Facebook, Microsoft Release Data Request Numbers

Direct access? Not so much.
Technology • Views: 21,894

Throughout the ongoing NSA/PRISM scandal, one of the most incendiary accusations has been Glenn Greenwald’s initial assertion that major tech companies such as Facebook, Apple, Google, and Microsoft were givng the US Government direct, unfiltered access to their servers. This access would allow the government to spy on people seemingly at will, and find out anything they want to know, rule of law be damned.

Greenwald is now trying to walk his accusations back, but nothing doing. He said it. Repeatedly. And he should own it.

As soon as Greenwald’s original story was published, outraged blogs and Tweets popped up, wondering if we really were living in an Orwellian nightmare. Pundits took to the airwaves to bemoan Obama administration overreach, and outrage ensued.

Just as quickly, every major company named by Glenn Greenwald issued swift denials of his claims, calling them patently false and misleading. As it turns out, their denials are not just PR. The scope of any law enforcement and national security requests being made appears to be very narrow.

First, let’s start with Microsoft. John Frank, their Vice President and Deputy General Counsel, posted this statement last night:

Microsoft’s U.S. law enforcement and national security requests for last half of 2012

Unlike the Greenwald assertion of the government having unrestricted access to user data and user accounts, the actual requests are much smaller:

Earlier this week, along with others in the industry, we called for greater transparency about the volume and scope of the national security orders, including FISA orders, which require the disclosure of some customer content. We believe this would help the community understand and debate these important issues. Since then, we have worked with the FBI and U.S. Department of Justice to try and secure permission to do this.

This afternoon, the FBI and DOJ have given us permission to publish some additional data, and we are publishing it straight away. However, we continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues.

Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal). This only impacts a tiny fraction of Microsoft’s global customer base.

Let that sink in for a moment. Microsoft got between 6-7,000 requests IN TOTAL for the last half of 2012 affecting between 31-32,000 accounts. Compare that tiny number with the millions of people who use Microsoft’s services. It’s a small fraction of 1% of their entire user base.

Fine, you say. Microsoft’s numbers are small. But what about a behemoth like Facebook? Surely the government is spying on us there, taking all the information they want whenever they want it. Well, fear not, dear reader. Your Candy Crush Saga high score is safe. Facebook’s numbers aren’t that different from Microsoft.

Ted Ullyot, Facebook General Counsel released his own statement yesterday:

Facebook Releases Data, Including All National Security Requests

For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.

With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request (including criminal and national security-related requests) in the past six months.

Over 1 billion Facebook accounts and they only got between 9-10,000 law enforcement and security requests affecting only 18-19,000 accounts? You’d almost think the NSA and law enforcement had really narrow scopes to work with or something.

Both statements from Microsoft and Facebook put the lie to the Greenwald accusation that the government is running wild taking everyone’s data to use any which way they want. With as many users as both companies have, the fact that the combined numbers for both are smaller than some colleges and universities in this country suggests that there are guidelines for what can and cannot be requested.

Also, it should be noted that these numbers are only for requests RECEIVED, not for requests that were carried out. Those numbers could well be smaller, since there’s no mention from either Facebook or Microsoft that they automatically granted every request that came across their desks.

Facebook’s Ullyot also takes a thinly veiled shot at Greenwald, The Guardian, and the entire hysteria that has unfolded in the last few days:

We hope this helps put into perspective the numbers involved, and lays to rest some of the hyperbolic and false assertions in some recent press accounts about the frequency and scope of the data requests that we receive.

I wouldn’t count on it, Mr. Ullyot. Once an idea takes root in the blogosphere and on Twitter, it’s real hard for actual facts to get in the way. Still, it’s nice to get some clarification on just how often user data and user information is requested, and on what scale.

Jump to bottom

35 comments
1 Dark_Falcon  Sat, Jun 15, 2013 10:34:31am

Good on Facebook for pushing back against the insanity sparked by the Snowden Affair.

It is good that Microsoft did the same thing, but I’m still annoyed with them right now.

2 Absalom, Absalom, Obdicut  Sat, Jun 15, 2013 10:35:33am

A lot of the people who have freaked out about this have moved onto an idea that the NSA has switches at every fiber-optic backbone and are simply siphoning off all the traffic that way.

This is based off of, I believe, the (confirmed?) AT&T NSA switching room.

3 elizajane  Sat, Jun 15, 2013 10:36:46am

It takes some fundamental mathematical ability to recognize what a tiny number 10,000 is in comparison to 1 billion, and conspiracists don’t have that. It’s like all the fuss about how 3,000 scientists don’t believe in global warming, without reckoning how many adults in America have some claim to be called a “scientist” (like “oh yes, I have a BA in Astronomy, I am a scientist”). 3,000, and in this case 10,000, are insignificantly small.

4 prairiefire  Sat, Jun 15, 2013 10:39:20am

Thanks for the info, Lidane!

5 Charles Johnson  Sat, Jun 15, 2013 10:44:23am
6 Dark_Falcon  Sat, Jun 15, 2013 10:49:43am

re: #5 Charles Johnson

In this context, “second-hand smoke” = “SQUIRREL!”

7 The Mountain That Blogs  Sat, Jun 15, 2013 10:53:02am

re: #3 elizajane

It takes some fundamental mathematical ability to recognize what a tiny number 10,000 is in comparison to 1 billion, and conspiracists don’t have that. It’s like all the fuss about how 3,000 scientists don’t believe in global warming, without reckoning how many adults in America have some claim to be called a “scientist” (like “oh yes, I have a BA in Astronomy, I am a scientist”). 3,000, and in this case 10,000, are insignificantly small.

19K/1.1B = 17ppm. Not percent, parts per million.

EDIT: that quantity of arsenic in soil is considered safe.

8 Political Atheist  Sat, Jun 15, 2013 10:54:03am

re: #2 Absalom, Absalom, Obdicut

A lot of the people who have freaked out about this have moved onto an idea that the NSA has switches at every fiber-optic backbone and are simply siphoning off all the traffic that way.

This is based off of, I believe, the (confirmed?) AT&T NSA switching room.

Confirmed if Wired got it right. Locked closets at ISP’s & hubs.

wired.com

wired.com

wired.com

9 StephenMeansMe  Sat, Jun 15, 2013 10:56:12am

Are these requests for metadata or actual detailed account information? Because if it’s the former, that takes the outrage down another order or two of magnitude.

10 allegro  Sat, Jun 15, 2013 11:05:43am

I think much of the visceral reaction to this is righteous fear of the larger and more impactful issue of privacy loss in general. Personally, I don’t have any issue with this particular NSA thing with the information I have about it. It does however tie into privacy issues I have serious problems with and why my knee has tried to jerk a few times.

I do have major issues with using arbitrary credit scores to deny employment, car insurance, apartment rental, etc. and making those files open to anyone without authorization. I have major issues with drug testing for employment when it is meaningless and everyone knows it. I have huge issues with invasions of personal privacy such as medical issues. I also note that all of these privacy invasions -real, actually life destructive actions - are not government invasions, but corporate.

Methinks this diversion is working.

11 wrenchwench  Sat, Jun 15, 2013 11:09:44am

re: #10 allegro

I think much of the visceral reaction to this is righteous fear of the larger and more impactful issue of privacy loss in general. Personally, I don’t have any issue with this particular NSA thing with the information I have about it. It does however tie into privacy issues I have serious problems with and why my knee has tried to jerk a few times.

I do have major issues with using arbitrary credit scores to deny employment, car insurance, apartment rental, etc. and making those files open to anyone without authorization. I have major issues with drug testing for employment when it is meaningless and everyone knows it. I have huge issues with invasions of personal privacy such as medical issues. I also note that all of these privacy invasions -real, actually life destructive actions - are not government invasions, but corporate.

