Online Services' Transparency Reports Still Fall Short on Data Demands

Companies such as Facebook and Yahoo are rushing to release online transparency reports, but they continue to lack details on national security requests.

On Sept. 9, Yahoo became the latest online-services company to release a report on the number of times that governments requested information on the company's users, following Facebook's release of its own transparency report in August.

The report shows that Yahoo fielded 12,444 requests from the U.S. government in the first half of 2013, releasing information on more than 40,000 user accounts. While the online posting gives important statistics on how often government requests resulted in the handoff of information—the U.S. government received data in 92 percent of its requests to Yahoo—it and other Internet firms' reports do not break out the number of demands citing national security as the purpose of the request.

Like its rivals, Yahoo has stressed that it does not allow the government direct access to its users' data and closely scrutinizes any request.

"Our legal department demands that government data requests be made through lawful means and for lawful purposes," the company said in its statement accompanying the report. "We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful."

By publishing the report, Yahoo joined Facebook, Google, LinkedIn, Microsoft, Twitter and other Internet companies that have released transparency reports. Yet the companies are not allowed to detail the number of requests made by U.S. government agencies under anti-terrorism statutes or Foreign Intelligence Surveillance Act (FISA).

The lack of such data limits the usability of the information, said Nate Cardozo, staff attorney with the Electronic Frontier Foundation, a digital-rights advocacy group.

"Right now, they are not allowed to break down the types of national security requests—that's absurd," he said. "The government needs to change its tune and allow providers to say this is a USA PATRIOT Act request or a FISA request."

Along with civil rights organizations, the companies have called for the Obama administration to allow them to publish the number of requests made by agencies and under what authority the government requested the data.

The United States is the largest requestor of data from the various companies by a wide margin. The U.S. government sent more than 900 requests to Twitter and more than 8,400 requests to Google. Second place for the most requests was Japan, with 87 requests to Twitter, and India, with more than 2,400 requests to Google. Germany sent the second-highest number of requests to Yahoo, asking for information in almost 4,300 cases.

The number of requests by government agencies to Internet service providers has increased quickly over the past five years. Google, which has kept the best historical records of requests, has seen an almost two-thirds increase in requests since 2009. Documents leaked by former National Security Agency contractor Edward Snowden detailed a program, called PRISM, which expedites requests on the part of intelligence agencies to service providers.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...