Facebook Report Discloses Number of Government Requests for User Data

Facebook Report Discloses Number of Government Requests for User Data
Facebook Report Discloses Number of Government Requests for User Data

The report is broken down into four columns: the total number of requests, the total number of users concerned, and the percentage of these honored to some degree, by individual country. The purpose is clearly to show that despite the Edward Snowden leaks about US company collaboration with the NSA, Facebook really does care about user privacy. “We want to make sure that the people who use our service understand the nature and extent of the requests we receive and the strict policies and processes we have in place to handle them,” said Colin Stretch, Facebook general counsel, introducing the report.

The actual value of the report – beyond showing that Facebook gets lots of requests and doesn’t honor all of them – is debatable. The headline figure is that the US made between 20,000 and 21,000 requests for individual account details (it isn’t allowed to give a precise figure). Second was India with 4,144, and third the UK with 2,337. If we adjust these by the percentage honored, we get 16195, 2072 and 1589 respectively. But if we then take these numbers in relation to the country’s population, we get one successful request per 19,545 people in the US, one request per 595,115 people in India, and one request per 40,091 people in the UK. 

Even this, however, would depend upon uniform Facebook adoption within each country. But what it does show is that while in raw numbers it might appear that the Indian government makes twice as many requests as the UK government, any individual user in India is many times less likely to be the subject of a government request than an individual in the UK.

The Verge specifically questions the figures returned for Turkey which is currently suffering public unrest. “In June”, writes The Verge, “an official claimed the government was working with Facebook to identify protestors on social media during a bloody crackdown, something that Facebook denied. ‘We reject all government data requests from Turkish authorities and push them to formal legal channels unless it appears that there is an immediate threat to life or a child, which has been the case in only a small fraction of the requests we have received’”, said Facebook.

But according to the new report, Facebook received only 170 requests in total, and rejected only 53%. The difference is not enough to question either Facebook’s earlier statement or its current figures – but is enough to demonstrate that such transparency reports do not and cannot give the whole picture.

It is further complicated by the Snowden Prism leaks. If the NSA and GCHQ have effective access to Facebook, why do the US and the UK need to make any requests at all? This is partly answered by Facebook itself: “The vast majority of these requests relate to criminal cases, such as robberies or kidnappings.” In other words the majority of requests come from the police rather than the national security services; and the police are unlikely to have free access to NSA and GCHQ data.

A report in the  BBC notes Privacy International: "We are now aware of a terrifying reality - that governments don't necessarily need intermediaries like Facebook, Google, and Microsoft to get our data."

What’s Hot on Infosecurity Magazine?