Open Letter to Internet Companies: Tell Us How Much We Are Being Surveilled

Google just unveiled the latest figures in its Transparency Report, which explains how often the company gives your private data to the government. Despite our criticism of the report’s lack of “transparency,” we applaud it nevertheless.

That’s right, for about two years, the Mountain View, California technology giant has been releasing the number of government requests for user data, and other numbers. The figures aren’t pretty, and they paint a picture of growing government surveillance.

But that is only a fraction of the surveillance puzzle.

We need not wear a tinfoil hat to understand that today we live in a digital world where paper is so yesterday, where most of our data and effects reside on the servers (the cloud) of internet companies. So it is time that these companies — Amazon, Apple, AT&T, Comcast, Facebook, Foursquare, Microsoft, MySpace, Skype, Sprint, Twitter, Verizon, Yahoo, and others — step up to the plate and follow Google’s lead.

Tell us, the public — your customers who often entrust our private thoughts in you — how often the government demands our private data. A survey by the Electronic Frontier Foundation, shown at right, says you don’t make that public. Why not?

And go a step bigger than Google. Tell us how often the data is demanded without a probable-cause warrant. No company does that.

Google said the United States sought user data 6,321 times for the six months ending December 2011, data that includes email communications, documents, and, among other things, browsing activity and even IP addresses used to create an account.

Google didn’t say whether the government had probable-cause warrants to get the data. We have repeatedly urged it to do so.

We are riled up on this issue because the law does not always require a warrant for companies to hand over your deepest online thoughts to the government.

The 1986 Electronic Communications Privacy Act allows the government to acquire email or other stored content from an internet service provider without showing probable cause that a crime was committed, as long as the content has been stored on a third-party server for 180 days or more. Under ECPA, the government only needs to show that it has “reasonable grounds to believe” the information would be useful in an investigation.

The act was adopted at a time when email wasn’t stored on servers for a long time, but instead was held there briefly on its way to the recipient’s inbox. In the 1980s, email more than 6 months old was assumed abandoned, and therefore ripe for the taking without a probable-cause warrant.

And Congress wants to keep this obvious Fourth Amendment breach alive, as a Senate proposal to amend the law last year never even got a committee hearing.

Maybe these internet companies refusing to be transparent have something to hide? Maybe they’re just in bed with the government. Who knows? Their silence makes us suspicious.

The nation’s mobile carriers have somewhat spoken on the issue. When defeating California legislation that would force them to publicly report the number of times they turn over cell phone location information to police and federal agents, they successfully argued that such a plan would be too burdensome, and would take time away from the important work of sharing customer data with cops “day and night.”

Meanwhile, the government continues to argue that it doesn’t need probable cause to track you via your phone, because they want to use that data to get probable cause.

On the brighter side, it’s pretty awesome that Google is taking strides to inform the public of the government’s move to obtain data about thousands of account holders’ Gmail, Google Docs, IP addresses and surfing history. We anticipate that the report will get fuller as it matures.

That has snowballed to Dropbox, LinkedIn, and SpiderOak — companies that the EFF study shows also release figures on government demands for user data.

And to Twitter’s credit, the company has been forceful and effective at bringing to light government demands for user data, giving users notice so they can object and fight against unreasonable requests.

There’s an implicit bargain between users and these online services. We trust you with our data and let you use it to serve us ads in exchange for free or cheap services. But trust is rooted in transparency. And right now, there’s no sizable company doing it right when it comes to telling us what data is being stored and how often and how the world’s governments come asking for it.

It’s time for that to change.

Photo: Nico Kaiser