Sunday, November 25, 2012

Why does Google give US law enforcement special access to user info compared to other nations?

In the wake of the David Petraeus scandal, in which the FBI gained back-end access to the gmail accounts of the CIA director's paramour, I ran across Google's semi-annual transparency statement, in which we learn that in the first six months of 2012, Google granted all or part of 90% of information requests from US law enforcement agencies, handing out information on 16,281 users in response to 7,969 requests.

Comparing requests by country (Google provides only top-line national data, so we can't see how many were in Texas v. California, etc.), the United States was far and away the source of the most law enforcement requests to Google for information and, even more interesting, far and away had the smallest proportion of requests denied. Google responded with user account information to 90% of US law enforcement requests in the first half of 2012, which was actually down from the previous reporting periods. According to the transparency report, "We review each request to make sure that it complies with both the spirit and the letter of the law, and we may refuse to produce information or try to narrow the request in some cases." Fair enough.

Here's what I don't understand. Take a look at the approval rates for various governments that requested user account information from Google:
How is it that Google turns down German law enforcement 61% of the time, turns down Canadians 76% of the time, but American law enforcement's requests are approved at a 90% clip? Why does Google grant such a greater proportion of law enforcement requests in the United States compared to other countries, including other western democracies? Is it that US laws are more favorable to law enforcement and less conducive to personal privacy? Or does Google give US government agencies special treatment compared to other national governments? (To be fair, the rate at which Google approved US law enforcement requests has declined slightly from 94% in the second half of 2010.) Are there certain agencies responsible for the lions's share of requests or is it spread out? Do requests mostly come from federal agencies or from state and local entities? Regrettably, Google's transparency report answers none of these questions

Not only is the rate of law enforcement requests granted by Google especially high in the United States,  US agencies ask for information far more frequently than in any other country, and the number of requests is growing dramatically. Here's a chart Grits compiled from Google transparency reports:

So requests more than doubled in the last two years with little sign of the trend relenting. On one hand, if Google is going to approve such requests at a 90+% clip, I certainly understand why law enforcement agencies in the United States would  ask for the data more frequently. OTOH, that begs the question, why doesn't Google resist such requests as often in America as they do throughout the rest of the world? Does their relative leniency toward US law enforcement encourage the volume of requests, or vice versa? Is it US law or Google's relative level of sycophancy that explains the difference?

The flip side of that debate, of course, is that Google provides more transparency on these questions than companies like Facebook or US cell phone providers, so one hesitates to criticize them too harshly simply because they divulge (a little) more information than other tech companies who share user information with law enforcement. But with the government accessing Google user account information at such a rapidly increasing pace, Google cannot escape accountability for their own role in the erosion of online privacy, and the Petraeus scandal has momentarily brought that role to the forefront.

Grits continues to ponder the implications of these events and so do many others. See these items related to the implications for online privacy from the Petraeus scandal.
The sad truth is - as one expert, who compared the scope of Google's private surveillance apparatus to "Skynet," recently informed a conference of hackers - personal privacy is all but dead for most Americans. But is Google facilitating that trend on behalf of law enforcement more rapidly in the United States than elsewhere across the globe? If they fought requests for Americans' user information harder, would police seek it out less frequently? ¿Quien sabe?

Perhaps in answering these sorts of questions we can eventually discover the real lessons of the Petraeus scandal beyond the partisan carping and short-term political positioning that's so far mostly dominated the national conversation surrounding the spymaster's fall from grace.

8 comments:

Anonymous said...

The technology and the people who provide it will always be subject to yeilding up information without the permission of the owner-user until the question is reviewed by SCOTUS. How it is framed in the court briefs, i.e. violation of reasonable search or property rights will remain to be seen. The timeframe of such a case is important, given the political appointment process for the SCOTUS. The other option is the creation of Federal laws to set a standard. The present political environment would resist this now.

Paul-United Kingdom said...

