Google's transparency report lacking


By Dylan Bushell-Embling
Tuesday, 01 April, 2014

Google's transparency report lacking

Australian law enforcement agencies made 780 requests for user data to Google during the second half of 2013, according to the web giant’s latest transparency report.

The number of requests from Australian authorities received by Google has increased every half year since the company started reporting the figures in the second half of 2009. Requests grew from 584 in the second half of 2012 and 645 in the first half of 2013.

According to Google’s report, the requests for 2H13 covered 944 Australian user accounts. Around 70% of the filings resulted in some information being shared with authorities - the highest proportion of successful requests since the first half of 2011.

Worldwide, Google fielded 27,477 requests from authorities during the half year. Information was shared in 64% of cases. A request may be refused or narrowed down if Google determines it is not legally valid.

Combined, the requests covered over 42,000 Google accounts. But this does not necessarily represent the number of users of Google services that global authorities sought information from, as in some cases multiple requests may have been after the same user data.

“Government requests for user information in criminal cases have increased by about 120% since we first began publishing these numbers in 2009,” Richard Salgado, Google legal director for law enforcement and information security, said in a blog post announcing the report.

“Though our number of users has grown throughout the time period, we’re also seeing more and more governments start to exercise their authority to make requests.”

The report shows that Google received requests from authorities in 65 countries during the period. The list includes some unlikely candidates, such as Vatican city, which made one request (it was denied).

Interestingly, the number of requests for user information has increased every half year since the company started publishing the reports, while the percentage of successful requests has decreased in every report. It must be noted that Google started sharing details on the percentage of successful requests in its report for the second half of 2010.

The United States was responsible for by far the greatest number of user data requests for the half year - 10,574. Authorities in the nation also had the highest success rate (83%) among the 21 countries which sent over 100 requests.

Beyond these statistics, the report provides little to no information on the content of the requests. Whether it is by design or because it is restricted from doing so is unclear, but Google’s transparency report does not break down successful demands for information in terms of the type of data shared.

Google’s FAQ about the legal process states that in the US there are three tiers of legal requests. Law enforcement agencies can legally request information, such as the name and IP address a customer used to create a Google account, without a judge’s authority. Using a court order, authorities can request more detailed information such as the non-content portion of email headers. To seek content such as Gmail messages and search query information, authorities need a search warrant.

This information applies to many requests from non-US authorities as well, as they often use a mutual legal assistance treaty with the US to have requests processed under US law. That said, there are a number of other ways international authorities can obtain information from Google and other US companies. There are also exceptions in the US and internationally for emergency situations.

Google users concerned about their privacy would likely distinguish between Google sharing their IP address with authorities and sharing the contents of their Gmail account, so the fact that the report does not make that distinction seems to be an omission.

Google’s report does state that it advises customers when authorities demand access to their information, except when prohibited from doing so by law or court order. But the controversial Foreign Intelligence Surveillance Act (FISA) prohibits Google from informing non-US users that they have been targeted in a FISA request, and also requires companies to delay providing statistics about the number of requests in their transparency reports.

Pictured: Richard Salgado, Google legal director for law enforcement and information security, courtesy of Eric Chan under CC

Related Articles

The problem with passwords is not what you think

When it comes to secure authentication, there seems to be a lesson we're not learning.

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

Content from other channels on our network

Central Highlands Water chooses Infor for ERP

The benefits and risks of AI usage in the public sector

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

Govt funds telco resilience tech, responds to LEOSat report

Extreme enclosure heli-lifted into an extreme environment

Cyber secured at critical network device level has never been more important

Cradlepoint 'Vehicle as a Node' is the Next Frontier for Emergency Services

Govt responds to post-incident review of Optus outage

LAPP ÖLFLEX CLASSIC 110 control cables empower industrial connectivity

Delivering Dependable Fibre Optic Solutions for Challenging Environments through Enhanced Beam Cable Assemblies

Indonesia moves towards power grid resilience

Qld networks launch powerline safety campaign

Virtual power plants installed at regional schools

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd