Google Shares How Often The FBI Sends National Security Letters For User Information
How do you talk about requests for user information that, legally, you can’t talk about? In the case of “National Security Letters” that Google receives from the US Federal Bureau of Investigation, a start is to talk generally about the number of requests received. In a blog post today, Google explains that it will now […]
How do you talk about requests for user information that, legally, you can’t talk about? In the case of “National Security Letters” that Google receives from the US Federal Bureau of Investigation, a start is to talk generally about the number of requests received.
In a blog post today, Google explains that it will now provide broad figures about how many National Security Letters it receives. Not familiar with how the FBI uses these? Google explains:
“The U.S. Federal Bureau of Investigation can issue a National Security Letter (NSL) to obtain identifying information about a subscriber from telephone and Internet companies. The FBI has the authority to prohibit companies from talking about these requests. But we’ve been trying to find a way to provide more information about the NSLs we get—particularly as people have voiced concerns about the increase in their use since 9/11.”
Apparently, the way Google has found is to publish figures quantifying the number of requests and publishing these in a new section of its Transparency Report for the US:
For each year from 2009 through 2012, the chart above says that Google received 0-999 National Security Letters. Potentially, that means in some of these years, there were no letters received at all. But, that can’t be the case because of the User/Account figures, which I’ll explain in a moment. Really, it means Google received between 1 and 999 NSLs.
The chart also says that the letters covered between 1000-1999 users or accounts with Google for 2009-2012, except for 2010. In that year, the number of accounts and users involved rose to the 2000-2999 level. My assumption is that any particular NSL might request information for more than one user or account, which is why the NSL ranges are lower than the User/Accounts range.
And what does the FBI get from these requests? Google’s FAQ explains:
“The FBI can seek “the name, address, length of service, and local and long distance toll billing records” of a subscriber to a wire or electronic communications service. The FBI can’t use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses.”
Google also notes in the FAQ that while it tries to notify users of any government requests for information, in the case of NSLs, it might be prevented from doing this.
Why not be more specific in the numbers? Google’s blog post explains ranges are all it is allowed to do, for US national security reasons:
“You’ll notice that we’re reporting numerical ranges rather than exact numbers. This is to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations. We plan to update these figures annually.”