Those sample figures indicate the real total number of requests is likely much, much higher, since U.S. law does not require reporting and companies are reluctant to voluntarily release the data.
"The reason for this widespread secrecy appears to be a fear that such information may scare users and give them reason to fear that their private information is not safe," Soghoian wrote.
In 2000, the House of Representatives considered legislation that would have set standards for reporting requests by police for location information, such as the tracking of mobile phones. But the Department of Justice opposed the bill, Soghoian wrote, saying the reporting requirements would be too time consuming.
Soghoian argues that Congress should have oversight of these new surveillance powers. He recommended mandating that the Administrative Office of the U.S. Courts compile statistics on requests for stored communications as they do now for wiretap orders. The information could be sent to the office by the courts rather than the DOJ.
"These reporting requirements would provide Congress with the information necessary to make sound policy in the area of electronic surveillance," Soghoian wrote.
Sign up for CIO Asia eNewsletters.