Ohh!! I think I know the answer to this one! Living on this side of the pond, we are subject to European Data Protection Laws. In the United Kingdom we are subject to the Data Protection Act 1998.

http://www.legislation.gov.uk/ukpga/1998/29/contents

Section 29 of the act governs prevention and detection of crime. If a law enforcement agency wants to access personal data held by a data holder, then they must be authorised. So in the Metropolitan Police Area (London)authority will have to be given by a sergeant, outside of London authority would have to be given by an Inspector (Equivalent in the US, Lieutenant) even so the data holder can refuse to give the data, if the law enforcement authority still wants to obtain the information, then they have to get a court order. I have had to work with this, while I was working with an insurance company, I would get enquiries from the police as to if the insurance held by a motorist was valid, the police would send a section 29 request signed by an Sergeant or an Inspector to verify this. In Germany, the data protection laws are more stringent (Historical reasons are in play there)

Anonymous said...

Google has explained the high compliance rate before. There are two reasons. First, US officials are generally more adept at submitting properly formed requests via the right channels. Thus, a lower percentage of their requests are denied for being poorly formatted. Second, other nations submit requests to Google via mutual legal assistance treaties (MLATs), which ensure they are submitted in the proper form. So, a portion of requests that fall in the "US" category are actually from other countries. See http://www.google.com/transparencyreport/userdatarequests/US/?p=2012-06

Gritsforbreakfast said...

"US officials are generally more adept at submitting properly formed requests via the right channels"

Yeah, those Germans are really inadept at submitting properly formed requests via the right channels. Canadians, too. That must explain it. Not.

I did see the caveats you mentioned, but found them unpersuasive. E.g., the MLATs may account for some of the extra, but I'll betcha dollars to donuts that if Google were to release more drill-down data, most of the volume is from the US government and/or state and local agencies.

rodsmith said...

i can think of a few reason.

Let's see

Google officials are in fear of their lives on the off chance a refusal will result in a declaration of "Enemy Combatant" status and result in either disappearnace into an afghan prison or out and out torture which our courts keep upholding.

or an easier one

The google officials don't have the balls god gave a gnat!

A real american would tell em to kiss off till they can show up with a warrant signed by a REAL judge not some so-called magistrate if that or one of the SECRET judges of the FISA court! and follow it up with an order for security to remove them from the facility immediately and stop them if they return.

john said...

The remains of the legal system needs to protect itself, and they use "law enforcement." Whether it's raising revenue or hunting down their neighbors, it's just another day of protecting and serving whoever writes the checks.
I'd think they could get China to make a lot of drones, and then police within the USA won't be needed. Drones don't expect insurance, raises, etc.
Either way, We The Poor People are done. We epically failed to understand our remaining recognized right, soon enough: to lobby (bribe). It's how all the big businesses and government employees go to the top.
Cops protect school boards while assaulting students. They'll protect the Electronic Voting Machines, later.
Just wait until they incorporate your elected County Sheriff into the special teams system--across County lines. The argument will be efficiency--more cops & gear for less dollars. But what it really means if more tyranny and less accountability.
Right now your best defense is your camera and speed-dial. Dunno if any Amendment covered that, if you can find anyone in power concerned with the Bill of Rights.
24 years of crap, trying to wipe America away, to make room for the globalists.
And we stand down.

Holy Craptcha!! Type the two not-words:

rodsmith said...

ahh john but don't forget we still have one other right that the govt lives in fear of every day.

The right to keep and bear arms!

at last count even after all the seziurs and other little tricks there are sill 3 guns to ever man, woman and child in america. IF we ever get fed up they are done. Especialy since right now 80% of the military is in every country BUT ours and the lift capacity to bring them back fast does not exist!

if 5-10 million americans decided it was past time to remove these criminals and were willing to back that up with violence. It's over.

Anonymous said...

Easy on that 'Skynet' stuff; that's UAL's legacy intrawebnet thingy.