Google Reveals How U.S. Government Obtains User Information

A woman looks at a laptop computer.
Start your day with TPM.
Sign up for the Morning Memo newsletter

Google on Wednesday released a substantial update to its periodic Transparency Report, a public tally of the number of requests for users’ private information Google receives from various government agencies and law enforcement bodies around the globe.

The update is significant primarily for U.S. users of Google’s many websites and services, from Gmail to YouTube to Google’s Chrome browser, as it now shows in detail the exact types of government requests for user information it has received, categorizing them as “Subpoena,” “Search warrant,” or “Other.”

“We’re always looking for ways to make the report even more informative,” wrote Richard Salgado, Google’s legal director for law enforcement and information security, in an official company blog post published Wednesday morning.

The new, more detailed report provides a look at which specific legal tools U.S. government agencies turn to when attempting to obtain information about Google users and their Web activities, which tools are favored above others, and how many individual users have had their data probed.

In the U.S. from July to December 2012, Google said it received a total of 8,438 distinct requests for information covering a staggering 14,791 user accounts. Check out the infographs Google published Wednesday of the total requests (first) and the total number of user accounts to which they pertained (second). See the full results here:

Of the requests for Google user information from U.S. authorities, the vast majority — exactly 5,784 — were subpoenas that covered 10,390 user accounts. Another 1,896 were search warrants covering 3,152 user accounts, and 758 were “other” types of government requests for information on 1,249 user accounts. The “other” category mostly includes court orders issued under the 1986 Electronic Communications Privacy Act (ECPA), Google’s Salgado wrote.

ECPA — which allows government and law enforcement agencies to obtain a user’s email records that are six months (180 days) or older with only a subpoena and no warrant — is also the basis for most of the subpoenas and warrants that Google received from the U.S., according to Salgado.

There has been an effort in Washington to reform ECPA to require law enforcement agencies to obtain a warrant to access email of any age, led by Senator Patrick Leahy (D-Vt.), but his bill encoding such changes stalled in the last Congress and has yet to make headway in the current one.

Still, even with those reforms, it appears that law enforcement agencies are already winning broad court approval via warrants to force Google to hand over the contents of user’s emails and Web surfing activities, among other data.

Google, for its part, has repeatedly noted that it doesn’t comply with all of these government requests to provide otherwise confidential user information.

The search giant’s new Transparency Report updates also include a breakdown of how many requests of each type Google did comply with over the six month period: 88 percent compliance with search warrants and subpoenas, and 90 percent of the other types of court orders, less than the overall 94 percent compliance with all types of requests for user info from U.S. authorities Google reported back in 2010, when there were fewer of them. See those stats in the following Google graph and table below:

For now, Google is only providing such granular breakdowns on the types of requests for user information it recieves in the U.S. (and from the July-December 2012 period going forward, so there is no such breakdown for older request totals). But a Google spokesperson told TPM that the company was considering how to provide similarly granular breakdowns of user information requests in other countries with different legal systems.

“All local legal processes are different, and it’s complicated to try to denote every single one in a meaningful way that’s comparable,” Google’s spokesperson told TPM in a statement. “We’ve started with the U.S. because we are a U.S. company and we get more requests for more accounts from the U.S. than any other country.”

Over the six-month period from July to December 2012, around the world, Google received requests for information on 33,634 of its users (again, some of those user requests appear to have been consolidated in larger request forms, as Google also notes it received 21,389 distinct requests during that period).

That’s a 70 percent increase in total user data requests from 2009, as the Web giant noted.

Google concluded its Transparency Report update for early 2013 with Salgado calling upon “more companies and governments themselves [to] join us in this effort by releasing similar kinds of data.”

The company said it would be releasing other data on content takedown notices separately later in the year.

Twitter also regularly releases a similarly structured Transparency Report. Facebook, to date, does not. However, Google also consistently mistakenly receives requests for user information from Facebook, as a company executive said during a panel in Washington, D.C. on Tuesday, The Huffington Post reported.

Correction: This article originally misidentified the Electronic Communications Privacy Act (ECPA) as the “Electronic Privacy Communications Act (EPCA).” The error has since been corrected in copy and we regret it.

Latest Idealab
Comments
Masthead Masthead
Founder & Editor-in-Chief:
Executive Editor:
Managing Editor:
Associate Editor:
Editor at Large:
General Counsel:
Publisher:
Head of Product:
Director of Technology:
Associate Publisher:
Front End Developer:
Senior Designer: