Transparency report

Last updated September 09, 2023

A transparency report is a statement issued semesterly or annually by a company or government, which discloses a variety of statistics related to requests for user data, records, or content. Transparency reports generally disclose how frequently and under what authority governments have requested or demanded data or records over a certain period of time. This form of corporate transparency allows the public to discern how much user information governments have requested through search warrants, court orders, emergency requests, subpoenas, etc. Additionally, companies report data related to requests for user information regarding national security matters, including national security letters and FISA Requests. In 2010, Google was the first company to release a transparency report, with Twitter following in 2012. Additional companies began releasing transparency reports in light of the Edward Snowden leaks in 2013, and the number of companies issuing them has increased rapidly ever since.^[1] Additionally, the United States Intelligence Community began releasing their Annual Statistical Transparency Report in 2013, in an attempt to raise public opinion following the leaks. ^[2] Today, transparency reports are issued by a variety of technology and communications companies, including Google, Microsoft, Verizon, AT&T, Twitter, Apple, Dropbox, Facebook, Yahoo, Uber, Amazon, T-Mobile, Discord, Reddit, and CloudFlare. As of July 2021, 88 companies have provided transparency reports.^[3] Due to the optional nature of transparency reporting, some companies' transparency reports include information related to the government's involvement in copyright takedowns, while others do not. Critics claim that these descrepencies in various companies' reports results in confusion rather than clarification regarding government requesting and censorship practices, and many agree that systematic transparency reporting practices should be implemented across every company that receives requests for user information or takedown notices.^[4] Additionally, companies are required by the government to report the number of national security requests they received in bands of 500 or 1000 (0-499) (0-999).^[5] Several companies and advocacy groups have lobbied the U.S. government to change this policy and allow the exact number of national security requests to be released, and Twitter is raising this issue in the ongoing legal battle,Twitter v. Garland. ^[6]

Purpose

Transparency reports are primarily provided to shed light on surveillance practices of government law enforcement in order to enable stakeholders to understand the operations of the company, to help identify areas where companies and organizations can improve policies and practices, and to serve as a tool for advocacy and public change. Access Now claims that transparency reports are "one of the strongest ways for technology companies to disclose threats to user privacy and free expression," and are tools vital to safeguard against abuses of power.^[7] According to members at the

Companies such as Google, Microsoft, Yahoo, Facebook, and Twitter release transparency reports, all of which list the type and number of government data requests each company receives. The U.S. government will not, however, permit companies to report exact numbers for national security requests or the number of requests that came under the Foreign Intelligence Surveillance (FISA) Section 702, Patriot Act Section 215, or national security letters. Instead, they have to aggregate the numbers or provide a range. And that's even if the government permits a company to publish that data. Google may publish national security letter information, but not FISA information. Facebook may publish FISA information, but it must lump such data in with NSL information. As a result, consumers cannot see the true figure for total government data requests. Critics of this policy, such as the Electronic Frontier Foundation, argue that there is no clear national security justification for blocking entities from releasing this information.^[8]

Legal Request Increases Over Time

Google

Google's latest (10th) transparency report indicates that the government demands for data are increasing in recent years. This report shows demands from government in the first six months of 2014, and the firm said that it includes demands made under the US Foreign Intelligence Surveillance Act (FISA) and through National Security Letters (NSLs). "FISA and NSL demands have increased by 15 percent during the six months, according to the firm, and by 150 percent over the 10 reports and the five year reporting period. That's globally. In the US the figures for the same period are 19 percent and 250 percent." Google legal director Richard Salgado accepted that the government has to fight crime and deal with threats, but the opposition of data demands need to be considered as well. "This increase in government demands comes against a backdrop of ongoing revelations about government surveillance programs. Despite these revelations, we have seen some countries expand their surveillance authorities in an attempt to reach service providers outside their borders," he said. "Governments have a legitimate and important role in fighting crime and investigating national security threats. To maintain public confidence in both government and technology, we need legislative reform that ensures surveillance powers are transparent, reasonably scoped by law, and subject to independent oversight." The report shows that the US makes the most demands for Google users' data, and Google said that it made 12,539 requests that affected some 22,000 accounts. It added that it provided data in 84 percent of cases.