Methinks this diversion is working.

I can’t help but find Facebook’s statement a little amusing.

We will continue to be vigilant in protecting our users’ data from unwarranted government requests, and we will continue to push all governments to be as transparent as possible.

‘We aren’t a government, so this does not apply to us or the corporations we might sell your information to.’

12 allegro  Sat, Jun 15, 2013 11:11:09am

re: #11 wrenchwench

I can’t help but find Facebook’s statement a little amusing.

‘We aren’t a government, so this does not apply to us or the corporations we might sell your information to.’

DING!

13 Lidane  Sat, Jun 15, 2013 11:11:44am

re: #9 StephenMeansMe

Are these requests for metadata or actual detailed account information? Because if it’s the former, that takes the outrage down another order or two of magnitude.

It’s not entirely clear. Both statements from Microsoft and Facebook say that the numbers that they have released include FISA-related requests, but that they were required to aggregate those requests alongside local, state and other federal requests in order to release any numbers at all.

From the Facebook statement:

As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range. This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.

And from Microsoft:

We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.

In other words, that small number of requests that Microsoft and Facebook mention includes BOTH highly sensitive national security and FISA court requests and local and state inquiries. They just can’t tell us how many of those requests are strictly national security related. And in Facebook’s case, they mention that they often deny requests or give much less information than what has been requested.

14 Charles Johnson  Sat, Jun 15, 2013 11:12:37am

re: #11 wrenchwench

I can’t help but find Facebook’s statement a little amusing.

‘We aren’t a government, so this does not apply to us or the corporations we might sell your information to.’

Facebook, of course, is THE most intrusive and un-transparent web company. Their entire business model is based on exploiting customers’ personal information, far more than the US government ever will.

15 Dark_Falcon  Sat, Jun 15, 2013 11:13:06am

re: #10 allegro

I wrote a reply to this, but then realized I have to get going soon and deleted it.

16 HappyWarrior  Sat, Jun 15, 2013 11:18:57am

re: #14 Charles Johnson

Facebook, of course, is THE most intrusive and un-transparent web company. Their entire business model is based on exploiting customers’ personal information, far more than the US government ever will.

Which makes the disconnect all the more amusing. Some of the same people who are shouting loudly about how this makes the NSA like the Gestapo are the same people who want little or zero oversight over what companies like facebook can do.

17 Eclectic Cyborg  Sat, Jun 15, 2013 11:24:56am

re: #1 Dark_Falcon

Good on Facebook for pushing back against the insanity sparked by the Snowden Affair.

It is good that Microsoft did the same thing, but I’m still annoyed with them right now.

You and most of the gaming population of the United States. My local GameStop currently has FOUR times the number of PS4 preorders than they do Xbox One.

18 Lidane  Sat, Jun 15, 2013 11:32:13am

re: #16 HappyWarrior

Which makes the disconnect all the more amusing. Some of the same people who are shouting loudly about how this makes the NSA like the Gestapo are the same people who want little or zero oversight over what companies like facebook can do.

That’s because those people live in the world where GUBMINT = BAD and CORPORATIONS = JOB CREATORS.

Are there serious privacy issues at play here? Sure. Absolutely. But it doesn’t do anyone any favors when activist morons like Greenwald poison the well from the start by saying that companies like Facebook and Microsoft are letting the government run wild on their servers and take whatever information they want.

19 HappyWarrior  Sat, Jun 15, 2013 11:37:01am

re: #18 Lidane

That’s because those people live in the world where GUBMINT = BAD and CORPORATIONS = JOB CREATORS.

Are there serious privacy issues at play here? Sure. Absolutely. But it doesn’t do anyone any favors when activist morons like Greenwald poison the well from the start by saying that companies like Facebook and Microsoft are letting the government run wild on their servers and take whatever information they want.

