Thursday, January 24, 2013

Google now demanding probable-cause warrants for police to access Gmail accounts

Excellent news on the electronic privacy front:
Google demands probable-cause, court-issued warrants to divulge the contents of Gmail and other cloud-stored documents to authorities in the United States — a startling revelation Wednesday that runs counter to federal law that does not always demand warrants.

The development surfaced as Google publicly announced that more than two-thirds of the user data Google forwards to government agencies across the United States is handed over without a probable-cause warrant.

A Google spokesman told Wired that the media giant demands that government agencies — from the locals to the feds — get a probable-cause warrant for content on its e-mail, Google Drive cloud storage and other platforms — despite the Electronic Communications Privacy Act allowing the government to access such customer data without a warrant if it’s stored on Google’s servers for more than 180 days.

“Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the Constitution, which prevents unreasonable search and seizure,” Chris Gaither, a Google spokesman, said.

Some of the customer data doled out without a warrant include names listed when creating Gmail accounts, the IP address from where the account was created, and where and what time a user signs in and out of an account. What’s more, Google hands over without warrants the IP address associated with a particular e-mail sent from a Gmail account or used to change the account password, in addition to the non-content portion of e-mail headers such as the “from,” “to” and “date” fields.

It was not immediately known whether other ISPs are traveling Google’s path when it comes to demanding probable-cause warrants for all stored content. But Google can seemingly grant more privacy than the four corners of the law allows because there’s been a string of conflicting court opinions on whether warrants are required for data stored on third-party servers longer than 180 days. The Supreme Court has never weighed in on the topic — and the authorities are seemingly abiding by Google’s rules to avoid a high court showdown.
Before this recent change, according to the company, "68 percent of the requests Google received from government entities in the U.S. were through subpoenas" with no judicial oversight. This new policy appears to have been installed in the wake of revelations during the Petraeus scandal regarding how frequently, and with shockingly little oversight, Google allowed the FBI comprehensive access to private Gmail accounts.

I'm glad to see Google standing up to the government bullies. If mobile phone service carriers would take the same, proactive stance to protect their customers' privacy from government intrusion, then proposed legislation requiring warrants for law enforcement to gather GPS tracking data perhaps wouldn't be necessary. But they won't. So it is.


rodsmith said...


"despite the Electronic Communications Privacy Act allowing the government to access such customer data without a warrant if it’s stored on Google’s servers for more than 180 days"

funny but i'm not familiar with this exception to the search warrant requirment in the United States Constitution.

Guess it's on that double secret page in invisible ink only a govt stooge can see!

Anonymous said...

Hmmm,,delete all info in 179 days