In its latest iteration of the Transparency Report, meant to alert consumers as to how their online information is used, Google shows that user data requests of all kinds have increased by more than 70% since 2009. And from July through December 2012, Google received 21,389 requests for information from government entities in the US, regarding 33,634 users. A full 68% of them were made through the aforementioned subpoenas.
“These are requests for user-identifying information, issued under the Electronic Communications Privacy Act (ECPA), and are the easiest to get because they typically don’t involve judges,” wrote Richard Salgado, legal director for law enforcement and information security at Google, in a blog.
The intelligence comes from a newly added breakdown in the report of the kinds of legal process that government entities in the US use when compelling communications and technology companies to hand over user data. It found that another 22% of requests came through ECPA search warrants. “These are, generally speaking, orders issued by judges under ECPA, based on a demonstration of probable cause to believe that certain information related to a crime is presently in the place to be searched,” Salgado explained.
The remaining 10% were mostly court orders issued under ECPA by judges or other processes that are difficult to categorize.
The information points to more work that the internet behemoth could do to protect user privacy, some say. “Google’s policy to require probable-cause warrants moves in the right direction, but still leaves gaps in the release of your important information” Pravin Kothari, CEO at cloud encryption company CipherCloud, told Infosecurity. “Information in Google can still be divulged without warrants. Also it does not address requests from agencies under the US Patriot Act, which generally do not require warrants. This is where the government can target individual Gmail accounts, i.e., General David Petraeus, without their knowledge.”
Citing his own company’s raison d’etre, Kothari added that individuals and companies would do well to encrypt their information before it is sent to Google or any other cloud application. “This way no one but you or your company, whether it's law enforcement, cloud provider system admins or cybercriminals, can access your sensitive information under any circumstances without contacting you first,” he said.
This is the seventh time that Google has published its Transparency Report, which details the number of information requests from governments by country. Like other technology and communications companies, Google regularly receives requests from government agencies and courts around the world to hand over user data, and the report publishes information in six-month chunks. It said that it saw a sharp increase in information requests throughout 2012.