Precisely. Madness. We’ve got to realize that too much corporate power with no or little oversight is just as bad as too much government power and it’s something that conservatives and libertarians don’t seem to get.

20 engineer cat  Sat, Jun 15, 2013 11:49:11am

the irony that orwell never anticipated is that we have of course volunteered to make the private details of our lives infinitely easier to discover by using debit/credit cards to buy everything, carrying gps-enabled devices in our pockets, blabbing about every little thing in places where people all over the world can read it

and now that we all of a sudden realize what we’ve done to ourselves, we get all paranoid about it

too late

21 HappyWarrior  Sat, Jun 15, 2013 11:51:55am

re: #20 engineer cat

the irony that orwell never anticipated is that we have of course volunteered to make the private details of our lives infinitely easier to discover by using debit/credit cards to buy everything, carrying gps-enabled devices in our pockets, blabbing about every little thing in places where people all over the world can read it

and now that we all of a sudden realize what we’ve done to ourselves, we get all paranoid about it

too late

There is that too. Good point.

22 boredtechindenver  Sat, Jun 15, 2013 11:57:24am

re: #8 Political Atheist

Confirmed if Wired got it right. Locked closets at ISP’s & hubs.

wired.com

wired.com

wired.com

Room 641A. This was old news, at least for people who paid attention, or worked in the industry in the 00s.

23 Gus  Sat, Jun 15, 2013 12:14:13pm

Egypt cuts ties with Syria.

24 AntonSirius  Sat, Jun 15, 2013 12:40:22pm

re: #1 Dark_Falcon

Good on Facebook for pushing back against the insanity sparked by the Snowden Affair.

I’m glad I’m not the only one inclined to call it that, or even l’affaire Snowden. There’s something very old school spy novel about the whole thing.

25 AntonSirius  Sat, Jun 15, 2013 12:41:56pm

re: #2 Absalom, Absalom, Obdicut

A lot of the people who have freaked out about this have moved onto an idea that the NSA has switches at every fiber-optic backbone and are simply siphoning off all the traffic that way.

This is based off of, I believe, the (confirmed?) AT&T NSA switching room.

The FISA requests are just to provide cover for their REAL operations!

26 AntonSirius  Sat, Jun 15, 2013 12:51:27pm

re: #17 Eclectic Cyborg

You and most of the gaming population of the United States. My local GameStop currently has FOUR times the number of PS4 preorders than they do Xbox One.

I’m genuinely surprised the ratio is that low.

E3 was the PR disaster to end all PR disasters.

27 HSG  Sat, Jun 15, 2013 1:21:36pm

re: #9 StephenMeansMe

According to an article in today’s Wall Street Journal, it’s more specific than metadata but varies widely from request to request. Here’s a link to the article I’m referencing:

online.wsj.com

28 Cap'n Magic  Sat, Jun 15, 2013 1:37:30pm

re: #14 Charles Johnson

How many people are actively on Facebook? They claim over a billion worldwide users, but how many are really active individual users are there in the US? Does anybody really know?

29 Dark_Falcon  Sat, Jun 15, 2013 2:33:50pm

re: #24 AntonSirius

I’m glad I’m not the only one inclined to call it that, or even l’affaire Snowden. There’s something very old school spy novel about the whole thing.

The alternative would have been the lame and worn-out ‘NSAgate’. ‘The Snowden Affair’ is a name I came up with primarily to do my own small part to fight lameness.

30 Cap'n Magic  Sat, Jun 15, 2013 2:33:55pm

re: #20 engineer cat

Bruce Schneier on Trading Privacy for Convenience.

Ray Ozzie is right when he said that we got what we asked for when we told the government we were scared and that they should do whatever they wanted to make us feel safer. But we also got what we asked for when we traded our privacy for convenience, trusting these corporations to look out for our best interests.
We’re living in a world of feudal security. And if you watch Game of Thrones, you know that feudalism benefits the powerful — at the expense of the peasants.
Last night, I was on All In with Chris Hayes (parts one and two). One of the things we talked about after the show was over is how technological solutions only work around the margins. That’s not a cause for despair. Think about technological solutions to murder. Yes, they exist — wearing a bullet-proof vest, for example — but they’re not really viable. The way we protect ourselves from murder is through laws. This is how we’re also going to protect our privacy.

