Update (1/28/14): See below.
On Monday, the Obama Administration announced that it's going to start allowing tech companies to disclose more information about the number of national-security related demands the government makes for user information. On the surface, this seems like a government-transparency victory. But compared to the extensive recommendations made by lawmakers, privacy advocates, and the president's own government surveillance advisory board, the change actually does very little to shed light on the nature or extent of the government's requests for personal data.
Up until now, tech companies have only been allowed to report a very rough figure on the number of national security letters they receive, and the number of users affected. (The FBI and other agencies use these secret requests to force businesses to hand over certain customer records.) Meanwhile, firms like Google, Facebook, Yahoo, and others have been forbidden from sharing any information on orders they receive via the Foreign Intelligence Surveillance Act (FISA) court. Now, the New York Times reports:
Companies will be able to disclose the existence of FISA court orders. But they must choose between being more specific about the number of demands or about the type of demands. Companies that want to disclose the number of FISA orders and national security letters separately can do so as long as they only publish in increments of 1,000. Or, companies can narrow the figure to increments of 250, but only if they lump FISA court orders and national security letters together.
"It's a pretty absurdly tiny incremental increase in transparency," Julian Sanchez, a research fellow at the Cato Institute who focuses on privacy and civil liberties issues, tweeted Monday. Not only are tech companies still barred from reporting the government requests they receive in real time—there's a six-month delay—but the information they are now allowed to disclose still tells Americans little about the requests the government is making. For example, the administration's now policy only allows FISA orders to be reported under "content" and "non-content" categories. And the number of accounts affected can still only be disclosed in ranges of 1,000.
This week, Apple CEO Tim Cook reiterated that, "We need to say what data is being given," after revealing that his company is under a government gag order. The president's surveillance advisory board recommended in December that he reform the process by requiring judicial approval before sending national security letters. (Judicial approval is currently not required.) And members of Congress have introduced a bill that would limit the kinds of records that can be obtained. But the administration has yet to take meaningful steps at surveillance reform.
UPDATE, Tuesday, January 28, 2014: Nate Cardozo, staff attorney at the Electronic Frontier Foundation, sent Mother Jones another reason Obama's announcement doesn't go far enough: "The deal won't allow the companies to disclose which legal authorities the government is using in the Foreign Intelligence Surveillance Court. We need that information especially, since we're currently trying to reform those very laws. True transparency—as well as the First Amendment—requires that companies be allowed to map the scope of the United States government's surveillance apparatus, including the legal authorities it claims to rely on."