Google stores huge amounts of data and personal information about its users. In addition to the wealth of information in e-mail and Google Drive accounts, the company also has users’ IP addresses, which can be used to determine locations.
Google issued a new update to its semi-annual Transparency Report this morning that, once again, revealed the number of government requests for user data to be on the rise. Between July and December of last year, governments asked Google to turn over user information 21,389 times — an increase of 70 percent since 2009.
What this means in practice is that authorities in the United States and other countries are regularly demanding that Google hand over the keys to user accounts like Gmail or YouTube. In many cases, the government may have a legitimate reason to ask for such information, such as solving a crime or stopping a spying operation.
Other times, though, governments may simply be fishing for data in a way that flouts citizens’ right to privacy. Such fishing expeditions, unfortunately, are relatively easy in the U.S. thanks to the sprawl of so-called administrative subpoenas — a legal tool that lets agencies demand data without first proving to a judge that they have a right to get it. Google’s new stats, which for the first time break out the procedures U.S. governments used to gain information, show that 68 percent of all requests came by way of such subpoenas while only 22 percent came by way of search warrants.
The new stats not only highlight the nature of the modern surveillance society but also strengthen the case for updating the Electronic Communications Privacy Act, a 1986 law that sets out rules for how governments can collect personal information. Influential Senator Patrick Leahy (D-Vt), who chairs the Judiciary Committee, this week declared that reforming ECPA for the age of cloud computing is one of his top priorities.
Outdated laws have created loopholes that allow government and law enforcement agencies to request information and conduct electronic surveillance without warrants.
In November 2012, the Judiciary Committee approved a Leahy proposal (H.R. 2471 Substitute) that included provisions to update ECPA by requiring the government to obtain a search warrant based on a showing of probable cause when seeking access to electronic communications, including in the case of remote computing service providers.
The measure, which prompted concerns from the law enforcement community, was advanced on a committee voice vote but ultimately did not make it to the Senate floor.