Protests Against Surveillance and New Rules on Transparency

Protection concept: circuit board with Closed PadlockToday, February 11, is a digital day of protest against surveillance by the National Security Agency. Billed ‘The Day We Fight Back“, participants in the protest range from activist groups to the Reform Government Surveillance Coalition, an business entity which includes Google, Microsoft, LinkedIn, Twitter, Facebook, Yahoo!, and AOL. Protesters’ demands include Congressional support for the Freedom Act, proposed legislation which would limit the collection of Americans’ data under existing surveillance statutes.

Corporate participation in this protest highlights a key challenge facing Internet companies today. Companies must comply with lawful requests from governments for access to user data. At the same time, companies must also build and maintain the trust of their users by operating as responsible stewards of that data. When companies are restricted with regard to what they can say about national security requests received from the U.S. Government, they face the challenge of earning trust without being transparent. In this context, establishing credibility requires active and continued efforts to engage proactively with users and other stakeholders, including policymakers, regarding what can — and cannot — be said.

Several companies – including Google, Microsoft, Yahoo!, Facebook, and LinkedIn — have sought to reduce the extent of the U.S. Government’s non-disclosure requirements through motions for declaratory relief filed with the Foreign Intelligence Surveillance Court. In January, in response to these petitions, the U.S. Department of Justice released new rules with regard to disclosures of national security requests, and the companies agreed to dismissed their claims, without prejudice.

Historically, companies have been prohibited from providing any information regarding requests received pursuant to U.S. national security laws. Pursuant to the new rules, companies may disclose at six-month intervals, and in bands of 1000, the following information:

  • the number of national security letter requests that they have received;
  • the number of customer accounts affected by national security letters;
  • the number of Foreign Intelligence Surveillance Act (“FISA”) orders for content that they have received;
  • the number of customer selectors targeted under FISA content orders;
  • the number of FISA orders for non-content that they received; and
  • the number of customer selectors targeted under FISA non-content orders.

Alternatively, companies can disclose, in bands of 250:

  • the total number of all national security letter and FISA requests received; and
  • the total number of customer selectors targeted by national security letter and FISA requests.

Since the new rules were released, several companies have updated their transparency reports with regard to government requests for user data. For example, for the period January to June 2012, Google stated that it received between 0-999 requests under FISA for content data that involved 9000-9999 user accounts. For the same period, LinkedIn stated that it received 0-249 national security requests involving 0-249 user accounts.

Notably, the new rules maintain restrictions on what can be said with regard to new platforms, products, or services.  Requests specific to a new platform, product, or service cannot be disclosed for two years.

Ultimately, these disclosures represent greater — but still significantly limited — transparency, and at least one company, Twitter, has stated that it may pursue further legal action seeking reduced restrictions. Ultimately, these new rules alter, ever so slightly, the platform for debate regarding the balance that must be struck between civil liberties and national security. Companies are an essential participant in that dialogue as they navigate both compliance challenges and the need to respect the privacy rights of their users.


Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Corporate Social Responsibility | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.