Patrick Lambert discusses the latest Google report on the number of user-data requests it receives from world governments. These requests spiked 29% in 2011.
Google has been publishing statistics on how many requests it receives from the various world governments for a couple of years now. These requests fall into two categories. In the first case they asked Google to divulge user information, such as their personal contact information, or what they did using Google's services. In the second case, they asked Google to remove pieces of content from their services. Google is the only major company to publish data about the requests they get, and they do so every six months. The last report, published last week, reveals that in the first six months of 2011, these requests went up 29%.
The information shows things like 757 items being requested to be removed by the US Government, 646 by South Korea, 121 by China, and so on. Then, Google says how many of these requests it complied with. In some cases, like for the US, they specify how many were for copyright issues, defamation, and so on. They also divide the requests by service, such as YouTube, Blogger, AdWords, and so on. When it comes to obtaining user data, the numbers are even more impressive. The various United States government entities asked for information on 11,057 users or accounts. Google complied with 93% of those. The second highest number is India, with 2,439 requests. In that case, the company complied with 70%.
Not everything is shown by the Google transparency report. For example, in many cases data is omitted when the company isn't allowed to talk about it. Also, when the number of requests was low, they may have been omitted entirely. The overall stats show which countries are more likely to censor versus those who aren't. They also show which services are most likely to cause issues with governments. Private parties however are not part of this report, so when a company such as a music label asks to remove content from YouTube, that isn't included.
The very fact that Google publishes these stats is an anomaly. No other large company does, even though they certainly receive requests as well. We know, for example, that all four major cellphone carriers in the U.S. have web portals that law enforcement and government officials can use to get user information. But there's no indication from them how many requests they receive, if they review them, or if they comply with all of them. Google is part of a group called the Due Process Coalition, a group that attempts to bring reforms to U.S. laws that allow broad, warrantless tapping of information by government officials. Yet, none of the other members of this group, such as AOL, AT&T, Facebook, or Microsoft, publish any such transparency information.
Then, there's the so-called National Security Letters. Those are the letters that the FBI can send to anyone, asking for information about anything, without a warrant. These letters almost always come with a gag order as well, so the party who receives it cannot talk about it. The FBI issues over 50,000 such letters every year, and those cannot be part of any transparency report, since their very existence is kept secret. While they are supposed to be used in drug or terrorism cases, it's long been suspected that they are being widely abused, and used for cases with nothing to do with national security. The Department of Justice confirmed that, indeed, this was the case.
Of course, it's easy for U.S. citizens to feel that the Government has powers that are too broad, and with the sharp increase in requests to Google, and presumably the same being true for all other corporations, this may well be. But in some ways, it's even worse for non-U.S. citizens. While there are some checks and balances for what kind of data the government can get on U.S. citizens, when it comes to traffic from other countries that come into the US, the door is wide open. Ever since it was first exposed, it's now no secret that the NSA looks at every piece of data that comes from what it believes are non-U.S. citizens, using racks of servers to analyze the data, regardless if it's a potentially criminal, or just an email exchange between a business and its client.
Feeling paranoid yet?
There are many ways people can reverse the tide, if they so choose. The first is awareness. The spread and broad scope of those data mining practices have to be exposed, and Google is so far the only large entity to do so. Then, open source, backdoor-free encryption has to become universal, easily integrated into every site and every computer, so that all online traffic becomes free from potential abuse. On the political stage, reforms have to be passed as well, although with globalization and differing laws between countries, it's hard to get everyone to agree on what is right, and what the laws should say.
Still, IT pros have a lot of say in this. If a site supports SSL, there's no reason it can't force clients to switch to SSL connections whenever possible. If your corporation makes mobile apps, care should be taken so that these apps use data efficiently and securely. When laptops or portable devices such as smartphones are provided to employees, encryption with plausible deniability should be the default behavior, not only to protect important corporate data, but also any kind of abusive search, by anyone.
The point is that Governments and law enforcement have good reasons to hunt down data to solve crimes and catch criminals - a job that the justice system is set up to do; the court system is what is set up to prevent abuse. Whether government snooping goes too far by mistake, or deliberate action, it's easy to get outraged by overzealous government officials. But they only do it because technology makes it easy for them to do so, using packet sniffers and high capacity routers. It's up to people like us, those who work in technology, to create balances for that.