a lawsuit filed against the U.S. government in June to affirm the right of businesses to disclose limited information about government demands for data made under the Foreign Intelligence Surveillance Act (FISA).
In separate legal filings, Microsoft and Google challenged the gag order that typically accompanies FISA demands for customer data. The two companies asserted that they have a First Amendment right to publish the total number of FISA requests received and the total number of user accounts covered by such requests.
Microsoft general counsel Brad Smith said in a blog post on Friday that six times in recent weeks, Microsoft and Google have agreed to extend the deadline for the Department of Justice to respond to the companies' respective lawsuits, in the hope of reaching some accommodation. But, Smith said, the negotiations have ended in failure.
On Thursday, the Office of the Director of National Intelligence offered what the U.S. government presumably believes is an acceptable compromise: It agreed to release "the total number of orders issued during the prior twelve-month period" once each year, covering FISA orders and National Security Letters.
[ Does Facebook have a point about trading personal information for free services? Read Facebook Says User Data Is Price Of Admission. ]
James R. Clapper, Director of National Intelligence, defended the limited provision of information as necessary to defend the U.S.
Smith considers this single, aggregate total inadequate, noting that the public deserves to know more and that the Constitution guarantees the right of companies and individuals to make reasonable disclosures.
"[W]e believe it is vital to publish information that clearly shows the number of national security demands for user content, such as the text of an email," Smith wrote. "These figures should be published in a form that is distinct from the number of demands that capture only metadata such as the subscriber information associated with a particular email address. We believe it's possible to publish these figures in a manner that avoids putting security at risk."
The status quo puts online technology companies at risk. Small technologies companies such as LavaBit and Silent Circle have shut down or stopped specific services because of their inability to deliver secure communication services when the U.S. government can demand secret access. Larger technology companies like Google and Microsoft face the challenge of courting cloud computing customers when competitors abroad don't have to dispense customer data to U.S. authorities on demand.
For U.S. companies, being forced to surrender data without being able to attest to the limited scope of such demands promotes mistrust among potential customers. The Information Technology and Innovation Institute, a technology think tank, recently projected that U.S. cloud service providers, because of their inability to provide meaningful privacy protection, could lose between $22 billion and $35 billion to competitors in Europe over the next three years.
The lawsuits filed by Microsoft and Google are supported by 15 media organizations, including the Associated Press, Bloomberg and the New York Times.