[June 18, 2013] NSA Prism disclosures: All the user-data requests from tech's biggest names [San Jose Mercury News] Tweet (San Jose Mercury News (CA) Via Acquire Media NewsEdge) June 18--Technology's biggest names have rushed to disclose the number of law-enforcement requests for data they receive, a result of allegations that they have provided the National Security Agency "direct access" to customer data on their servers. The accusations center on the NSA's Prism program, which was revealed by former security contractor Edward Snowden in a June interview with The Guardian. Snowden told the newspaper that Verizon, the largest U.S. wireless carrier, had given the NSA blanket access to phone records. The next day, The Guardian and Washington Post reported that a government PowerPoint presentation showed the NSA was "tapping directly into the central servers of nine leading U.S. Internet companies" -- Apple (AAPL), Microsoft, Yahoo (YHOO), Google (GOOG), Facebook, PalTalk, AOL, Skype, and Google's YouTube video site. The companies have denied the accusation that the NSA has "direct access," and Apple, Facebook and Yahoo have, for the first time, released the number of government requests for data they have received and agreed to. Google and Twitter have made it a practice to release such data annually, but have not updated their numbers to specifically include NSA requests, with Google objecting to the federal government's limitations on the release of such data, calling them "a step back" from transparency. Internet companies said the government would only allow them to disclose national security requests, which are classified as secret under federal law, by lumping them together with all other requests from local police and other agencies. Companies said they're also required to report the numbers in increments of 1,000. Below are the raw numbers companies have provided as of June 18, in alphabetical order: APPLE Total requests for user data: 4,000 to 5,000 Time period: Dec. 1, 2012 to May 31, 2013 Accounts/devices specified: 9,000 to 10,000 Extra information provided: Apple noted that its iMessage and FaceTime services are protected by end-to-end encryption, and cannot be decrypted by Apple. The Cupertino company also said it does not store location information, Map searches or requests made through its voice-recognition system, Siri. Apple also reported that "the most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease, or hoping to prevent a suicide." Source: www.apple.com/apples-commitment-to-customer-privacy GOOGLE/YOUTUBE Google provides biannual updates on user data requests, including separate data on National Security Letters, or NSLs, which is a request for data from the Federal Bureau of Investigation. The company is seeking the ability to separately report requests from the NSA through the FISA court system, which are not included in any numbers below. Total worldwide requests for user data: 21,389 Accounts specified: 33,634 Requests in which Google provided some data: 66 percent Total U.S. requests for user data: 8,438 Accounts specified: 14,791 Percentage of requests with which Google complied: 88 percent Time period: July 1, 2012 to Dec. 31, 2012 NSLs received: 0 to 999 Users/accounts targeted by NSLs: 1,000 to 1,999 Time period: 2012 Sources: www.google.com/transparencyreport/userdatarequests and www.google.com/transparencyreport/userdatarequests/US FACEBOOK Total U.S. requests for user data: 9,000 to 10,000 Time period: July 1, 2012 to Dec. 31, 2012 Accounts specified: 18,000 to 19,000 Extra information provided: "These requests run the gamut -- from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat." Source: http://newsroom.fb.com/News/636/Facebook-Releases-Data-Including-All-National-Security-Requests MICROSOFT/SKYPE Microsoft released an annual report on user data requests earlier in 2013, with numbers separated between Microsoft and Skype; the company then issued a new report that included national-security requests in the format dictated by the federal government, which includes the provision that all services must be lumped together. All of those numbers are below Total U.S. requests for user data, including FISA requests: 6,000 to 7,000 Time period: July 1, 2012 to Dec. 31, 2012 Accounts specified: 31,000 to 32,000 Total worldwide requests for user data from Microsoft: 70,665 Accounts specified: 122,015 Requests in which some form of data was disclosed: 82 percent Total U.S. requests for user data: 11,073 Accounts specified: 24,565 Requests in which some form of data was disclosed: 78.9 percent Total worldwide requests for user data from Skype: 4,713 Accounts specified: 15,409 Total U.S. requests for user data: 1,154 Accounts specified: 4,814 Requests in which some form of content was disclosed: 0(ASTERISK) Time period: 2012 --Microsoft said that no actual content was disclosed from any Skype account, though it did provide some non-content data. The company said it would provide consistent data sets for 2013. Extra information provided: From post-Prism disclosure: "We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers." Source: http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/06/14/microsoft-s-u-s-law-enforcement-and-national-security-requests-for-last-half-of-2012.aspx and http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/03/21/microsoft-releases-2012-law-enforcement-requests-report.aspx TWITTER Total worldwide requests for user data: 1,009 Accounts specified: 1,433 Percentage of requests with which Twitter complied: 57 Time period: July 1, 2012 to Dec. 31, 2012 Source: https://transparency.twitter.com/information-requests-ttr2 YAHOO Total U.S. requests for user data: 12,000 to 13,000 Time period: Dec. 1, 2012 to May 31, 2013 Accounts specified: Not released Extra information provided: "The most common of these requests concerned fraud, homicides, kidnappings, and other criminal investigations." Staff writer Brandon Bailey contributed to this report. Contact Jeremy C. Owens at 408-920-5876; follow him at Twitter.com/mercbizbreak. ___ (c)2013 San Jose Mercury News (San Jose, Calif.) Visit the San Jose Mercury News (San Jose, Calif.) at www.mercurynews.com Distributed by MCT Information Services [ Back To TMCnet.com's Homepage ]