Google received fewer than 1,000 requests per year over the past four years from the FBI and other government agencies for information via National Security Letters, according to officials with the search giant.
National Security Letters (NSLs) do not carry the weight of a subpoena, but can be issued by government agencies when investigating matters of national security. The letters can be used to request non-content information, such as phone numbers dialed or addresses emailed. The recipients of the letter are subject to gag orders banning them from revealing the letter's existence.
NSLs have been in use since before the terrorist attacks of Sept. 11, 2001, but their use has increased since that day, according to Google officials. For the first time, Google now is including them in the company's annual Transparency Report, though in a fairly broad way. Rather than giving exact numbers that could violate a rule regarding secrecy surrounding NSLs, the company instead is offering a wide range on the numbers of NSLs that have been sent to Google and the number of users these requests affect.
The information is presented in terms of numerical ranges to address concerns raised by the FBI, the Department of Justice and other agencies that releasing exact numbers could reveal information about investigations, Richard Salgado, Google's law-enforcement and information-security legal director, explained in a blog post.
According to the figures, the NSLs affected between 1,000 and 1,999 user accounts last year. There were between one and 999 actual NSLs issued to Google every year from 2009 to 2012, the company stated. The highest number of user accounts affected by the letter was in 2010, when between 2,000 and 2,999 were specified by the letters.
"Our users trust Google with a lot of very important data, whether it's emails, photos, documents, posts or videos," Salgado blogged. "Of course, people don't always use our services for good, and it's important that law enforcement be able to investigate illegal activity."
According to Salgado, when Google receives these requests, it scrutinizes them carefully and tries to narrow requests that are overly broad. In addition, the company notifies users when appropriate so they can contact the entity requesting the information or consult an attorney. If government agencies are requesting information related to search queries or private content such as Gmail and documents stored in a Google Account, they are required to use a search warrant, he wrote.
Google has been compiling and releasing the Transparency Reports since 2010 to keep the process transparent for users of its services so they can have insights into what is done with the data stored by Google. "We've shared figures like this since 2010 because it's important for people to understand how government actions affect them," wrote Salgado.
For the six-month period ending Dec. 31, 2012, Google received 21,389 government requests for information about 33,634 users, according to its most recent Transparency Report. Sixty-eight percent of the requests Google received from government agencies in the United States were through subpoenas. Twenty-two percent were through Electronic Communications Privacy Act (ECPA) search warrants. The remaining 10 percent were largely court orders issued under the ECPA by judges or other processes.
"When conducting national security investigations, the U.S. Federal Bureau of Investigation can issue a National Security Letter to obtain identifying information about a subscriber from telephone and Internet companies," Salgado blogged. "The FBI has the authority to prohibit companies from talking about these requests. But we've been trying to find a way to provide more information about the NSLs we get—particularly as people have voiced concerns about the increase in their use since 9/11.
"Starting [March 5], we're now including data about NSLs in our Transparency Report," he wrote. "We're thankful to U.S. government officials for working with us to provide greater insight into the use of NSLs."