Companies such as Google and Microsoft have been asking for a compromise from the government that would allow them to publicly acknowledge situations in which they are ordered to produce customer data for national security inquiries. Today, the Justice Department finally agreed.
When Google, Microsoft, Yahoo, Facebook, and LinkedIn receive orders under the Foreign Intelligence Surveillance Act to hand over data, they will be able to tell the public about the orders after six months. And if they release a new product, they can disclose that federal intelligence has figured out how to surveil the product after two years.
The Associated Press summarized the agreement:
Under the compromise announced Monday, Internet companies will be able to report the number of criminal-related orders from the government. They also will be able to release, rounded to the nearest thousand, the number of secret national security-related orders from government investigators; the number of national security-related orders from the FISA court and the number of customers those orders affected, and whether those orders were for just email addresses or covered additional information.
The five companies lobbied for the compromise, which will ultimately apply to other companies as well, because documents leaked by Edward Snowden implicated them in the NSA's PRISM program, but they weren't allowed to provide their customers or the broad public with any information about their involvement. The AP notes that the companies are also eager to correct misinformation about their involvement.
Though the companies may just be worried about image and customer retention, the compromise is a positive step toward better public disclosures about which corporate groups are being asked to share data with the NSA or other government bodies. If companies have the ability to disclose, they probably will, to nip potential PR nightmares (like the Snowden revelations) in the bud. Consumers will be able to make more informed decisions about trusting their data with different companies. Even if customers don't act, they will still know. But this is just a first step toward increased corporate transparency about data sharing.