind of order. The purpose here is to give law enforcement a crucial window to employ new capabilities before they are revealed to the public. The Government document filed with the Foreign Intelligence Surveillance Court can be viewed here.

In the wake of the Snowden leaks that continue to provide new grist for this national security and privacy debate mill, there was an obvious “public interest” concern as the Justice Department says:

This action was directed by the President earlier this month in his speech on intelligence reforms. While this aggregate data was properly classified until today, the office of the Director of National Intelligence, in consultation with other departments and agencies, has determined that the public interest in disclosing this information now outweighs the national security concerns that required its classification.

Today’s letter  from the Attorney General and the Director of National Intelligence acknowledges the existence of the bulk data collection programs we’ve been hearing about and that steps are being taken to make changes as outlined by the President of the United States in a recent speech announcing policy changes. This deal is tentative as it still must be reviewed and approved by a Foreign Intelligence Surveillance Court judge.

The only thing guaranteed is that some will certainly hail this as progress and others will say it is more of the same old same old same old. Concerned business interests may see this as an important step. And indeed the companies involved with the lawsuits have withdrawn them saying:

We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive. We’re pleased the Department of Justice has agreed that we and other providers can disclose this information. While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.

There is an obvious need to strike a balance between security concerns, commercial interests, and individual privacy that increasingly affects those commercial concerns. This move alone will not find that balance though it does demonstrate that work is being done towards that end. Even so, the loss of trust is not an injury easily mended. All parties acknowledge that there is more work to be done.