Just over one year since the revelations about the National Security Agency rocked the international community, the Director of National Intelligence is making moves to demonstrate more transparency about the department's activities.
The DNI published a list of statistics on Friday covering orders issued concerning business and national security letters for calendar year 2013.
The transparency report is the first of its kind for the U.S. government in covering information requests concerning user data from Internet and telecom companies.
Here are some of the numbers to know:
- 1,767 Foreign Intelligence Surveillance Act (FISA) orders issued, affecting 1,144 targets (which could be individuals or groups; the DNI didn't break that down)
- 178 FISA business records ordered, affecting 172 "individuals, entities, or foreign powers"
- 423 selectors approved under NSA telephony metadata scanning
- 248 U.S. citizens were the subjects of these business records
- 19,212 national security letters issued, leading to 38,832 requests for information for anything from middle names to email addresses
More detailed explanations as to what the DNI characterized as targets, relationships, and other amendments are clarified in the report.
In response to the DNI's report, some of the tech companies used as unwilling sources for the NSA's previously top secret data mining activities have come out to praise the department's shift in strategy.
Richard Salgado, director of Law Enforcement and Information Security at Google, wrote in a memo on Friday that this is "step in the right direction of increasing trust in both government and Internet services."
Nevertheless, while Salgado affirmed Google applauds the transparency report, he also stipulated "there is still more to be done."
First, the government reports in a manner that makes it impossible to compare its report with the report of companies, such as the Google Transparency Report. Specifically, the government has chosen to disclose an estimated number of “targets” that it has surveilled, rather than the number of “accounts” at issue. This means that where the “target” is an organization composed of many people, and the government uses FISA to require disclosure of information from many different providers about the many accounts used by those people, covering a broad array of services, it may only report that there was one target. By contrast, in our methodology, and that used by other companies, we each would count the number of accounts impacted by a particular surveillance request.
Salgado suggested a number of other measures the federal government could take, including specifying the number of both citizens and non-citizens whose information is collected.