Facebook's hands are probably tied on some of their reporting here, but there's still some interesting stuff about the US in this report.
1. The US is by far the one requesting the most data. I'd have to run the numbers to be sure, but it looks like even controlling for population and number of FB users, the US is definitely outpacing other countries' data requests.
2. The US is the only country where FB is reporting in ranges instead of precise numbers. There could be several reasons for this, but the reason almost certainly is not that they don't know the precise numbers. NSLs seem like a safe bet here.
3. The US also has one of the highest "success" rates of government requests. 79% of government requests yield some data. This again could be interpreted several ways, but the two most enticing ones are that the US isn't sending a lot of fishing requests because when they request data from FB, they're already pretty certain about what they're looking to find. The more disturbing concern would be if the US only queries FB for things where the NSA's database is insufficient, which would mean the number of requests they submit to Facebook is not at all indicative of how many queries on user data they actually do.
Thanks for the CSV! Here are the top 10 countries by requests per capita[1]:
Country Requests Population Requests Per Capita
Malta 89 415,654 0.000214120398216
United States (Min) 11000 313,900,000 0.000035043007327
United Kingdom 1975 62,740,000 0.000031479120179
Italy 1705 60,720,000 0.000028079710145
Australia 546 22,320,000 0.000024462365591
New Zealand 106 4,405,000 0.000024063564132
France 1547 65,430,000 0.000023643588568
Germany 1886 81,800,000 0.000023056234719
Singapore 107 5,184,000 0.000020640432099
Portugal 177 10,560,000 0.000016761363636
Per capita is misleading, as the report does not tell you the country of the user for which data was requested. If, for instance, Facebook were providing data on a non-US user, that would be counted as a US request.
Re: #2. Basically correct. Reporting a range that includes all requests, including those that can't be disclosed individually, is the best outcome we've been able to negotiate so far. Here's the answer in the FAQ:
Why did you report the numbers for the United States in ranges?
We have reported the numbers for all criminal and national security requests to the maximum extent permitted by law. We continue to push the United States government to allow more transparency regarding these requests, including specific numbers and types of national security-related requests. We will publish updated information for the United States as soon as we obtain legal authorization to do so.
No. If users send unencrypted data to a service provider, they can never use technical means to verify what the service provider does with the data. For example, suppose that some category of user data is automatically printed out on paper every night.
I am not so sure the US is outpacing the rest by far. Assuming 179 million American FB MAU [1] and the next highest (India, a country I am a citizen of) having ~3200 requests for roughly 78 million MAU [2]. you get (78/179 * 11500) ~ 5000.
So India is not too far off and I would suggest giving it time :).
Btw, I used 11500 for America as the mean between 11k and 12k since only the range is given.
I guess all governments are spying on their citizens :).
Yeah, but India is a country where private citizens can sometimes obtain cell phone records of other private citizens just by virtue of being powerful men. It's a shitty place for privacy.
RE #3: They could also already have the data and simply be querying Facebook to establish a "backwards chain of evidence".
Hilariously, I'm reading Cryptonomicon right now and that's exactly what Sergent Shafto and crew do by pretending they're finding German submarine secrets.
Re 3, couldn't it simply be that the US government has the most leverage over Facebook, since Facebook is headquartered in the US, and the majority of its staff and all its senior management live there?
There's no leverage needed, unless you're thinking that the NSA would rather send G-men to disappear the senior staff or something, instead of simply getting a FISA warrant for the hopefully-rare cases where Facebook has reason to push back against an NSL. But Facebook has always claimed they will comply with the law, and the law is very much slanted to the U.S. already, there's not much extra leverage needed.
NSA is undoubtedly not even the only source of these requests either (e.g. many might come from FBI investigating purely "home-grown" extremists, local cops following up on Amber Alerts, etc.), and the non-NSA ones would already have had an Article III warrant issued, which Facebook has always claimed they will obey.
From their FAQ: "The vast majority of these requests relate to criminal cases, such as robberies or kidnappings." and "The report contains the total number of requests we've received from each government, including both criminal and national security requests."