31 Cap'n Magic  Sat, Jun 15, 2013 2:44:03pm

re: #7 The Mountain That Blogs

Methinks that 1.3 billion may be off by one to possibly three orders of magnitude if you restrict that to active US users.

32 Lidane  Sat, Jun 15, 2013 3:11:09pm

re: #31 Cap’n Magic

Methinks that 1.3 billion may be off by one to possibly three orders of magnitude if you restrict that to active US users.

Well, yes. We’ve only got a population of around 314 million here in the States, and not everyone has a Facebook page. It’s obviouly a total number of all the Facebook pages worldwide.

If we assume that 1/3 to 1/2 of the US population has a Facebook page, that would put the number of US users anywhere from about 105-157 million users here in America. Those are VERY generous assumptions, though. Without FB’s own numbers for the States, which they wouldn’t be inclined to release to anyone, we have no way of knowing for sure.

33 Decatur Deb  Sat, Jun 15, 2013 4:44:21pm

re: #24 AntonSirius

I’m glad I’m not the only one inclined to call it that, or even l’affaire Snowden. There’s something very old school spy novel about the whole thing.

“The Snowden File”

“Our Man Snowden”

“The Snowden Man”

34 WA_Independent  Sat, Jun 15, 2013 5:41:56pm

It’s funny that so many here take the tech companies’ PR statements at face value. Go ahead and bash Greenwald if you want, but how do you explain this Washington Post story, which quoted both tech company sources as well as an NSA inspector general’s report?

articles.washingtonpost.com

The companies have publicly denied any knowledge of PRISM or any system that allows the government to directly query their central servers. But because the program is so highly classified, only a few people at most at each company would legally be allowed to know about PRISM, let alone the details of its operations.

Executives at some of the participating companies, who spoke on the condition of anonymity, acknowledged the system’s existence and said it was used to share information about foreign customers with the NSA and other parts of the nation’s intelligence community.

These executives said PRISM was created after much negotiation with federal authorities, who had pressed for easier access to data they were entitled to under previous orders granted by the secret FISA court.

One top-secret document obtained by The Post described it as “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

Intelligence community sources said that this description, although inaccurate from a technical perspective, matches the experience of analysts at the NSA.

According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process.

That sounds a lot like “direct access” to me, and in no way describes any kind of FTP dropbox program.

35 Lidane  Sat, Jun 15, 2013 9:32:28pm

re: #34 WA_Independent

It’s funny that so many here take the tech companies’ PR statements at face value.

You DO know that “General Counsel” means attorney, right? Those aren’t PR statements by a marketing flack. They’re statements by the attorneys for both Microsoft and Facebook releasing the information they have been allowed to release by the federal government.

Go ahead and bash Greenwald if you want, but how do you explain this Washington Post story, which quoted both tech company sources as well as an NSA inspector general’s report?

articles.washingtonpost.com

That sounds a lot like “direct access” to me, and in no way describes any kind of FTP dropbox program.

“Direct access” = Microsoft, Facebook, Apple, Google, etc. allowing the government to directly plug into their servers and data mine at will, without regard to the rule of law. Greenwald outright said that those companies were allowing the government to openly spy on their users at will.

That was a blatant lie. That’s the point, and that’s what he’s being bashed on. Also, this part?

directly to equipment installed at company-controlled locations, rather than directly to company servers

That means the government DIDN’T have direct access to the main company servers where all the user information is stored, which is what Greenwald said. Your own article debunks Greenwald’s initial lies. How hard is that to understand?


This article has been archived.
Comments are closed.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT
LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Cash.app
Recent PagesClick to refresh