Google Sees Growing Government Demand For User Data
More than two-thirds of demands for Google user data in the U.S. are made without a judge-approved warrant.
Updating its sixth semi-annual Transparency Report from November 2012, Google says that government requests for data about Google users continue to grow. Six months ago, the company said the same thing.
More Government Insights
- The Untapped Potential of Mobile Apps for Commercial Customers
- Will Your State Deliver a Modernized Medicaid Program by 2014?
- Best Practices Guide for IT Governance & Compliance
- Mobile Data Center Brings the Mobile Cloud to Life: Portable, Mobile Data Centers Aligned with Army Operations
User data requests worldwide have increased by more than 70% since 2009, Google says. In the past six months, from July 2012 through December 2012, the company received 21,389 requests for information about 33,634 user accounts.
During the previous six-month report period, Google received 20,938 data requests from government organizations for information from about 34,615 user accounts.
[ What did the Petraeus debacle teach about online privacy? Read Petraeus Snoop: 7 Privacy Facts. ]
Google's statistics indicate that the company is responding to a declining percentage of data requests. During the present reporting period, the company provided data for 88% of requests in the U.S. During the previous reporting period, that figure was 90%. For the July 2011 to December 2011 period, the number was 93% and a year earlier it was 94%. Google's global response rate also has declined, from 76% to 66% in the past two years.
This suggests that a growing percentage of data requests lack a sufficient legal basis to force Google's lawyers to reveal user data. Google seemed to say as much when it noted last year that it had received a number of fake court orders demanding the removal of content.
However, a Google spokeswoman cautioned against such an inference. "It's difficult to draw meaningful conclusions about the numbers we're reporting because they only show a tiny sliver of what's happening on the Internet at large," the spokeswoman said in an email. "The vast majority of requests we receive are for legitimate reasons and follow proper legal procedures."
Clearly, that's not the case in certain regions of the world. None of Turkey's user data requests have been met since the last six months of 2010, when Google started keeping such records. The situation is similar in Hungary. In Russia, Google received 97 user data requests from July 2012 through December 2012. It complied with just 1% of these requests. In Italy, Google complied with only 34% of data requests during this period.
For the first time, Google's report breaks down the type of legal process used to compel the company to release information. Twenty-two percent of requests, made under the Electronic Communications Privacy Act (ECPA), came with a judge-issued warrant, indicating that law enforcement authorities established sufficient probable cause to justify their demands for data.
Sixty-eight percent of requests under ECPA for user-identifying information were made using a subpoena, which does not require a judge's consent or evidence of a crime. Cyber liberties advocates have argued that authorities should be required to obtain a warrant before being granted access to user data.
Carly Nyst, head of international advocacy at Privacy International, said in a statement that Google's Transparency Report is a welcome example of increased corporate accountability but is also a reminder that information people hand over to online services is increasingly subject to government scrutiny.
Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)