What Google's Transparency Report doesn't tell us
Concerns about these laws recently prompted the European Parliament's Directorate General for Internal Policies to warn companies in the EU about the potential privacy implications of having their data hosted with U.S cloud services.
Google itself appears to be digging its heels in a bit. Google spokesman Chris Gaither said the company has been making an effort to ensure that all government requests for data follow the law and are not overly broad. "We notify users about legal demands when appropriate, unless prohibited by law or court order. And if we believe a request is overly broad, we seek to narrow it -- like when we persuaded a court to drastically limit a U.S. government request for two months' of user search queries," he said via email.
Gaither noted that Google has insisted on government agencies getting an ECPA search warrant based on probable cause for access to stored contents of Gmail and other Google services.
The type of information that Google provides varies quite a bit, Gaither he said. For example, a valid ECPA subpoena for a Gmail address could compel Google to disclose the name listed when creating the account, and the IP address from which the user created the account and signed in and signed out, along with all relevant dates and times, Gaither said.
Similarly, a valid ECPA court order could compel Google to disclose the IP address associated with a particular email sent from that account or used to change the account password, along with the non-content portion of email heads such as the "from," "to" and "date" fields, he noted. "A valid ECPA warrant could compel us to disclose stored content such as the contents of a Gmail account," he said.
Greg Nojeim, senior counsel for the Center for Democracy and Technology, said that the latest transparency report shows that Google's refusal to comply with law enforcement demands has gone up in the last two years -- even as the number of demands for data nearly doubled.
A "hat tip to Google for releasing this important information," Nojeim said. "This shows not only that law enforcement demands are skyrocketing, but that [the] proportion of those demands that are inappropriate may also be increasing. The data contribute to an already compelling case for Congress to take up ECPA reform to protect user privacy."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!