In the UK it said there were 1,535 requests covering 1,991 users or accounts, and Google provided data for 72 percent of the requests.^[9]

Yahoo

The latest Yahoo transparency report was released on 25 September 2014. The report states that 30,511 users were affected by 18,594 government data requests, whereas 57,324 accounts were affected by 29,470 government requests.^[10] However, both of these figures do not include those secret requests sent by the FISA court. During the last six month from July 1, 2013, to December 31, 2013, it received between 0 and 1998 FISA requests for user data, affecting up to 54,997 users (including national security letters). Comparing to the first sixth month from January 1, 2013 to June 30, 2013, 32,997 accounts was affected. As we can see from the figures, although the total number of data request drop, the number of data request approved from the FISA court have increased significantly. Overall, 41 percent of accounts affected by government data requests came from requests made by the U.S. government.^[1]

Criticisms

There is much debate surrounding the efficacy of transparency reporting. Some critics argue that the optional nature of mere quantities of requests may mislead consumers, since most entities have little control over the number of requests they receive, the breadth of the requests they receive, or even the number of requests they ultimately comply with.^[11]

Discrepancies in Quality of Reports

Transparency reports play a vital role in promoting greater accountability and openness, but they are not immune to data discrepancies. These discrepancies can arise from a variety of sources, including human error, technical glitches, misinterpretation of data, and inconsistencies in reporting. When data discrepancies occur, they can significantly erode the effectiveness of transparency reports, as stakeholders may question the accuracy and reliability of the information presented.

Known Discrepancies

Comcast 2020 Criminal Demands Total
Facebook 2018 Net Users Affected

Conflicts between government and company

In June 2013, Google asked the Department of Justice for permission to disclose details about the number of FISA requests it receives. As a result, Microsoft, Yahoo, and Facebook followed suit immediately. However, the Department of Justice refused those requests, and they only provide the companies with a heavily redacted version of their arguments. Here's what Google legal director Richard Salgado had to say about FISA requests: "We want to go even further. We believe it's your right to know what kinds of requests and how many each government is making of us and other companies. However, the U.S. Department of Justice contends that U.S. law does not allow us to share information about some national security requests that we might receive. Specifically, the U.S. government argues that we cannot share information about the requests we receive (if any) under the Foreign Intelligence Surveillance Act. But you deserve to know."^[12]

“Our ability to speak has been restricted by laws that prohibit and even criminalize a service provider like us from disclosing the exact number of national security letters ('NSLs') and Foreign Intelligence Surveillance Act ('FISA') court orders received - even if that number is zero.”avian network's veep for legal Ben Lee has blogged.^[3]

On 7 October 2014, Twitter announce that there will be a lawsuit against the United States government for violating its First Amendment right to freedom of speech. The Transparency Report which would reveal how many national security letters (NSLs) and Foreign Intelligence Surveillance Act (FISA) orders Twitter receives. They provided a draft of the transparency report to the Department of Justice and discussed it for months. Twitter was still unable to get the permission for allowing them to publish even a redacted version of the report from the government. The response form FBI for its stance is that the information Twitter wants to publish "is classified and cannot be publicly released", they also said according to the framework provided on 27 January 2014, Twitter is only permitted to qualify its description of the total number of accounts affected by all national security legal process it has received but it cannot quantify that description with specific detail that goes well beyond what is allowed under the 27th Jan 2014 framework and that discloses properly classified information.^[13]

About the government

The United States government announced on 30 August 2013 that a transparency report which is in its own form will be released. Director of National Intelligence James Clapper announced the change on his office's Tumblr blog. He said that the decision will come naturally after President Barack Obama ordered the declassification of as much intelligence information as possible. Total numbers for national security letters, Foreign Intelligence Surveillance Act (FISA) business records requests, FISA one register/trap and trace requests will be stated in the transparency report. Beside that, the report will also include the number of targets being investigated in each of these requests. The number will reflect the 12 months prior to the date published. The inspiration of the report comes from the recent surveillance program leaks from former NSA-contractor Edward Snowden, according to an anonymous source speaking with the Washington Post. Google, Twitter, and Facebook all release their own forms of transparency report, however they are not allowed to release this sort of information in their report.^[14]

Related Research Articles

<span class="mw-page-title-main">United States Foreign Intelligence Surveillance Court</span> U.S. federal court

The United States Foreign Intelligence Surveillance Court (FISC), also called the FISA Court, is a U.S. federal court established under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants against foreign spies inside the United States by federal law enforcement and intelligence agencies.

The PATRIOT Act was a landmark Act of the United States Congress, signed into law by President George W. Bush. The formal name of the statute is the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, and the commonly used short name is a contrived acronym that is embedded in the name set forth in the statute.

$<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population$

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, such as organizations like the NSA, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is also often distinguished from targeted surveillance.

The Foreign Intelligence Surveillance Act of 1978 is a United States federal law that establishes procedures for the surveillance and collection of foreign intelligence on domestic soil.

Title V: Removing obstacles to investigating terrorism is the fifth of ten titles which comprise the USA PATRIOT Act, an anti-terrorism bill passed in the United States after the September 11, 2001 attacks. It contains 8 sections regarding the capture and prosecution of terrorists.

