A Small Orange's first National Security Process Transparency Report - Blogging, Small Business, Web Design & Hosting Tips - A Small Orange

A Small Orange’s first National Security Process Transparency Report

As part of our homegrown approach to web hosting, it is important that we are honest and transparent with our customers whenever possible.

That’s why we were pleased to see that last week the Attorney General and the Director of National Intelligence issued a joint statement announcing new and more flexible reporting methods for national security orders, including National Security Letters (NSLs) and Foreign Intelligence Surveillance Act (FISA) orders. Under one of the two disclosure options provided by the U.S. government, companies can now disclose the total number of all national security process received, including all NSLs and FISA orders, as a single number, starting with 0-249, and thereafter in bands of 250.

We believe that the press coverage of, and attention paid towards, national security orders is disproportionate to the actual number of orders issued. For example, according to data published by the companies, Google has received fewer than 1,000 NSLs, as has Facebook, Microsoft, and Yahoo.

The above data from some of the largest tech companies in the world suggest to us and others in the technical community that the number of NSLs and FISA orders received by a typical internet company is likely not very high.

Today, A Small Orange is publishing its first Transparency Report on national security process received, including NSLs and FISA orders:

  • National Security Process Received: 0 – 249
  • Total Accounts Affected: 0 – 249

At A Small Orange, we still believe we should be able to disclose the exact number and type of national security orders we receive. It’s a question current and potential customers have asked us a number of times, and it bothers us to not to be able to answer it.

After the DOJ announcement, the Internet Infrastructure Coalition, of which A Small Orange is a founding member, issued a statement reiterating the need for companies to be more transparent with their customers than even the new guidelines allow.

We will be following the developments in this area closely.

  • Jessi

    Life is creepy these days, knowing that Big Brother is keeping an eye on us all, and not knowing whether that Big Bro is taking a special interest in you in particular. Thank you for sharing what information you can.

  • IBBoard

    So, you might have received some (~10), lots (249) or none (0). I know it is progress, but seriously, is that the best that companies are allowed to do? Surely you should be allowed to differentiate 0 from >0, and then I was expecting something more like a 1-49 grouping, with Google reporting in the 2m-2.25m range (since at that scale it matters less).

    Oh well, at least ASO have been allowed to say something.

    • That’s correct. As noted in the post, even companies as large as Google and Facebook have received less than 1,000. For companies many, many times smaller than Google like A Small Orange, 0-249 still is no where near specific enough in my opinion.

  • Andrew

    Good for you for reporting what you can.

    I’m seriously considering moving my hosting back into Canada. I love ASO, but your governmental organizations are even creepier than ours. Apparently our privacy minister is looking into whether hosting data in American data centres violates our privacy laws, given what we now know.