Facebook has some decisions to make.
Arguably difficult ones.
Does it simply comply when federal law enforcement and intelligence agencies request that it hand over information and data on users without notifying those users? Or does it commit to notifying users unless the requesting agency has a court order requiring secrecy?
The issue is a particularly vexing one not just for Facebook, but for Google, Apple, Twitter, and others, as the feds make increasing demands for user data as part of their investigations. When subpoenaed by a court order, companies must comply or face legal consequences.
Facebook is deciding how to best tread these waters. When asked about the issue of increasing requests for data from law enforcement, Facebook said in an email yesterday that it was working to strike a balance and that the privacy of users was a primary concern.
“We are committed to transparency, and providing notice about government requests is an important part of being transparent. We are always working to improve our notification process as the law permits,” Facebook’s email said.
Facebook also sent VentureBeat a link to its law enforcement guidelines and the specific language relating to its notification policy.
As it stands now, Facebook mandates law enforcement agencies, federal and state, to obtain a court order if they believe alerting users to a request could compromise an investigation.
In March, chief executive Mark Zuckerberg called President Obama to lambast him over the National Security Agency’s metadata collection efforts, including hacking Facebook’s servers, as revealed by NSA whistle-blower Edward Snowden.
R. Ray Wang, an analyst at Constellation Research, said some inside the social media giant are alarmed at the frequency of requests and that its a hot topic among certain circles within the company.
“Companies like Facebook, Google, and Yahoo are all dealing with compliance issues, saying ‘we’re getting a ton of requests, and if we don’t have transparency with users, we’re going to lose.'”
“Facebook,” Wang said, “is facing a massive frontal assault on the issue of user privacy. They know they have to be more transparent.”
On its “Information for Law Enforcement Authorities” page, Facebook laid down its position this way:
Law enforcement officials who believe that notification would jeopardize an investigation should obtain an appropriate court order or other process establishing that notice is prohibited. Law enforcement officials may also request nondisclosure if notice would lead to risk of harm.
Major tech companies, including Facebook, sought to publicly distance themselves from the government last year after Snowden divulged the NSA’s metadata collection efforts.
Apple, Microsoft, and Facebook have updated their policies, promising to let users know about government data requests unless prevented from doing so by a judge, the Washington Post reported last week.
Exempt from the issue are data requests from the ultra-secret Foreign Intelligence Surveillance Court, which carry automatic gag orders, the Post said.
The issue has become more provocative since Snowden’s revelations hit the front pages of the Guardian, Der Spiegel, and the New York Times over the last year, said Kurt Opsahl, a senior lawyer with the Electronic Frontier Foundation, which defends online privacy rights.
“Transparency reports issued last year show that the government is seeking user information frequently. It does appear there are lots of requests for user data. It’s coming at the same time information is coming to light about the NSA’s programs,” Opsahl said.
Opsahl pointed out that the government’s 1986 Electronic Communications Privacy Act, which restricts government wiretapping on telephone calls and data transmissions from computers, has provisions on the issue of limitations on which information on users can be revealed voluntarily.
And herein lies the rub. While the NSA could very well surreptitiously siphon all the data it wants from Facebook, Google, Dropbox, and Yahoo, for example, it doesn’t always share the data with other U.S. agencies. The FBI, for example, doesn’t have the capabilities of the NSA, so it must make its request to the company itself for data it wants.
“So these data requests are also desired by other agencies, including cops and the FBI,” Opsahl said.
Wang said Facebook, Google, and others that retain large amounts of data on individuals are walking a tightrope.
“Facebook wants to do good with the government requests and citizens by being transparent when they occur.”
At the end of the day, Opsahl said, the demands for user information will increase. And that puts the companies holding it in a bind.