The tech industry, facing a backlash over an ongoing surveillance scandal, is making up for lost time. In recent months, companies like Facebook have clamored into court waving civil liberties banners in the hopes of persuading the media — and their users — that they’re serious about transparency and standing up to surveillance.
While this is good news for privacy advocates, the companies’ push to include more data in so-called “transparency reports” has also become a public relations exercise, and led more companies to put out a mish-mash of data that makes it harder to tell signal from noise. Sources at several tech firms, meanwhile, have acknowledged that the transparency push has become politicized.
Here’s a history that shows the tech industry’s recent transparency efforts — and why it’s time for those companies to set a standard for the way they publish data.
Google shows what the government gets — other firms follow
In 2010, Google began to publish reports about how often governments ask for information about user accounts. Such requests typically demand that Google hand over information such as Gmail messages or the identity of people using Google Blogger. In many cases, the governments claimed the information was needed to investigate serious crime or terrorism. But other demands have been banal — as when Canada demanded the identity of a YouTube user who posted a video of himself flushing his passport down the toilet (Google refused the request).
After the inaugural report, Google began to issue Transparency Reports every six months or so, with each subsequent report providing more detailed information than the previous one. In the case of data requests from U.S. governments, Google began breaking out how many of the requests via search warrants or subpoenas or national security letters.
The distinctions between the various forms of law enforcement demands are esoteric (even to many lawyers) but are significant because each type of request yields a different types of information — subpoenas may yield just an email address, while a warrant can deliver the entire contents of a Gmail or Facebook account. They also entail different degrees of court oversight.
The PRISM problem and a data deluge
While civil liberties groups praised Google and other firms for disclosing the data requests, the Transparency Reports for the most part received little notice outside of the tech press.
In June, however, the reports took on a new significance after a former NSA contractor exposed PRISM, a controversial program that allows the National Security Agency to harvest vast amounts of data from Google, Microsoft and other technology companies.
The revelations about PRISM triggered a global debate about privacy, but also put the tech firms in the crosshairs of critics who claimed they had sold out their users to the U.S. government. In response, some firms that had once shunned discussions of surveillance began to come out with request data of their own; in September, Facebook and Yahoo published Transparency Reports for the first time.
Meanwhile, tech companies have also been tripping over each other in recent weeks to join a First Amendment petition in which Google and Microsoft are asking America’s secret spy court to disclose often they receive FISA letters — another type of law enforcement request central to the PRISM program that targets foreign suspects, but can also draw in American citizens.
Storage company Dropbox recently became the latest to sign on to the lawsuit, which claims companies have a free speech right to say how many requests they receive (though not the content of the requests). The Justice Department has so far pushed back against the demand, and is expected to file a response in the secret spy court this week.
More noise, less signal
The recent rush by tech companies to disclose surveillance data is helpful to to understand the ongoing NSA leaks but it has a downside as well: the process has become more politicized, as public relations teams try to burnish the civil liberties credentials of their respective firms.
In a recent interview, a spokesperson for a major company said the tech industry has become caught up in a pattern of one-upmanship even as it publicly tries to present a united front against the government.
This competition for attention has also led to intra-company sniping such as when Facebook announced it had persuaded the Justice Department to permit it to include FISA letters in the numbers it disclosed in its reports. In response, Google complained that Facebook was being disingenuous because the social network could only publish the numbers if they were included in a tally of overall law enforcement requests.
Such disputes are insider baseball, restricted to a handful of tech and privacy watchers. But for the public, the intra-company squabbling can further obfuscate an already-confusing debate.
A spokesperson for another major tech firm, who like the first one would only speak on background, has said that the various reports do not represent apples-to-apples comparisons — meaning it’s harder to gauge how pervasive government surveillance is at each company, and how the companies compare against each other.
Meanwhile, although, more firms are publishing transparency report, there is no standard format for what to include or how to present the information, as evidenced by screenshots from different companies’ reports:
A transparency standard?
A steady stream of headlines about government surveillance, combined with a confounding flurry of data from tech companies, can make the larger debate over security and privacy lack any central focal points. The tech companies aren’t really to blame for the scattered sense of the transparency reports; after all, they are free to design them as they please — and they don’t even have to issue them at all.
The growing pile of data — and growing PR efforts to spin it — means, however, that it’s becoming harder, even for insiders, to tell signal from noise. Advocacy groups like the EFF are helping by issuing easy-to-read charts like “Who has your back.” But if the tech industry really wants to show their commitment to transparency, they can put aside politics and and find a standard way to present the data they’re fighting to disclose.