Google Releases Latest Transparency Report
January 24, 2013

US Law Enforcement Requests For Google User Data Grew 70% Since 2009

redOrbit Staff & Wire Reports - Your Universe Online

Requests by law enforcement agencies for Google´s user data have skyrocketed more than 70% since 2009, the Internet search giant revealed on Wednesday in its latest Transparency Report.

The report is Google´s voluntary disclosure of how many times it removed data from its services, or submitted user information to government agencies during the last six months.

The company said it received 8,438 U.S. government requests for user data between July and December of 2012, and complied with 88% of those requests.

Those figures represent a 33% increase from the 6,321 requests Google received during the same period in 2011, and a 70% increase since Google began issuing its semi-annual Transparency Report in 2009.

“It´s important for people to understand how government actions affect them,” wrote Google legal director Richard Salgado in a blog post accompanying the report.

Google said that just 22% of the user data requests it received included a search warrant, while 68% of the requests were issued with only a subpoena, which doesn´t require evidence of “probable cause” that the data was relevant to a crime. The remaining requests involved other types of court orders or processes that are difficult to categorize, Google said.

In a statement to Wired on Wednesday, Google clarified that it requires all government entities to obtain a probable-cause warrant for customer data requests involving content from its email, cloud storage and other services, despite the fact that the Electronic Communications Privacy Act (ECPA) allows the government to request such customer data without a warrant if it´s stored on Google´s servers for more than 180 days.

This is because when the ECPA was enacted in 1986, e-mails were only stored on servers for a brief time as they made their way to a recipient´s inbox. Messages greater than 6 months old were assumed abandoned, and were therefore not subject to strict requirements for probable-cause warrants.

“Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the Constitution, which prevents unreasonable search and seizure,” Google spokesman Chris Gaither told Wired.

However, that warrant requirement does not apply to “non-content” data such as users´ IP addresses, locations and the names of contacts.

Google has been gradually reducing its compliance with the governments´ growing data demands, from 94% in 2010 to 90% last year and 88% in the last half of 2012, according to the report.

Google is one of the few tech companies, along with Twitter, that provides data about the user data requests it receives from law enforcement agencies throughout the world.

Facebook, Microsoft and many wireless carriers offer no such transparency about the government data requests they receive.

Google´s disclosure of how few of those requests accompany a warrant sets a new standard for transparency about the exchange of customer data between companies and law enforcement.

“We´ll keep looking for more ways to inform you about government requests and how we handle them,” Salgado said.

“We hope more companies and governments themselves join us in this effort by releasing similar kinds of data.”

Civil liberties groups praised Google´s disclosures about government requests for data, but expressed frustration that other firms haven´t been as open.

“Good for Google and where is everybody else?” said Chris Calabrese, Legislative Counsel for the American Civil Liberties Union.

“The only other major company to release these types of numbers is Twitter. Where are Verizon and Facebook and Microsoft? How about AT&T, Amazon or Comcast?”

“Clearly the government is very interested in this information and clearly companies sometimes have to comply (most are lawful orders after all) but how can we have an intelligent debate about reforming privacy laws, things like location tracking and email privacy, without any sense of the scope of the problem?” he said.

“Major companies have a duty to safeguard their customers — especially if those same customers have no way of learning about the problems themselves.”