DOJ Announces New Methods For Reporting National Security Requests

As the NSA metadata collection scandal has developed, a number of technology and communications companies have fought to increase the transparency of the data collection process by publishing reports on how much data government agencies are asking them for. These transparency reports have been limited, however, because most government requests are entwined with a gag order. In a speech two weeks back, President Obama said this would change, and now the Dept. of Justice has announced new, slightly relaxed rules about what information companies can share. According to an email from the U.S. Deputy Attorney General (PDF) to the General Counsel of Google, Facebook, LinkedIn, Microsoft, and Yahoo, the companies can publish: how many Criminal Process requests they received, how many National Security Letters they received, how many accounts were affected by NSLs, how many Foreign Intelligence Surveillance Act orders were received (both for communications content and 'non-content'), and how many customers were targeted by FISA requests. The companies still aren't allowed to give specific numbers, but they can report them in bands of 1,000 — for example, 0-999, 1,000-1,999, etc. Information requests for old services cannot be disclosed for at least six months. The first information requests for a new service cannot be disclosed for two years. The companies also have the option of lumping all the NSL and FISA requests together — if they do that, they can report in bands of 250 instead of 1,000.