Technology

Yahoo leads NSA-FBI account content data demands

Facebook Image copyright Getty Images
Image caption US officials are able to request hidden photos published on Flickr as part of their Fisa orders

Tech firms detail NSA-FBI demands

Fresh disclosures about national security requests indicate that Yahoo was ordered to hand over content from more accounts than other tech firms during the first six months of 2013.

Yahoo said it was told to release content from between 30,000 and 30,999 accounts over the period under the Foreign Intelligence Surveillance Act (Fisa).

Microsoft, Facebook, LinkedIn and Google have also published new figures.

Reporting rules were relaxed last week.

Yahoo said the types of content that might be requested included words in an email or instant message, photos posted online via its Flickr website, Yahoo Address book entries, and appointments entered into its Calendar product.

The firm has also published a transparency report for its Tumblr blogging platform that states the unit had never received a Fisa order or NSL.

One campaigner suggested such information had limited use.

"Transparency reports for a long time were really insightful tools for us to see what governments were asking the tech companies," Privacy International's Mike Rispoli told the BBC.

"Now we know that the game has changed.

"Governments do not need to go to companies to get user data - they can directly intercept it. They do not need to go through the front door anymore, they have kicked down the back door."

Content requests

The latest figures build on an updated report published by Apple last week.

It is now known that the number of US national security orders for content made between 1 January and 30 June 2013 was as follows:

  • Yahoo - between 30,000 and 30,999 accounts
  • Microsoft - between 15,000 and 15,999 accounts
  • Google - between 9,000 and 9,999 accounts
  • Facebook - between 5,000 and 5,999 accounts
  • Apple - between 0 and 249 accounts
  • LinkedIn - between 0 and 249 accounts

The number of accounts does not necessarily equate to the number of users since one person might own several.

The tallies also include requests for accounts that proved to be non-existent.

More transparency

Although the tech firms hope that the figures offer some reassurance about the scope of their co-operation with the US intelligence agencies, several of the companies took the opportunity to stress that they wanted reporting rules relaxed further.

Image copyright Getty Images
Image caption Microsoft's Brad Smith has called on the authorities to pledge not to hack its equipment

"We still believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest," wrote Google's legal director Richard Salgado.

"Specifically, we want to disclose the precise numbers and types of requests we receive, as well as the number of users they affect in a timely way."

At present, any disclosure involving Fisa orders is subject to a six-month reporting delay.

By contrast the NSLs are not subject to a time restriction. As a result, Yahoo, Facebook, Microsoft and Google have now all given figures for the number of such letters they received from the FBI between 1 July and 31 December.

Hacking frustration

By their nature, the figures do not address data taken from the firms without their knowledge.

According to leaked documents published by the Washington Post, the NSA and GCHQ have broken into communication links connecting Google and Yahoo's data centres to copy records under a programme codenamed Muscular.

In addition, leaks reported by the Guardian, suggest that GCHQ has copied data from fibre-optic cables used by the internet, and shared the information with the NSA as part of an operation called Tempora.

The tech companies are now encrypting more of their data to tackle this, but Microsoft's general counsel has demanded a response from the authorities.

"Despite the president's reform efforts and our ability to publish more information, there has not yet been any public commitment by either the US or other governments to renounce the attempted hacking of internet companies," Brad Smith wrote on the firm's blog.

"We believe the Constitution requires that our government seek information from American companies within the rule of law. We'll therefore continue to press for more on this point in collaboration with others across our industry."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites