In the closing days before Christmas, Verizon and AT&T gave their users an unusual present: A promise to disclose, in the form of tables, how often cops and courts ask about their users and how often they answer.
Exciting stuff, no?
Okay, it’s not the sexiest Christmas gift. But these “transparency reports” represent a major step forward in the telecom companies upholding their customers’ rights before the government.
The past year’s worth of surveillance politics have shown that transparency reports can function as a gateway drug, eventually pushing the companies that post them to address the national-security state’s appetite for data. And that’s something that should concern you even if you’ve done nothing wrong—because the National Security Agency’s collect-everything approach won’t overlook your data.
Consider how things have worked out for the likes of Google, Twitter, Microsoft, and Yahoo. (If this connection had escaped you thus far, Yahoo Tech is published by Yahoo.)
For instance, in 2010, Google’s first transparency report only summed up how many requests for user data it had received, not how many it had complied with; a year later, it filled in that blank. In 2012, Twitter took notice and began posting its own transparency reports with a similar level of detail.
In early 2013, Google added rough counts of how many times the FBI had sent it a National Security Letter—an Orwellian demand for subscriber information that the recipient can be forbidden from even acknowledging to anybody else.
Days later, Microsoft joined this growing club with its first “Law Enforcement Requests Report.” That, too, provided rough counts of NSLs received, as the Obama administration wouldn’t permit anything more specific.
A couple of months later, the name “Edward Snowden” began showing up in the news. The ensuing revelations about the NSA’s data-harvesting practices pushed Facebook, Yahoo and then Apple to start documenting the government’s curiosity.
The reports of those three took a step further by including secret demands for user data made under the Foreign Intelligence Surveillance Act. As a result, their U.S. totals can only offer broad ranges.
The only way they could be more specific would be to take the government to court. And that’s exactly what many of them have done, along with pushing Congress to reform FISA and curb the NSA’s power.
I don’t expect Verizon or AT&T’s CEOs to file their own suits in the Foreign Intelligence Surveillance Court or start making large donations to the Electronic Frontier Foundation.
But consider the backstory here: The big telecoms voluntarily enabled government snooping—AT&T got caught secretly installing NSA wiretapping gear in its own facilities. Then, years later, they mocked the protests of tech companies; only four months ago, a senior Verizon executive brushed them aside as “fizzy statements.”
In that light, AT&T and Verizon now look a little shaken up themselves.
AT&T made the less sweeping pledge, stating upfront that it would only disclose law-enforcement inquiries and would let the government decide when to disclose data about NSLs or FISA demands. (Good luck with that.)
Verizon, to its credit, said it was working to provide a broad range of the NSLs it got in 2012 and made its own vague call for reform. “Verizon calls on governments around the world to provide more information on the types and amounts of data they collect and the legal processes that apply when they do so.”
How long do you think the likes of Comcast, Sprint and T-Mobile can hold out? And if they elect to provide a little more detail than AT&T or Verizon have promised, how will those two respond?
One of their prominent critics is convinced things have changed. “The market is starting to put a value on privacy,” said Nate Cardozo, staff attorney for the Electronic Frontier Foundation. “This transparency is a first step in winning back customers’ trust that was rightfully lost after 9/11.”
I sure hope he’s right.