What Google's Transparency Report doesn't tell us
Statutory rules prevent company from releasing full details of government data collection requests
Computerworld - Google's Transparency Reports, released every six months, are interesting not just for what they reveal about government requests for Internet user data, but also for what they do not reveal.
Transparency reports are basically a biannual compilation of requests Google receives from governments around the world for Internet user data. The reports, which have been generally lauded by privacy experts, are an effort by Google to keep users informed about the data requests and how often it complies with them.
The company's latest report, released on Wednesday, shows that the U.S. government again led other nations in submitting the most requests for user data with Google. In the second half of 2012, the U.S. put in 8,438 requests for Internet user data, up 6% from the 7,979 requests it placed in the first six months of the year.
Between 2011 and 2012, U.S. data requests from Google increased by more than 30%.
More than two-thirds of the data requests from the U.S. government were by subpoenas issued under the Electronic Communications Privacy Act (ECPA) that did not require any kind of judicial oversight. Only about 1,900 of the requests had probable cause warrants attached to them. Google complied with close to 88% of the requests it received from the U.S. government.
Sobering as the numbers are, they do not tell the full story, according to privacy advocates and rights groups.
Google's transparency reports do not include requests for user data made by the government under the U.S. Patriot Act, the Foreign Intelligence Surveillance Amendment Act or through the use of National Security Letters (NSLs). Most of the requests made via these statutes are tied to national security issues and often compel providers to disclose far more data than ECPA subpoenas and court orders permit.
Google has said that it will try to release more information about such requests in the future. But how it will do so remains to be seen, because companies that receive NSLs and requests under the Patriot Act and FISA are not allowed to publicly disclose the requests.
As a result, it's unclear how many more requests Google might have received from the government, how intrusive those requests were or how many people might have been impacted by the requests, said Trevor Timm, an activist with the Electronic Frontier Foundation.
Getting this information is "incredibly important, because we have no idea how much surveillance requests Google is getting or how many people are being targeted," he said.
The Patriot Act and FISA give the government enormous leeway to collect all kinds of information on wide swathes of people without requiring a warrant based on probable cause, Timm noted. "Even a few senators have said that if people knew how [the Patriot Act and FISA] are being interpreted they would be shocked," he said. "They have insinuated that the government is using [these laws] as a dragnet to gather information" on huge numbers of people.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!