The Obama administration announced new rules on Monday that let Internet companies give the public more information about how often they receive national security requests for users' data, in a legal settlement that eases a major source of friction between the U.S. government and some of Silicon Valley's leading firms.
But a separate development showed that a larger debate over government surveillance is not so easily resolved, as privacy advocates voiced alarm over reports that U.S. and British spy agencies have found ways to collect a wide range of user information from mobile apps — including Google Maps and Angry Birds — without seeking the companies' help.
While the settlement over tech firms' disclosures could help them show they aren't voluntarily turning over vast quantities of users' information, critics say revelations about the government accessing mobile data adds a new dimension to concerns about the companies' practice of compiling detailed user profiles for advertising and other commercial purposes.
“There are commercial uses of data that we don't like. But one of the major reasons we're concerned about the corporate collection of data has been the potential for government access and abuse,” said Justin Brookman, director of consumer privacy at the Center for Democracy and Technology.
The agreement for disclosing government data demands was negotiated after Google, Microsoft and other leading Internet companies filed lawsuits challenging previous regulations that limited their ability to disclose how often they receive official requests for user data.
Executives from Silicon Valley's biggest Internet companies made the issue a top priority in recent months, during meetings with President Barack Obama and administration officials. The companies have now agreed to drop their lawsuits.
Internet companies have been stung by news reports based on documents leaked by former National Security Agency contractor Edward Snowden, which show the government has collected information about Internet users in a variety of ways. The companies say they have only turned over information in response to legal demands involving small numbers of people, and they're anxious to show they respect users' privacy.
Under the settlement announced Monday, tech companies will be allowed to provide a more detailed breakdown of the number and types of requests they receive every six months, although they still won't be allowed to say exactly what information they supplied.
The companies will be allowed to disclose different categories of demands, including requests known as “National Security Letters” as well as orders that were previously kept secret under the Foreign Intelligence Surveillance Act. But they still must report the numbers in ranges of 250 or 1,000.
“We're pleased the Department of Justice has agreed that we and other providers can disclose this information,” said a statement issued jointly by Google, Facebook, Yahoo, Microsoft and LinkedIn.
While calling the settlement “a very positive step,” the companies also called on Congress to pursue additional reforms of the government's surveillance operation.
One civil liberties attorney called the settlement “a very small first step.” Nate Cardozo of the Electronic Frontier Foundation said it doesn't go as far as Congressional proposals that would let the companies be even more specific about which statutes are invoked by government authorities.
“If the companies aren't allowed to tell us which statutes are actually being used, then we can't have an informed debate,” Cardozo added.
Privacy advocates meanwhile voiced concern Monday over reports in the New York Times and the Guardian newspaper that said U.S. and British spy agencies have developed methods of collecting data transmitted by popular smartphone apps — including a user's age, gender, location and potentially more intimate details.
The newspapers said it's unclear how much of the information is routinely collected or analyzed or how many individuals have been affected. But the Times said classified documents suggest the spy agencies “routinely obtain information from certain apps,” including the popular Google Maps.
One NSA document suggests the agency can obtain location information, contact lists and even personal information such as sexual orientation from certain apps, according to the newspapers, while a British document spoke of extracting information from “Angry Birds,” a game that's been downloaded to smartphones and tablets more than 1 billion times.
Mobile apps collect a variety of data, including personal details that users volunteer when opening an account, which can be sent over wireless networks to app developers and advertising networks that use the information to deliver personalized services and commercials. The newspapers said U.S. and British agencies have ways to access data transmitted over wireless networks and Internet cables without companies' cooperation.
“We've been warning for a long time that the data collection practices of private companies would leave Internet users subject to surveillance by government agencies,” said Marc Rotenberg of the Electronic Privacy Information Center.
Google had no comment on the reports. The Application Developers Alliance issued a statement that condemned the government efforts and added: “Consumer trust is paramount in the app industry.”