Dropbox Petitions FISA For Right To Disclose National Security Requests
September 25, 2013

Dropbox Joins Major Tech Firms In Push To Disclose Government Data Requests

redOrbit Staff & Wire Reports - Your Universe Online

Cloud storage provider Dropbox has joined Google, Microsoft, Facebook, Yahoo, LinkedIn and others in seeking permission to publish the number of national security requests it has received from the federal government, and the number of users those requests involve.

The company filed a petition with the US Foreign Intelligence Surveillance (FISA) Court this week seeking confirmation that it has the right to disclose the exact number of national security requests it receives from the government.

“Today we filed a legal brief asking the court to confirm that we have the right to report the number of national security requests we receive, if any.” Dropbox said in an update to its transparency report page on Monday.

In its latest transparency report, released in January, Dropbox said the government only allowed the company to disclose the aggregate number of all law enforcement and national security requests it had received. Even then, the disclosure must be in large bands, the company said.

“A report in that form decreases transparency, especially for companies that receive zero or very few national security requests,” Dropbox said at the time.

In its petition to the FISA court this week, Dropbox argued that it has a right to publish both the exact number of national security requests it receives, and how many of its users are affected.

Government requests for data can come under Section 215 of the Patriot Act, the Foreign Intelligence Surveillance Act (FISA) and national security letters. However, to date, no company has been able to publish the exact numbers for all of these categories in a single report, and many companies are beginning to see this limitation as a First Amendment issue.

“There is no statute, nor any other law, supporting the government’s demands. To the contrary, the proposed gag order violates the First Amendment, as it interferes with both the public’s right to obtain truthful information about a matter of substantial public debate and service providers’ rights to publish such information,” Dropbox wrote in its brief.

The company explained that the government has permitted it to publish these numbers, but only when combined with the broader data requests it receives from other law enforcement agencies, who sometimes ask for data associated with criminal cases apart from national security issues.

Additionally, Dropbox is only allowed to disclose these requests in groups of thousands.

“Because Dropbox received fewer than 100 regular law-enforcement requests last year, reporting in the government’s format would decrease Dropbox’s ongoing transparency efforts,” the company said, adding that this approach harms public debate and discussion, without any societal benefit.

The company provided the following table from its most recent transparency report to illustrate its point:

Had Dropbox received just one national-security request during that period, and had it wished to include that single request in its report, the government’s approach would require Dropbox’s report to look like this:

“Because Dropbox is unwilling to distort its reporting this way, it instead must omit information about the number of national-security requests,” the company said. “That result is bad for the public.”

Dropbox said it would prefer to report any national-security requests in the same way it reports law-enforcement requests – by disclosing the total number of requests received over a given period of time, along with the number of affected accounts.

“The government’s effort to silence online services and thereby keep the public in the dark is not at all tailored to protecting national security,” Dropbox wrote in its petition.

“No harm to national security can be expected from the Service Providers releasing accurate information about the number of national-security requests that have been made.”

Dropbox is only the latest tech firm to call on the government to loosen its disclosure rules for government data requests. It’s uncertain what effect, if any, Dropbox’s petition will have with the FISA court, whose proceedings may remain secret.