US Demands for Google User Data Growing, But Full Picture Remains Murky


Government agencies across the United States sought user data from Google 6,321 times for the six months ending December 2011, up from 5,950 the six months prior, according to a new Google report.

Google, which offers email, cloud storage, a blogging platform, web search, and other services, every six months unveils a so-called Transparency Report shedding light on government requests for data and takedowns. The latest results show that the US government targeted 12,243 Google accounts, compared to 11,057 in the six months before.

Google’s transparency data is also limited as it does not include requests under the Patriot Act, which can include National Security Letters with gag orders attached. Nor do the data include anti-terrorism eavesdropping court orders known as FISA orders or any dragnet surveillance programs legalized in 2008, as those are secret, too.

Of the 28 nations listed in the Google survey, the United States filed the largest number of requests. India came in a far second, with 2,207 for the six months ending December 31.

Still, while Google the last two years is becoming increasingly more transparent by providing these numbers, and other figures related to content removal for copyright, defamation and other reasons, the latest report contains a glaring omission.

Nowhere does it say how many times it turned over user data in the United States as a result of a probable-cause warrant.

We have repeatedly asked Google for such information, but to no avail.

Google declined to address the topic when we asked it again Monday. In a canned response attributable to a “Google spokesperson,” the Mountain View, California technology concern replied:

“As with many other Google products, we like to launch and iterate. The Transparency Report is no different. As we’ve worked on this project, over time we’ve figured out the best way to disclose increasing amounts of information.”

The data being coughed up includes e-mail communications, documents and, among other things, browsing activity, and even IP addresses used to create an account.

We suspect that an alarming amount of the data is being turned over without a probable-cause warrant. The reason is that, in the United States, the law is so antiquated that a warrant is often not required.

But, again, we don’t know for sure, as Google is not saying. The company says it supports reforming┬áthe Electronic Communications Privacy Act, a 1986 measure which allows warrantless access to electronically stored data without warrants.

And it even includes a link to its call for reform from the transparency page.

In our view, the biggest way for Google to garner support for ECPA is to demonstrate how the law is being used in practice, to show Americans that the Fourth Amendment in theory isn’t what it should be when it comes to practice in the digital world.

Senate Judiciary Committee chairman Patrick Leahy (D-Vermont) proposed sweeping digital privacy protections a year ago that would require the government, for the first time, to get a probable-cause warrant to obtain e-mail and other content stored in the cloud.

The measure never even saw the light of day in Leahy’s committee, and died a quiet death.

Leahy’s proposal would have nullified a provision of the 1986 Electronic Communications Privacy Act that allows the government to acquire a suspect’s e-mail or other stored content from an internet service provider without showing probable cause that a crime was committed, as long as the content has been stored on a third-party server for 180 days or more. Under ECPA, the government only needs to show that it has “reasonable grounds to believe” the information would be useful in an investigation.

The act was adopted at a time when e-mail wasn’t stored on servers for a long time, but instead was held there briefly on its way to the recipient’s inbox. In the 1980s, e-mail more than 6 months old was assumed abandoned, and therefore ripe for the taking without a probable-cause warrant.

Meanwhile, a separate set of datasets Google released under its report included the number of times it has acquiesced to court orders to remove content — because of a court order — from its search results, YouTube and other products and services. The bulk of the reasons stemmed from orders surrounding issues of copyright, defamation and privacy.

In the six months ending December 31, the United States came in with 117 requests, up from 55 the six months prior. Brazil won the category, with 128, down from 140 the previous six months. Iran and China are not included in the results, as those nations employ government filters to remove content.

Photo: torkildr/Flickr