Yahoo! gave data on 300+ users to Aussie government
Yahoo! gave the Australian government data on at least 305 of its users in the first half of 2013.
That’s according to the company’s first global transparency report, released last week, which details requests made by governments for data on Yahoo! users in the first half of 2013.
The report details the number of requests made by governments for data on Yahoo!’s users. It covers a six-month period from 1 January 2013 through 30 June 2013 and lists requests from 17 countries.
It does not include requests for data on users of Tumblr, a recent Yahoo! acquisition.
In that period, the Australian Government made 704 requests covering 799 user accounts; a request can cover more than one account.
Yahoo! handed over ‘non-content data’ in response to 305 (43%) of these requests. This could include a user’s alternate email address, name, location, IP address, login details, billing information and other ‘transactional information’ like the ‘to’, ‘from’ and ‘date’ fields in email headers.
In 11 cases (2%), the company handed over what it calls ‘content’, defined by the company as data that Yahoo! users “create, communicate, and store on or through our services”. This might include the words in an email or instant message, photos, files, address book entries or similar.
In 146 cases (21%), the company “produced no data in response to the Government Data Request because no responsive data could be found (ie, the account didn’t exist or there was no data for the date range specified by the request)”, Yahoo! said.
One third (34%) of the 704 requests fell into the company’s ‘rejected’ category. In some of these instances, Yahoo! did not provide any data because there was a problem with the government’s request. The category also includes requests that “were withdrawn after being received” by Yahoo!, the company said.
“We carefully review Government Data Requests for legal sufficiency and interpret them narrowly in an effort to produce the least amount of data necessary to comply with the request,” the company said.
“Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful.”
“The Government Data Requests reflected in this report are generally made in connection with criminal investigations.”
Australia had the 10th highest number of requests. The US led the pack, with 12,444 requests covering 40,322 accounts. Only 2% of these were rejected, with 55% resulting in non-content data being disclosed and 37% resulting in the disclosure of content.
Emergency onboarding: what to do before and after a data breach
Organisations that have an emergency onboarding plan are better positioned to have their business...
Savvy directors are demanding more points of proof when cyber incidents occur
Pre-agreement on what a post-incident forensics effort should produce — and testing it out...
Cyber-attack prevention is better than a cure
Corporate and political decision-makers need to invest in areas that do a better job of...
