Facebook and Microsoft said they had received thousands of warrants for data from government entities in the US during the second half of 2012, but added the US government did not permit them to provide specific figures.
Instead, the government allowed the companies to release only broad numbers with no breakdowns. During the last six months of 2012, Facebook said it had received as many as 10,000 requests from local, state and federal agencies, which impacted as many as 19,000 accounts. Microsoft said that it received between 6,000 and 7,000 similar requests, affecting as many as 32,000 accounts.
The companies said some of the requests were for terrorist investigations. But others were from a local sheriff asking for data to locate a missing child or from federal marshals tracking fugitives. From these statements, it was impossible to ascertain the scale of requests made by the US National Security Agency under the Foreign Intelligence Surveillance Act (FISA).
The companies said they had been pressing the US government for permission to talk more openly about the data requests since Edward Snowden, a computer technician who did work for the NSA, disclosed that the agency was collecting data under a US government programme named Prism.
Facebook and other tech companies have vigorously denied giving the government direct access to their servers. But they said they complied with law-enforcement requests approved by a court. The companies, seeking to reassure users that authorities did not have unfettered access to personal details, said the numbers were a "tiny fraction" of their user bases.
Ted Ullyot, Facebook's general counsel, said they were only allowed to talk about total numbers and must give no specifics. But he said the permission it had received was still unprecedented, and the company was lobbying to reveal more.
Google did not release its own numbers, saying it was waiting to be able to reveal more specific and meaningful information.
Google asked the FBI and US Justice Department last week for permission to release numbers related to its handing over of data for the leaked surveillance programs, saying it has "nothing to hide." The company's "transparency report" on government requests does not include national security requests under FISA.
A person familiar with Facebook said that it at least partially complied with US legal requests 79 per cent of the time, and that it usually turned over just the user's e-mail address and internet protocol address and name, rather than the content of the person's postings or messages.
It is believed that FISA requests typically seek much more information. But it remains unclear how broad the FISA orders might be.
Several companies have said they had never been asked to turn over everything from an entire country, for example. However, the intelligence agencies could ask for all correspondence by an account holder, or even all correspondence from the users' contacts.
Among the other remaining questions are the nature of court-approved "minimisation" procedures designed to limit use of information about US residents. The NSA is prohibited from specifically targeting them.
In addition, some legal experts say that recent US laws allow for intelligence-gathering simply for the pursuit of foreign policy objectives, not just in hunting terrorists and spies.
The Washington Post, Bloomberg, Reuters
What They Say
We frequently reject such requests outright, or require the government to substantially scale down its requests … And we respond only as required by law
We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues
Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately