If privacy and transparency were a couple, they'd likely change their Facebook relationship status to “it's complicated” and then publicly play out what can only be described as a rollercoaster of harmony and discord as they ride through life together.
The cybersecurity equivalent of Dr. Phil might occasionally call them co-dependent and dysfunctional because their goals can be at odds, but also supportive and in lockstep. Transparency, in some cases, is a necessary protector of privacy.
“There's a trade-off, a national debate about what we're willing to give up to be secure,” says Jack Huffard (left), president, COO and co-founder of Tenable.
Government surveillance of the caliber revealed by Edward Snowden, which gained an uneasy acceptance of sorts in a post-9/11 world more willing to make that trade-off, has severely tested the bounds of privacy, with the FBI and other law enforcement agencies often arguing that they need visibility into email, phone records and mobile devices of suspected terrorists and other criminals to make their case.
With their reputations tarnished by Snowden's revelations and facing a steady onslaught of data requests from government, with warrants obtained quietly and without the benefit of public scrutiny, some of the biggest technology and internet corporations – including Google, Microsoft, Yahoo, LinkedIn and Facebook – waged a battle against the U.S. Department of Justice (DOJ) in an effort to release more complete information on government demands. After a significant win in early 2014, those companies began releasing updated transparency reports.
Under the new rules, companies could consider two different options when reporting on government requests – one that allows for more generalized aggregate reporting in bands of 250, or another that allows for a greater breakdown of reporting in bands of a thousand.
Microsoft chose the latter option and announced that, between Jan. 1, 2013 and June 30, 2013, it had received between zero and 999 Foreign Intelligence Surveillance Act (FISA) orders seeking disclosure of content. The requests impacted between 15,000 and 15,999 accounts.
For the same period, the company received between zero and 999 non-content FISA requests that impacted the same number of accounts, which mirrored non-content requests based on National Security Letters (NSL) during the same timeframe.
“While there remain some constraints on what we can publish, we are now able to present a comprehensive picture of the types of requests that we receive from the U.S. government pursuant to national security authorities,” Brad Smith, general counsel and executive vice president with Microsoft, posted at the time.
LinkedIn chose the other option and announced that, between Jan. 1, 2013 and June 30, 2013, it had received between 0 and 249 national security requests that impacted between 0 and 249 accounts. National security requests in this option are comprised of FISA orders and NSLs.
“We did so because we believe that this option gives our members and the public a more accurate picture of the number of national security-related requests we receive and the number of accounts impacted, even though this option requires us to aggregate national security-related requests,” Erika Rottenberg, general counsel at LinkedIn, posted at the time.