One by one, the telecommunications giants at the heart of the NSA surveillance scandal are relenting to shareholder pressure and public demands for them to publish reports on government requests for user data.
On Friday Verizon and AT&T announced their intent to begin producing transparency reports in 2014 after in the past investing time and effort in denouncing some of the technology companies that have regularly provided insight into their compliance with warrants from the government.
Google, Facebook, Twitter, LinkedIn and others have done quarterly or semi-annual transparency reports, some going back two or three years. Yet Verizon and AT&T refused to cave; Verizon went so far as to label the reports from some tech companies as grandstanding. Both telcos also said shareholders had no standing on which to demand such reports.
Things changed quickly, however, after the White House Review Group on Intelligence and Communications Technologies made a number of reform recommendations to the National Security Agency’s surveillance programs. The first revelation from the Edward Snowden documents in June was that the NSA was collecting phone call metadata records, purportedly from non-U.S. citizens. The dragnet, however, was also sweeping up Americans’ records, including those of citizens not suspected of terrorism or considered a threat to national security.
AT&T and Verizon said they will publish semi-annual transparency reports starting next year. AT&T general counsel Wayne Watts reiterated the company will continue to review government and court orders for customer data for the lawfulness and propriety, and said his company does not allow a government agency to connect directly to the AT&T network. Watts also said AT&T would not publish requests related to national security.
“Any disclosures regarding classified information should come from the government, which is in the best position to determine what can be lawfully disclosed and would or would not harm national security,” Watts said.
The companies are permitted by law, however, to report only aggregate totals of subpoenas, court orders and warrants, as well as the number of customers affected. National Security Letters, however, are another matter. Companies are not allowed to report specifics on those requests other than in ranges of 1,000. Tech companies such as Google, Facebook and others have joined together to petition the government for permission to be more specific about National Security Letters, and that the permissible ranges do little to enhance transparency.
“AT&T’s failure to push for the right to fully and accurately inform the public about our government’s actions is extremely disappointing, and we urge AT&T to reconsider its position,” wrote Nate Cardozo and April Glaser, staff attorney and activist respectively, at the Electronic Frontier Foundation. “With transparency reports, companies have the opportunity to deepen their consumers’ trust by being open about how governments around the world collect and use our private data,”
The timeliness of AT&T and Verizon’s decision coincides with Google’s latest transparency report, which pointed out that requests from the government jumped 18 percent in the first six months of this year and that Google complied with requests for U.S. users’ data 83 percent of the time. In all, Google received 25,879 requests for user data in the first six months of 2013 covering more than 42,000 total accounts. The company produced some data in 65 percent of those requests, for all governments; the data turned can vary from a name or email address to message content and IP address data.