However, even if we ignore all that other nations have their own forms of leverage... it would certainly be easier to unilaterally block Facebook in other countries than in the U.S., for instance.
One other consideration is the number of active accounts in various countries. I imagine the penetration in the United States is one of the highest, and the US population is fairly large as well. It would be interesting to get some sort of a relative factor here to get a sense of how aggressive these governments are seeking information.
Thanks for the summary. Per capita data would help put this in perspective, probably. It's also worth noting that the U.S. likely has a much higher usage rate of Facebook than, for example, Asian countries.
In case anyone is curious why there's a comment about the headline, the original headline was ""Facebook's "Transparency Report" cannot be viewed without a Facebook account"" and the new headline is "Facebook's Transparency Report".
I'm a software engineer at Facebook. Requiring login for this page was a simple oversight and should be fixed sometime this evening California time. Sorry for the confusion.
What reason do you have to believe it's inaccurate? What would Facebook gain by posting juked numbers of government requests? Seems pretty honest to me. We'll see if they stay true to their promise to scale deeper and show what kinds of requests they receive.
My initial reaction to this headline was, "Orwellian doublespeak at its best," which is of course the hoped-for response.
On second thought, I don't see why this matters. Facebook transparency matters only to Facebook account holders. And it's free to create an account if you don't have one.
Getting mad over this would be like getting mad when the government releases electronic data sets, which of course means you have to have a computer (and computer savviness) to access them.
"Facebook transparency matters only to Facebook account holders."
Facebook transparency likely also matters to anybody with a "shadow profile". Even if you don't have an account, any friend who has synced their phone's phonebook containing your information to Facebook's servers has established a profile of you which Facebook then has a responsibility to maintain in a responsible manner.
It also matters to anyone who formerly had an account. We're reasonably sure Facebook doesn't delete peoples' content when they request their account be deleted, so such people both have data in Facebook's system and lack an account with which to view the transparency report.
It is entirely possible that you might not want your account details associated with the fact that you are interested in knowing about Facebook's transparency.
Agreed. I would be worried if this were a page on Facebook's policy about government requests. That would mean you would have to sign up and consent to a policy before being able to read.
This, on the other hand, is a report about ongoing operations. Kind of sucks it's not entirely public, but I don't see that Facebook has any ethical obligation to make it so.
It also doesn't tell you which US Federal, state, or local agency made the request, or whether the request was for simple criminal investigation or for "national security" purposes, both of which are detailed in the FAQ. ;)
I suspect that the government is more interested in the activities of left-leaning groups like Occupy. This is another data point supporting that hypothesis, albeit not a strong one: there are far fewer Facebook users in Pakistan, for one.
Seems like everyone is discussing "wow, there is a report; it's from Facebook, so it can't be true" instead of "wow the US govt has made ~5x requests of the next-largest requestor."
Edit: see Cowen's comment on contents of the report.
Note that this includes all requests from local, state, and any federal agency, for any data. It also only tells you the country of origin for the request, not the country of the user for which data was requested.
1. The US is by far the one requesting the most data. I'd have to run the numbers to be sure, but it looks like even controlling for population and number of FB users, the US is definitely outpacing other countries' data requests.
2. The US is the only country where FB is reporting in ranges instead of precise numbers. There could be several reasons for this, but the reason almost certainly is not that they don't know the precise numbers. NSLs seem like a safe bet here.
3. The US also has one of the highest "success" rates of government requests. 79% of government requests yield some data. This again could be interpreted several ways, but the two most enticing ones are that the US isn't sending a lot of fishing requests because when they request data from FB, they're already pretty certain about what they're looking to find. The more disturbing concern would be if the US only queries FB for things where the NSA's database is insufficient, which would mean the number of requests they submit to Facebook is not at all indicative of how many queries on user data they actually do.
EDIT: Here's a quick Gist I made of this report as a CSV. https://gist.github.com/Cowen/adb2d335862a95870773