What Google's Transparency Report doesn't tell us
Concerns about these laws recently prompted the European Parliament's Directorate General for Internal Policies to warn companies in the EU about the potential privacy implications of having their data hosted with U.S cloud services.
Google itself appears to be digging its heels in a bit. Google spokesman Chris Gaither said the company has been making an effort to ensure that all government requests for data follow the law and are not overly broad. "We notify users about legal demands when appropriate, unless prohibited by law or court order. And if we believe a request is overly broad, we seek to narrow it -- like when we persuaded a court to drastically limit a U.S. government request for two months' of user search queries," he said via email.
Gaither noted that Google has insisted on government agencies getting an ECPA search warrant based on probable cause for access to stored contents of Gmail and other Google services.
The type of information that Google provides varies quite a bit, Gaither he said. For example, a valid ECPA subpoena for a Gmail address could compel Google to disclose the name listed when creating the account, and the IP address from which the user created the account and signed in and signed out, along with all relevant dates and times, Gaither said.
Similarly, a valid ECPA court order could compel Google to disclose the IP address associated with a particular email sent from that account or used to change the account password, along with the non-content portion of email heads such as the "from," "to" and "date" fields, he noted. "A valid ECPA warrant could compel us to disclose stored content such as the contents of a Gmail account," he said.
Greg Nojeim, senior counsel for the Center for Democracy and Technology, said that the latest transparency report shows that Google's refusal to comply with law enforcement demands has gone up in the last two years -- even as the number of demands for data nearly doubled.
A "hat tip to Google for releasing this important information," Nojeim said. "This shows not only that law enforcement demands are skyrocketing, but that [the] proportion of those demands that are inappropriate may also be increasing. The data contribute to an already compelling case for Congress to take up ECPA reform to protect user privacy."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Snowden leaks erode trust in Internet companies, government
- NSA phone metadata collection program renewed for 90 days
- NSA isn't evil, says noted civil libertarian
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
Read more about Privacy in Computerworld's Privacy Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts