If 'Just Metadata' Isn't An Issue, Why Can't Tech Companies Reveal 'Just Metadata' About NSA Surveillance?

You may have heard the news today that a bunch of big tech companies -- including Google, Facebook, Microsoft, Apple, Twitter, Mozilla, Reddit, Tumblr and others -- have sent a strong letter to a variety of government officials, both in the administration and Congress, demanding greater transparency, and the ability to reveal more information about the government's various surveillance programs that compel the tech companies to participate:

We the undersigned are writing to urge greater transparency around national security-related requests by the US government to Internet, telephone, and web-based service providers for information about their users and subscribers.

First, the US government should ensure that those companies who are entrusted with the privacy and security of their users’ data are allowed to regularly report statistics reflecting:

• The number of government requests for information about their users made under specific legal authorities such as Section 215 of the USA PATRIOT Act, Section 702 of the FISA Amendments Act, the various National Security Letter (NSL) statutes, and others;
• The number of individuals, accounts, or devices for which information was requested under each authority; and
• The number of requests under each authority that sought communications content, basic subscriber information, and/or other information.

Second, the government should also augment the annual reporting that is already required by statute by issuing its own regular “transparency report” providing the same information: the total number of requests under specific authorities for specific types of data, and the number of individuals affected by each.

As an initial step, we request that the Department of Justice, on behalf of the relevant executive branch agencies, agree that Internet, telephone, and web-based service providers may publish specific numbers regarding government requests authorized under specific national security authorities, including the Foreign Intelligence Surveillance Act (FISA) and the NSL statutes. We further urge Congress to pass legislation requiring comprehensive transparency reporting by the federal government and clearly allowing for transparency reporting by companies without requiring companies to first seek permission from the government or the FISA Court.

This follows on a somewhat somewhat similar letter from Reps. Jim Sensenbrenner and Zoe Lofgren to Attorney General Holder and Director of National Intelligence Clapper, urging them "to authorize U.S. companies to release information regarding national security requests for user data."

Both letters point out that they're just looking for the ability to reveal specific numbers about orders received and user accounts impacted, but obviously not further information that might reveal the details of any investigations. Basically, they're asking for "just the metadata."

You may have spotted the irony, pointed out by Ashkan Soltani: Defenders of many of the government's surveillance programs have repeatedly trotted out the "just metadata" argument for why all of this surveillance is no problem, claiming that mere metadata doesn't reveal anything important. Yet, when it comes to their own metadata about their own surveillance programs, suddenly it will reveal all their secrets? (And I won't even get into the fact that only some of the surveillance programs are "just metadata").

So, which is it, feds? Is "just metadata" nothing too important, or does it reveal everything?

Permalink | Comments | Email This Story