Google's latest transparency report shows just how opaque the relationship between tech companies and the government has become
Google today released its latest transparency report detailing the number and nature of requests it has received from the federal government to share user data. The company states that such requests have doubled since it started publishing them in 2010, showing the government's increasing dependence on data gleaned from large tech companies. But the most interesting aspect of the report isn't anything that Google revealed -- it's what it couldn't.
In keeping with the government's strict control over the types and amount of data tech companies are allowed to disclose, Google devoted a section of the report to a graphic displaying a few yellow bars covered with the thick, black lines used by the government's censors. It's a tongue-in-cheek reference to Google's continued fight for the right to disclose such data; it's also the latest example of the limitations imposed on these so-called transparency reports.
As Google says in this report:
We want to go even further. We believe it’s your right to know what kinds of requests and how many each government is making of us and other companies. However, the U.S. Department of Justice contends that U.S. law does not allow us to share information about some national security requests that we might receive. Specifically, the U.S. government argues that we cannot share information about the requests we receive (if any) under the Foreign Intelligence Surveillance Act. But you deserve to know.Apple made a similar statement in its first transparency report, which was released on November 5:
At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed. We strongly oppose this gag order, and Apple has made the case for relief from these restrictions in meetings and discussions with the White House, the U.S. Attorney General, congressional leaders, and the courts. Despite our extensive efforts in this area, we do not yet have an agreement that we feel adequately addresses our customers’ right to know how often and under what circumstances we provide data to law enforcement agencies.Microsoft did the same in its transparency report released in October:
Unfortunately, we are not currently permitted to report detailed information about the type and volume of any national security orders (e.g. FISA Orders and FISA Directives) that we may receive so any national security orders we may receive are not included in this report. We have summarized, per government direction, the aggregate volume of National Security Letters we have received.Facebook includes a similar quote in its page devoted to detailing government requests:
We have reported the numbers for all criminal and national security requests to the maximum extent permitted by law. We continue to push the United States government to allow more transparency regarding these requests, including specific numbers and types of national security-related requests. We will publish updated information for the United States as soon as we obtain legal authorization to do so.These companies are right in thinking that this data is important to its users. They're also right to point out that these reports are incomplete, thus allowing anyone interested to know that these reports aren't as transparent as they could be -- and they probably never will be.
Many of the leaks published by the Guardian, the New York Times, the Washington Post, and ProPublica over the last few months show that companies might not even be aware of everything the government is doing to access their data. The US National Security Agency can reportedly infiltrate Google's data through a program called MUSCULAR. Upon hearing of this program, Google engineers "exploded in profanity" and others issued a "giant Fuck You" to the NSA on their Google+ profiles.
How could these companies disclose such programs in their transparency reports -- even if the current restrictions are lifted -- if they are unaware of them in the first place?
They couldn't. As well-intentioned (and self-serving) as these opaque reports are, these private companies don't have the ability to describe all the ways in which governments in general and the NSA in particular are monitoring, compromising, and weaponizing the Internet. That's up to the independent press and, perhaps some time in the future, the government itself.