I had a conversation recently with someone who told me that people don't really care about privacy anymore. Consumers willingly trade details like locations, activities and contacts for the benefit of ease. It's the price to pay for finer-tuned functionality, he said, and anyone familiar with tech knows that.
This was, of course, before the whole PRISM thing blew up. If you're not familiar with this piece of news, let me fill you in. A mere few days ago, it was revealed that the National Security Agency has access to the servers of several of the world's leading Internet companies. The news rocked the Web, despite the fact that the last part is still somewhat up in the air. Representatives from companies like Facebook, Apple, Google, Microsoft, Dropbox and Yahoo have since stepped forward to deny any involvement in PRISM.
Well, now the Mountain View, Calif.-based company is going one step further. In a clear attempt to be as above-board as possible, Google wants to publish the total number of government requests it receives for national security information. Google sent a letter to Attorney General Eric Holder and FBI director Robert Mueller, asking for permission to post numbers of national security requests in order to prove that these requests — not direct access to its servers — is the extent of its participation.
Dear Attorney General Holder and Director Mueller
Google has worked tremendously hard over the past fifteen years to earn our users' trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users' data.
We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.
Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users' data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.
We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google's numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.
Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google's initiative. Transparency here will likewise serve the public interest without harming national security.
We will be making this letter public and await your response.
David Drummond Chief Legal Officer
It's as if the company is itching to say, "See? See all these requests? If the government could just dig all that up itself, it wouldn't be asking us for all that."
According to Google CEO Larry Page, the company only offers up the data when compelled to do so by law, and it evaluates every request before handing it over. Mountain View is obviously hot to emphasize this. As the company states that government agents absolutely, positively cannot jack straight into its servers, it also seems to know that a simple denial isn't going to cut it.
After all, there's a critical difference between a tech company complying with isolated government requests and throwing its doors wide open so agents can rummage through everyone's data.
Google is permitted to publish general numbers in its Transparency Report, but not hard figures. A previous report revealed that the U.S. made 8,438 requests on some 14,791 Google users during the last half of 2012. Given the open letter just posted, we assume that these didn't include FISA (Foreign Intelligence Surveillance Act) requests. Still, on its own, it represents a steep growth of about 70 percent since 2009. (Ironically, that's when the House of Representatives passed its resolution founding Data Privacy Day.) And the company acknowledged that it provided at least some user data in 88 percent of the requests that came in during the second half of last year.
So the question is not whether U.S. agencies are getting hold of user data. That much is certain. PRISM or no, FISA requests — like those that came to light over Verizon — ensure that. In this case, how they're getting their hands on the information is what's key.
Speaking of Verizon, that matter hasn't been closed either. The American Civil Liberties Union and the New York Civil Liberties Union have jointly filed a lawsuit alleging that the phone surveillance program is unconstitutional. In other words, our President is being sued.
Looks like privacy isn't dead after all. Clearly it still matters to a great many people.
Does it matter to you? Would you trust Google, or any company, more if you saw how many national security requests are actually being made? Or are you unconcerned about the prospect of data surveillance?