Electronic privacy continues to gain more attention in the wake of the Petraeus scandal and other recent revelations about the scope of law enforcement snooping around people's electronic communications. Here are a few more recent tidbits that caught Grits' eye:
Showing posts with label Petraeus scandal. Show all posts
Showing posts with label Petraeus scandal. Show all posts
Monday, November 26, 2012
Sunday, November 25, 2012
Why does Google give US law enforcement special access to user info compared to other nations?
In the wake of the David Petraeus scandal, in which the FBI gained back-end access to the gmail accounts of the CIA director's paramour, I ran across Google's semi-annual transparency statement, in which we learn that in the first six months of 2012, Google granted all or part of 90% of information requests from US law enforcement agencies, handing out information on 16,281 users in response to 7,969 requests.
Comparing requests by country (Google provides only top-line national data, so we can't see how many were in Texas v. California, etc.), the United States was far and away the source of the most law enforcement requests to Google for information and, even more interesting, far and away had the smallest proportion of requests denied. Google responded with user account information to 90% of US law enforcement requests in the first half of 2012, which was actually down from the previous reporting periods. According to the transparency report, "We review each request to make sure that it complies with both the spirit and the letter of the law, and we may refuse to produce information or try to narrow the request in some cases." Fair enough.
Here's what I don't understand. Take a look at the approval rates for various governments that requested user account information from Google:
Not only is the rate of law enforcement requests granted by Google especially high in the United States, US agencies ask for information far more frequently than in any other country, and the number of requests is growing dramatically. Here's a chart Grits compiled from Google transparency reports:
So requests more than doubled in the last two years with little sign of the trend relenting. On one hand, if Google is going to approve such requests at a 90+% clip, I certainly understand why law enforcement agencies in the United States would ask for the data more frequently. OTOH, that begs the question, why doesn't Google resist such requests as often in America as they do throughout the rest of the world? Does their relative leniency toward US law enforcement encourage the volume of requests, or vice versa? Is it US law or Google's relative level of sycophancy that explains the difference?
The flip side of that debate, of course, is that Google provides more transparency on these questions than companies like Facebook or US cell phone providers, so one hesitates to criticize them too harshly simply because they divulge (a little) more information than other tech companies who share user information with law enforcement. But with the government accessing Google user account information at such a rapidly increasing pace, Google cannot escape accountability for their own role in the erosion of online privacy, and the Petraeus scandal has momentarily brought that role to the forefront.
Grits continues to ponder the implications of these events and so do many others. See these items related to the implications for online privacy from the Petraeus scandal.
Perhaps in answering these sorts of questions we can eventually discover the real lessons of the Petraeus scandal beyond the partisan carping and short-term political positioning that's so far mostly dominated the national conversation surrounding the spymaster's fall from grace.
Comparing requests by country (Google provides only top-line national data, so we can't see how many were in Texas v. California, etc.), the United States was far and away the source of the most law enforcement requests to Google for information and, even more interesting, far and away had the smallest proportion of requests denied. Google responded with user account information to 90% of US law enforcement requests in the first half of 2012, which was actually down from the previous reporting periods. According to the transparency report, "We review each request to make sure that it complies with both the spirit and the letter of the law, and we may refuse to produce information or try to narrow the request in some cases." Fair enough.
Here's what I don't understand. Take a look at the approval rates for various governments that requested user account information from Google:
- United States: 90%
- Japan: 86%
- Brazil: 76%
- Switzerland: 68%
- United Kingdom: 64%
- India: 64%
- Australia: 64%
- Taiwan: 63%
- Israel: 60%
- Spain: 52%
- France: 42%
- Germany: 39%
- Italy: 34%
- South Korea: 35%
- Canada: 24%
- Russia: 0%
- Turkey: 0%
Not only is the rate of law enforcement requests granted by Google especially high in the United States, US agencies ask for information far more frequently than in any other country, and the number of requests is growing dramatically. Here's a chart Grits compiled from Google transparency reports:
The flip side of that debate, of course, is that Google provides more transparency on these questions than companies like Facebook or US cell phone providers, so one hesitates to criticize them too harshly simply because they divulge (a little) more information than other tech companies who share user information with law enforcement. But with the government accessing Google user account information at such a rapidly increasing pace, Google cannot escape accountability for their own role in the erosion of online privacy, and the Petraeus scandal has momentarily brought that role to the forefront.
Grits continues to ponder the implications of these events and so do many others. See these items related to the implications for online privacy from the Petraeus scandal.
- EFF: When will our email betray us? An email privacy primer in light of the Petraeus scandal
- ACLU: Surveillance and security lessons from the Petraeus scandal
- Reuters: Collateral damage of our surveillance state
- The Week: What the heck, FBI?
- Glenn Greenwald: FBI's abuse of surveillance state is the real scandal needing investigation
- Wired: All three branches agree: Big Brother is the new normal
Perhaps in answering these sorts of questions we can eventually discover the real lessons of the Petraeus scandal beyond the partisan carping and short-term political positioning that's so far mostly dominated the national conversation surrounding the spymaster's fall from grace.
Monday, November 19, 2012
On the Petraeus scandal and online privacy
Though this is not a Texas subject, here's something that's bothered me.
