MENLO PARK -- For the first time, Facebook late Friday disclosed the number of requests it received for user data from all government entities, and became the first Silicon Valley company to include in that figure the number of ultrasecret national security requests.

In a blog post, Facebook general counsel Ted Ullyot revealed that for the six months ending Dec. 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. -- including local, state, and federal authorities, and including criminal and national security-related requests -- was between 9,000 and 10,000.

These requests, Ullyot wrote, run the gamut -- everything from a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat.

The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9,000 to 10,000 requests was between 18,000 and 19,000 accounts, he noted.

But with more than 1.1 billion monthly active users worldwide, Ullyot added, "this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S., state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months."


Advertisement

Reports surfaced last week that government officials were collecting huge amounts of private Internet and telephone data -- disclosures enabled by leaks from a former National Security Agency contractor. Since then, Ullyot said, Facebook has been in discussions with U.S. national security authorities, urging them to allow more transparency and flexibility around national security-related orders the company is required to comply with.

Google (GOOG) followed up Tuesday by announcing it has asked the FBI and Department of Justice for permission to begin reporting how many data requests the company receives from the government under the Foreign Intelligence Security Act. FISA, the authority used by the government for its secret PRISM program aimed at tracking online activities of some Internet users, requires companies to keep those requests secret.

Facebook on Friday became the first Silicon Valley company to disclose how many requests for user data it has received under the U.S. government’s
Facebook on Friday became the first Silicon Valley company to disclose how many requests for user data it has received under the U.S. government's ultrasecret foreign-intelligence surveillance laws. (Robert Galbraith / Reuters)

"We're pleased that as a result of our discussions, we can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters) -- which until now no company has been permitted to do," Ullyot wrote. As of Friday, he said, the government will only authorize Facebook to communicate about these numbers in aggregate, and as a range.

Ullyot called the initial step "progress," and said the company is continuing to push for even more transparency, "so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds."

Civil liberties groups that have criticized the government's data-gathering efforts say that such disclosures are helpful, but they have also complained that the broad ranges that the companies have reported are too vague and do not provide a full picture of government surveillance.

Until now, Facebook has not disclosed any data about government information requests, saying it was not allowed to provide a complete picture of those requests because of government secrecy rules.

Google has previously disclosed certain types of requests, including so-called "National Security Letters" issued under the Patriot Act, but it has not been allowed to say anything about requests issued under FISA.

Facebook's move revealed a split within the tech industry: Microsoft issued a similar report Friday that also provided a total number of government data requests that included an unspecified number of FISA requests. But Google criticized that approach, saying it was not helpful for the government to require the companies to provide only a single total for all types of requests.

"We have always believed that it's important to differentiate between different types of government requests. We already publish criminal requests separately from National Security Letters," Google said in a statement reported by several tech blogs. "Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately."

Another tech company, Twitter, echoed Google's concern. Twitter legal director Benjamin Lee posted a tweet on his personal account late Friday, saying "We agree with @google: It's important to be able to publish numbers of national security requests -- including FISA disclosures -- separately."

Mercury News Staff Writer Tracy Seipel contributed to this report. Contact Brandon Bailey at bbailey@bayareanewsgroup.com. Follow him at Twitter.com/BrandonBailey.