Is pushback from Internet companies reducing the number of government requests for your personal information?
That question arises from Yahoo’s second transparency report, released yesterday. In the report, Yahoo promotes its new, users-first approach to providing information to governments.
The company says it defends “our users’ data from unwarranted government access” and adds that it is working to encrypt its products and services and to organize events educating “young companies on important data protection and human rights issues.”
It has also helped to get a bit more flexibility about reporting U.S. requests. The changes, wrote Yahoo general counsel Ron Bell in a blog post on Friday, occurred after “Yahoo and other Internet companies sued for the right to provide more transparency about the number and kinds of requests we receive.”
In fact, it’s this change in reporting governmental requests that is contributing to some confusion about whether this second Yahoo report shows a drop in U.S. inquiries or not.
The New York Times, for instance, claims that the company “saw a significant drop in the number of government requests for data about its users in the second half of 2013, compared to the first half.”
CNET, however, said that the new report “at first blush appears to detail a drop in U.S. government requests for user account data between the first and second half of 2013.” But it’s apples and oranges, the publication said, in part because Yahoo will be separating out the National Security Agency (NSA) requests in the second report, which it didn’t do in the first one.
The new report indicates seventeen countries issued 21,425 requests on 32,493 accounts. Of these, 6,587 requests were made by the U.S. government on 11,795 accounts, not including national security requests. Disclosure of national security requests must be delayed for six months.
That’s compared to 29,740 requests on 62,775 accounts in the first six months of 2013, including national security requests, which ranged from zero to 3,000 requests on 30,000 to 33,000 accounts.
Yahoo also said it has been informing governments of its user notification policies since last July, after which government requests are sometimes withdrawn. In addition, national security requests are sometimes rejected, as 17 percent were in this most recent period because of lack of jurisdiction, a successful contesting of the government’s request, or no data found.
So, exactly what are the trends of successful national security requests — or non-security governmental requests — to Yahoo?
The question of whether a pattern is developing of fewer successful U.S. requests — either because of tech company pushback, public or congressional pressure, lack of jurisdiction or more precise targeting — will likely take a few more transparency reports to determine.