To be clear, Grits could honestly not care less if David Petraeus cheated on his wife. I don't know him, I don't know her, and the whole episode at root sounds tawdry and personal - the sort of thing that's none of my business except that the media tsunami has made it nigh-on impossible to avoid.. There are two elements of this episode, though, I do care about. First, Petraeus appeared to be one of the few truly competent career military leaders involved in making US foreign policy and I'd prefer not to see him ousted for reasons unrelated to job performance. Second, and more importantly for the issues covered by this blog, I'm flat-out astonished at the investigative path that led the FBI to Petraeus, and in particular the outlandishly sweeping electronic surveillance powers exhibited by the FBI - with and without a warrant - vis a vis Broadwell's gmail account(s), to which Google apparently gave them unlimited back-end access.
The Washington Post on Saturday ran a story detailing the sweeping nature of the FBI's electronic investigation powers through the lens of the Petraeus scandal. Reported the Post:
According to the Philadelphia Inquirer, which said the Petraeus scandal heralded the "no privacy era," "a recent Google report says government requests to Google for surveillance information have increased 55 percent in the last six months, led by the United States." Wired gave more detail, reporting that the company received more than 23,000 requests for email information from the US government in 2011. And even that may be understated:
Between nearly at-will back-end email access to email header information and the ability to access GPS tracking data from people's cell phones without a warrant, it really does seem like privacy in the modern era has become a pipe dream for most people. Hell, even the nation's top spy couldn't conceal his online activities: What chance do the rest of us have?
All I can say: We are lucky that we do not at present live in a full-blown totalitarian state, because we have given the state totalitarian tools.
To be clear, Grits could honestly not care less if David Petraeus cheated on his wife. I don't know him, I don't know her, and the whole episode at root sounds tawdry and personal - the sort of thing that's none of my business except that the media tsunami has made it nigh-on impossible to avoid.. There are two elements of this episode, though, I do care about. First, Petraeus appeared to be one of the few truly competent career military leaders involved in making US foreign policy and I'd prefer not to see him ousted for reasons unrelated to job performance. Second, and more importantly for the issues covered by this blog, I'm flat-out astonished at the investigative path that led the FBI to Petraeus, and in particular the outlandishly sweeping electronic surveillance powers exhibited by the FBI - with and without a warrant - vis a vis Broadwell's gmail account(s), to which Google apparently gave them unlimited back-end access.
The Washington Post on Saturday ran a story detailing the sweeping nature of the FBI's electronic investigation powers through the lens of the Petraeus scandal. Reported the Post:
the trail cut across a seemingly vast territory with no clear indication of the boundaries, if any, that the FBI imposed on itself. The thrust of the investigation changed direction repeatedly and expanded dramatically in scope.Congressman.Schiff's quote nailed it: This investigation surely caused more harm to national security than it exposed. But this case was just a microcosm of a scandal IMO more worrisome than the liaisons of a middle-aged general. "Law enforcement demands for e-mail and other electronic communications from providers such as Google, Comcast and Yahoo are so routine that the companies employ teams of analysts to sort through thousands of requests a month. Very few are turned down." No doubt in at least some of those less-well publicized instances, just as happened with Gen. Petraeus, the harm from those investigations similarly outweighed their benefit.
A criminal inquiry into e-mail harassment morphed into a national security probe of whether CIA Director David H. Petraeus and the secrets he guarded were at risk. After uncovering an extramarital affair, investigators shifted to the question of whether Petraeus was guilty of a security breach.
When none of those paths bore results, investigators settled on the single target they are scrutinizing now: Paula Broadwell, the retired general’s biographer and mistress, and what she was doing with a cache of classified but apparently inconsequential files.
On Capitol Hill, the case has drawn references to the era of J. Edgar Hoover, the founding director of the FBI, who was notorious for digging up dirt on Washington’s elite long before the invention of e-mail and the Internet.
“The expansive data that is available electronically now means that when you’re looking for one thing, the chances of finding a whole host of other things is exponentially greater,” said Rep. Adam B. Schiff (D-Calif.), a member of the House intelligence committee and a former federal prosecutor.
In this case, Schiff said, the probe may have caused more harm than it uncovered. “It’s very possible that the most significant damage done to national security was the loss of General Petraeus himself,” Schiff said.
According to the Philadelphia Inquirer, which said the Petraeus scandal heralded the "no privacy era," "a recent Google report says government requests to Google for surveillance information have increased 55 percent in the last six months, led by the United States." Wired gave more detail, reporting that the company received more than 23,000 requests for email information from the US government in 2011. And even that may be understated:
Google’s transparency data is limited, as it does not include requests submitted under the Patriot Act, which can include National Security Letters that come with gag orders attached to them. Nor does the data include anti-terrorism eavesdropping court orders, known as FISA orders, or any dragnet surveillance programs legalized in 2008, as those are secret, too.Here's a good account of what's known about the techniques used by the FBI to dig into the couple's email.
The data Google hands over to governments can include e-mail communications, documents, browsing activity and IP addresses used to create and access an account, among other things.
Between nearly at-will back-end email access to email header information and the ability to access GPS tracking data from people's cell phones without a warrant, it really does seem like privacy in the modern era has become a pipe dream for most people. Hell, even the nation's top spy couldn't conceal his online activities: What chance do the rest of us have?
All I can say: We are lucky that we do not at present live in a full-blown totalitarian state, because we have given the state totalitarian tools.
Subscribe to:
Posts (Atom)
.jpg)