The Terrorist Surveillance Program was an electronic surveillance program implemented by the National Security Agency (NSA) of the United States in the wake of the September 11, 2001 attacks. It was part of the President's Surveillance Program, which was in turn conducted under the overall umbrella of the War on Terrorism. The NSA, a signals intelligence agency, implemented the program to intercept al Qaeda communications overseas where at least one party is not a U.S. person. In 2005, The New York Times disclosed that technical glitches resulted in some of the intercepts including communications which were "purely domestic" in nature, igniting the NSA warrantless surveillance controversy. Later works, such as James Bamford's The Shadow Factory, described how the nature of the domestic surveillance was much, much more widespread than initially disclosed. In a 2011 New Yorker article, former NSA employee Bill Binney said that his colleagues told him that the NSA had begun storing billing and phone records from "everyone in the country."

A national security letter (NSL) is an administrative subpoena issued by the United States government to gather information for national security purposes. NSLs do not require prior approval from a judge. The Stored Communications Act, Fair Credit Reporting Act, and Right to Financial Privacy Act authorize the United States government to seek such information that is "relevant" to authorized national security investigations. By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed, but never the content of telephone calls or e-mails.

The history of the USA PATRIOT Act involved many parties who opposed and supported the legislation, which was proposed, enacted and signed into law 45 days after the September 11 terrorist attacks in 2001. The USA PATRIOT Act, though approved by large majorities in the U.S. Senate and House of Representative, was controversial, and parts of the law were invalidated or modified by successful legal challenges over constitutional infringements to civil liberties. The Act had several sunset provisions, most reauthorized by the USA PATRIOT Improvement and Reauthorization Act of 2005 and the USA PATRIOT Act Additional Reauthorizing Amendments Act. Both reauthorizations incorporated amendments to the original USA PATRIOT Act, and other federal laws.

<span class="mw-page-title-main">Computer & Communications Industry Association</span>

The Computer and Communications Industry Association (CCIA) is an international non-profit advocacy organization based in Washington, DC, United States which represents the information and communications technology industries. According to their site, CCIA "promotes open markets, open systems, open networks, and full, fair, and open competition." Established in 1972, CCIA was active in antitrust cases involving IBM, AT&T and Microsoft, and lobbied for net neutrality, copyright and patent reform and against internet censorship and policies, mergers or other situations that would reduce competition. CCIA released a study it commissioned by an MIT professor, which analyzed the cost of patent trolls to the economy., a study on the economic benefits of Fair Use and has testified before the Senate on limiting government surveillance and on internet censorship as a trade issue.

<span class="mw-page-title-main">Warrant canary</span> Method of indirect notification of a subpoena

A warrant canary is a method by which a communications service provider aims to implicitly inform its users that the provider has been served with a government subpoena despite legal prohibitions on revealing the existence of the subpoena. The warrant canary typically informs users that there has not been a court-issued subpoena as of a particular date. If the canary is not updated for the period specified by the host or if the warning is removed, users might assume the host has been served with such a subpoena. The intention is for a provider passively to warn users of the existence of a subpoena, albeit violating the spirit of a court order not to do so, while not violating the letter of the order.

The FISA Amendments Act of 2008, also called the FAA and Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, is an Act of Congress that amended the Foreign Intelligence Surveillance Act. It has been used as the legal basis for surveillance programs disclosed by Edward Snowden in 2013, including PRISM.

The WikiLeaks-related Twitter court orders were United States Department of Justice 2703(d) orders accompanied by gag orders issued to Twitter in relation to ongoing investigations of WikiLeaks issued on 14 December 2010. The U.S. government sent Twitter a subpoena for information about Julian Assange and several other WikiLeaks-related persons, including Chelsea Manning. Twitter appealed against the accompanying gag order in order to be able to disclose its existence to its users, and was ultimately successful in its appeal.

PRISM is a code name for a program under which the United States National Security Agency (NSA) collects internet communications from various U.S. internet companies. The program is also known by the SIGAD US-984XN. PRISM collects stored internet communications based on demands made to internet companies such as Google LLC and Apple under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. Among other things, the NSA can use these PRISM requests to target communications that were encrypted when they traveled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get data that is easier to handle.

Ongoing news reports in the international media have revealed operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States. In addition to a trove of U.S. federal documents, Snowden's cache reportedly contains thousands of Australian, British, Canadian and New Zealand intelligence files that he had accessed via the exclusive "Five Eyes" network. In June 2013, the first of Snowden's documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention. The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times, the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L'espresso (Italy), NRC Handelsblad, Dagbladet (Norway), El País (Spain), and Sveriges Television (Sweden).

The USA Freedom Act is a U.S. law enacted on June 2, 2015, that restored and modified several provisions of the Patriot Act, which had expired the day before. The act imposes some new limits on the bulk collection of telecommunication metadata on U.S. citizens by American intelligence agencies, including the National Security Agency. It also restores authorization for roving wiretaps and tracking lone wolf terrorists. The title of the act is a ten-letter backronym that stands for Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015.

Proposed reforms of mass surveillance by the United States are a collection of diverse proposals offered in response to the Global surveillance disclosures of 2013.

Former U.S. President Barack Obama favored some levels of mass surveillance. He has received some widespread criticism from detractors as a result. Due to his support of certain government surveillance, some critics have said his support may have gone beyond acceptable privacy rights. This is of course a debatable conclusion. Many former US presidents have increased the abilities and techniques used for intelligence gathering. President Obama released many statements on mass surveillance.

Mass surveillance in Australia takes place in several network media, including telephone, internet, and other communications networks, financial systems, vehicle and transit networks, international travel, utilities, and government schemes and services including those asking citizens to report on themselves or other citizens.

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

ICWATCH is a public database of mainly LinkedIn profiles of people in the United States Intelligence Community. The database was created by Transparency Toolkit and was hosted by WikiLeaks.

References

1 2 "Yahoo Data requests drop, but FISA stats are worrying". 25 September 2014. Retrieved 21 October 2014.
↑ Intelligence, Office of the Director of National; Thomas, Michael D. "INTEL - Annual Statistical Transparency Report". www.intelligence.gov. Retrieved 21 April 2023.
1 2 "Twitter sues US government for right to disclose NOTHING". The register. Retrieved 24 October 2014.
↑ Llanos, José Tomás (23 April 2021). "Transparency reporting: Considerations for the review of the privacy guidelines". Paris.{{cite journal}}: Cite journal requires |journal= (help)
↑ "Google Transparency Report". transparencyreport.google.com. Retrieved 21 April 2023.
↑ "Taking the fight for #transparency to court". blog.twitter.com. Retrieved 21 April 2023.
↑ "Transparency Reporting Index". Access Now. Retrieved 21 April 2023.
↑ "Why the transparency report is necessary in the fight for privacy". 12 September 2013. Retrieved 21 October 2014.
↑ Dave, Neal. "Google's 10th transparency report shows government requests are rising". Archived from the original on 17 September 2014. Retrieved 20 October 2014.{{cite web}}: CS1 maint: unfit URL (link)
↑ "Yahoo Government data request" . Retrieved 21 October 2014.
↑ "what transparency report don't tell us?". The Atlantic . 19 December 2013. Retrieved 21 October 2014.
↑ "Google slams U.S. government in latest transparency report". PC WORLD. Retrieved 22 October 2014.
↑ "FBI response" (PDF). The Washington Post . Retrieved 24 October 2014.
↑ Meghan Kelly (30 August 2013). "U.S. to release transparency report with FISA and national security requests" . Retrieved 22 October 2014.

External links

Kashmir Hill, Forbes. Thanks, Snowden! Now All The Major Tech Companies Reveal How Often They Give Data To Government, November 2013.
Google's Transparency Report. "Transparency Report"
Twitter's Transparency Report. "Transparency Report"
Dropbox's Transparency Report. "Transparency Report"
Yahoo's Transparency Report. "Transparency Report"
Dropbox's Government data request principles. "data request principles"
Discord's Transparency Report. "Transparency Report"

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] 1 2 "Yahoo Data requests drop, but FISA stats are worrying". 25 September 2014. Retrieved 21 October 2014.

[2] Intelligence, Office of the Director of National; Thomas, Michael D. "INTEL - Annual Statistical Transparency Report". www.intelligence.gov. Retrieved 21 April 2023.

[:1-3] 1 2 "Twitter sues US government for right to disclose NOTHING". The register. Retrieved 24 October 2014.

[4] Llanos, José Tomás (23 April 2021). "Transparency reporting: Considerations for the review of the privacy guidelines". Paris.{{cite journal}}: Cite journal requires |journal= (help)

[5] "Google Transparency Report". transparencyreport.google.com. Retrieved 21 April 2023.

[6] "Taking the fight for #transparency to court". blog.twitter.com. Retrieved 21 April 2023.

[7] "Transparency Reporting Index". Access Now. Retrieved 21 April 2023.

[8] "Why the transparency report is necessary in the fight for privacy". 12 September 2013. Retrieved 21 October 2014.

[google-9] Dave, Neal. "Google's 10th transparency report shows government requests are rising". Archived from the original on 17 September 2014. Retrieved 20 October 2014.{{cite web}}: CS1 maint: unfit URL (link)

[yahoo-10] "Yahoo Government data request" . Retrieved 21 October 2014.

[transparency_report-11] "what transparency report don't tell us?". The Atlantic . 19 December 2013. Retrieved 21 October 2014.

[conflicts-12] "Google slams U.S. government in latest transparency report". PC WORLD. Retrieved 22 October 2014.

[13] "FBI response" (PDF). The Washington Post . Retrieved 24 October 2014.

[14] Meghan Kelly (30 August 2013). "U.S. to release transparency report with FISA and national security requests" . Retrieved 22 October 2014.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]