Schneier on Security
A blog covering security and security technology.
« Twofish Mentioned in Thriller Novel |
| Cracking the Copiale Cipher »
October 26, 2011
Demands from Law Enforcement for Google Data
Google releases statistics:
Google received more than 15,600 requests in the January-June period, 10 percent more than the final six months of last year. The requests in the latest period spanned more than 25,400 individual accounts worldwide - a tiny fraction of Google's more than billion users.
The highest volume of government demands for user data came from the U.S. (5,950 requests, a 29 percent increase from the previous six-month stretch); India (1,739 requests, up 2 percent); France (1,300 requests, up 27 percent); Britain (1,273 requests, up 10 percent); and Germany (1,060 requests, up 38 percent).
The company usually complies with at least a portion of most government demands. Google has said that it often has little choice because it must obey laws in the countries where it operates. The alternative is to leave, as it did last year when it shifted its search engine to Hong Kong so it wouldn't have to follow mainland China's censorship requirements.
In the U.S., Google gave federal, state and other agencies what they wanted 93 percent of the time. The nearly 6,000 requests affected more than 11,000 user accounts during the January-June period.
In India, Google honored 70 percent of the 1,739 requests, which targeted more than 2,400 users, the second highest totals.
Google, which is based in Mountain View, Calif., rejected the most government demands for user information in Argentina, where 68 percent of the requests were denied. Less than 50 percent of the government requests for user data were complied with in Canada, Chile, France, Hong Kong, Mexico, the Netherlands, Russia, Turkey and South Korea.
I'm sure they have an office full of attorneys versed in the laws of various countries.
Posted on October 26, 2011 at 5:54 AM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Just because they must obey the laws doesn't mean that they have to do it blindly. I hope they have a legal team reviewing each and every one of the requests from US law enforcement. Google should have went to the mat for their customers over some of the requests that I've seen publicized.
It gives me the odd wonder about how well the Google vs Apple & Microsoft / Android vs iPhone and Windows Phone patent battles will go, and if there's any relationship between the patent battles and surveillance requests. I'm sure that at any official level there's no relationship. I also wouldn't be surprised to hear that at the backroom level, some sort of "champion" can speak up in favor of one party or the other, across any government division.
Why would google spend much effort challenging local government requests? This is an externality. The FBI requests normally include a confidentiality clause that prohibits even the target from being notified.
There is a downside from bad press. But this article seems to be all the press they have received in a six month time-frame.
What if google were to contract their government compliance requests to a third party, such as EFF? That would let their customer base know they take their responsibility to protect their data seriously. And, the government might hesitate to issue requests in every instance knowing the EFF might push back with some teeth.
If nothing else, I appreciate the transparancy by Google in this matter. It would be kinda nice to see similar statistics from MSFT, FB, Apple and the like.
They might serve as a warning for those among us who are genuinely convinced that these companies respect and apply privacy T&C's and regulations governing user data, both when it comes to government requests and in the field of sharing those with 3rd parties.
Nowhere in the article are the words warrant or subpoena.
I wonder how much is done via NSLs and how many are vetted by the judicial system.
Several of the questions in the comments so far can be answered by consulting the original source at the Google Transparency Project site. Notice especially the "Raw data" link on the left.
What if they "went to the mat for their users"?
Quite possibly what happened to Qwest and its CEO when they balked at warrantless wiretaps.
You may not like Sergey and Larry, but asking them to sign up for jail time so you don't have to watch what you say is a bit steep. Besides, Zuck will rat you out if they don't.
Correct me if I'm wrong, but didn't Google exit China in retaliation for hacking Google? The article makes it sound like Google was doing business in China, and then one day China demanded Google to censor search results, so Google left. Not even close.
Google just moved their servers to Hong-Kong, still in China and still do business in China - I suspect this wasn't "in response to" anything, but a carefully calculated strategy to send a certain level of message to the authorities
The concept of Law, as a knowable set of unified rules,
which is applied consistently,
is local to certain cultures, and foreign to most.
So, the idea of "complying with requests from law enforcement"
actually means complying with the whim
of a local bureaucrat, chief, or warlord in much of the world,
for whatever transitorty motive they serve, hold, or have sold to.
But, as long as google must not report all request from FBI or NSA, these statistics are of little value.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.