Google's transparency report lacking


By Dylan Bushell-Embling
Tuesday, 01 April, 2014


Google's transparency report lacking

Australian law enforcement agencies made 780 requests for user data to Google during the second half of 2013, according to the web giant’s latest transparency report.

The number of requests from Australian authorities received by Google has increased every half year since the company started reporting the figures in the second half of 2009. Requests grew from 584 in the second half of 2012 and 645 in the first half of 2013.

According to Google’s report, the requests for 2H13 covered 944 Australian user accounts. Around 70% of the filings resulted in some information being shared with authorities - the highest proportion of successful requests since the first half of 2011.

Worldwide, Google fielded 27,477 requests from authorities during the half year. Information was shared in 64% of cases. A request may be refused or narrowed down if Google determines it is not legally valid.

Combined, the requests covered over 42,000 Google accounts. But this does not necessarily represent the number of users of Google services that global authorities sought information from, as in some cases multiple requests may have been after the same user data.

“Government requests for user information in criminal cases have increased by about 120% since we first began publishing these numbers in 2009,” Richard Salgado, Google legal director for law enforcement and information security, said in a blog post announcing the report.

“Though our number of users has grown throughout the time period, we’re also seeing more and more governments start to exercise their authority to make requests.”

The report shows that Google received requests from authorities in 65 countries during the period. The list includes some unlikely candidates, such as Vatican city, which made one request (it was denied).

Interestingly, the number of requests for user information has increased every half year since the company started publishing the reports, while the percentage of successful requests has decreased in every report. It must be noted that Google started sharing details on the percentage of successful requests in its report for the second half of 2010.

The United States was responsible for by far the greatest number of user data requests for the half year - 10,574. Authorities in the nation also had the highest success rate (83%) among the 21 countries which sent over 100 requests.

Beyond these statistics, the report provides little to no information on the content of the requests. Whether it is by design or because it is restricted from doing so is unclear, but Google’s transparency report does not break down successful demands for information in terms of the type of data shared.

Google’s FAQ about the legal process states that in the US there are three tiers of legal requests. Law enforcement agencies can legally request information, such as the name and IP address a customer used to create a Google account, without a judge’s authority. Using a court order, authorities can request more detailed information such as the non-content portion of email headers. To seek content such as Gmail messages and search query information, authorities need a search warrant.

This information applies to many requests from non-US authorities as well, as they often use a mutual legal assistance treaty with the US to have requests processed under US law. That said, there are a number of other ways international authorities can obtain information from Google and other US companies. There are also exceptions in the US and internationally for emergency situations.

Google users concerned about their privacy would likely distinguish between Google sharing their IP address with authorities and sharing the contents of their Gmail account, so the fact that the report does not make that distinction seems to be an omission.

Google’s report does state that it advises customers when authorities demand access to their information, except when prohibited from doing so by law or court order. But the controversial Foreign Intelligence Surveillance Act (FISA) prohibits Google from informing non-US users that they have been targeted in a FISA request, and also requires companies to delay providing statistics about the number of requests in their transparency reports.

Pictured: Richard Salgado, Google legal director for law enforcement and information security, courtesy of Eric Chan under CC

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd