AMERICA comes top of the charts in all-time Olympic medals, places named for George Washington, incarceration, obesity and, we learned yesterday, another metric of which it has no cause to be proud: number of times law-enforcement agencies asked Google to relinquish data on private citizens. Google updated its transparency report this week with figures from the last half of 2012. Those figures show that American law-enforcement agencies made 8,438 requests for user data, which is more than the number of requests made by the next four nosiest countries (India, France, Germany and Britain) combined. In fact, since Google began releasing statistics on user-information requests four years ago, America has come top of the charts in every six-month period save one: from July through December 2009 Brazil edged it out by 73 requests. Since then America's requests have more than doubled, and the total number of requests has risen from 12,539 to 21,389.
That is not surprising. For one thing, America's population is far larger than that of France, Germany and Britain, and it has more internet users than India. And the amount of data available online has grown. But perhaps more importantly, nobody leaves a rich vein untapped. Google does not just receive a lot of requests from American courts, lawyers and police; it also grants most of them. The total percentage of requests granted may have declined slightly—from 94% in July to December 2010 to 88% two years later—but total numbers have risen. Perhaps most worryingly, 68% of requests, more than two in every three, came in the form of a subpoena, while only 22% came through search warrants. Judges have to grant warrants based on probable cause, but subpoenas, as Google's legal director explains, "are the easiest to get because they typically don't involve judges." We have written about this before: the laws governing online surveillance in America can fairly be called archaic. They not only allow but practically encourage law-enforcement agencies to go data-fishing. Can such actions ensnare those who have neither committed nor been suspected of committing any crimes? Ask David Petraeus.
That's the bad news. The good news is, first, that Google actually releases this data. Most online companies and service providers don't (Twitter is another laudable exception), and they should. In 2011 mobile-phone and internet-service providers received 1.3m requests for data from law enforcement—and that just includes the nine providers who responded to a request from Ed Markey, a Democratic congressman from Massachusetts who co-chairs the Bipartisan Congressional Privacy Caucus. Sprint gets 1,500 requests a day, which means it tops Google's six-month totals every week. And 1.3m requests does not mean 1.3m people: cell-tower dumps reveal all subscribers in the location of a certain mobile-phone tower at a certain time. If government feels that restaurant patrons have the right to know whether chefs are washing their hands before cooking, surely mobile-phone and internet-service patrons have the right to know on what basis their providers will surrender putatively private data to the government.
The other bit of good news is that Google actually seems to be standing up for its users. Chris Gaither, a Google spokesman, told Ars Technica that it requires a warrant to surrender Gmail content. Registration information is held to a lesser standard. This is more or less consistent with current telecommunication-surveillance law, which requires stricter burdens of proof to listen in on telephone conversations than it does for information on what numbers a phone communicates with (a pen/trap tap). Whether it is consistent with the law as it should be is another question. User-data information allows the government not only to see who you call and who calls you, but also—thanks to tower dumps—where you are at any given time, who your friends are, who their friends are, what websites you visit, where you shop online and so forth. One could well argue that the relevant parts of our online and mobile lives are not what we deliberately reveal in our communication, but what is revealed about us as a matter of digital course. Congress passed the Electronic Communications Privacy Act (ECPA) in 1986. It is long past time for ECPA 2.0.
(Photo credit: AFP)
Readers' comments
The Economist welcomes your views. Please stay on topic and be respectful of other readers. Review our comments policy.
Sort:
You have to apply some intelligence when comparing statistics.
The US olympic medal, obesity and incarceration numbers are high because America is big. But the obesity and incarceration numbers PER CAPITA are also the highest of developed countries in the world because of America's social policies. We need to know how many data requests there are PER CAPITA for this report to be meaningful.
The US has almost as many internet users as Germany, India, France, and the UK combined, so it makes sense that the US would have more law enforcement requests than those countries combined. I suspect that the number of law enforcement data requests per capita internet population is probably about the same amongst those countries mentioned in the article.
And if the US does have a higher rate of requests per capita internet user, could this simply mean that: US law enforcement does a better job of following up on suspicious internet activity than other countries' law enforcement agencies?; Could it mean more internet users in the US are engaging in suspicious behavior than those of other countries?; Could it mean US law enforcement agencies have sharper and better trained better cyber crime divisions, so are spotting more funny behavior than other countries' governments? Those are all likely possibilities.
Finally, 8,438 requests is VERY VERY VERY small compared to the total number of internet users in the US (approx. 270 million). All in all, this article is very unintelligent and poorly thought out.
When it comes to its citizens' privacy, the country has lost its mind since 9/11. If you have something to hide, I suggest you communicate with a one-use cipher.
J.F,
it's sad to say, but you're probably on a list now.
1
Can't blame the gov't - you know, the politicians of both parties - for fullfilling their #1 objective.
.
To keep themselves and their parties in power or relevant.
.
Sooner or later the social moron sites (football player's internet girlfriend died) will have more "information" than the gov't.
.
Can you imagine the election of 2040?
The one where the voters will largely be GenXcessers and GenYners.
.
The Google Party vs. the Facebook Party.
("Vote for "our" candidate, else we will reveal the photo/email.")
.
NPWFTL
Regards
"Congress passed the Electronic Privacy Communications Act (ECPA) in 1986."
Should be "Electronic Communications Privacy Act". (The acronym is correct!)
One point of correction; while a tower dump does reveal your phone traffic and which IP addresses you connect to, it is perfectly possible to make Internet traffic private; you can recognize when your traffic is private because the address at the top of your browser begins with “https:” and there’s usually a little picture of a lock or equivalent.
It’s technically straightforward for providers of online services to operate in private-by-default mode, and more should; see https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS
The article should mention what kind of data can Google offer that the government cannot otherwise obtain - from what I've read, NSA stores all the US network traffic so it's a lot of info to find there.
Google probably has the users' 'searches' and maps usage.
"User-data information allows the government not only to see who you call and who calls you...what websites you visit, where you shop online and so forth."
.
Leading to such interesting conversations as -
.
"Yes your honor, I'm guilty of debating fresh water vs. salt water economic theory with other TE commenters."
That's pretty funny. We'll be hanged out of boredom. The Oxbow Incident 2013.
Especially if the judge happens to be RR -
"So that was YOU?!" :)
Let he who is without sin cast the first stone.
I'm against the death penalty except for heretics so you're in luck. Unless you're Presbyterian.
Thump...! Wasn't me...!
Munzerite?
Naw. I'm a Bengals fan. :)
I'd let you off the hook then. Time-served as a Bengals fan is punishment enough.
I've heard tell that there's no parole for a Bengals fan, and that you're pretty much stuck there well into the after-life.
WARRANT, n. Search terms.
WARRANT, n, a thing generally unwarranted
The TE Devil's Dictionary right here. :P
Unfortunately Americans don't seem to get excited over the real threats to their constitutional rights.
Why get excited over a threat that's theoretical, and not real in any material sense? The user-base is so huge that, realisitcally, L/E isn't going to look at one's online record unless something else has put the user on the radar screen. The Web (not email) is public space - being observed in public - always been that way, no?
Information is power. Gargle, Farcebook, and Twaddle are all looking to collect rents on every last human activity. The same dynamic applies to government. When the police are continously sampling your moment to moment existence, people in government automatically end of with a lot of power.
Phew!! - when I saw your name on the email I was afraid you were gonna hammer me over my abuse of that cute little Mary Jo what's-her-name? So glad, ....
.
Now, no doubt about it - there's a ton of info to be mined from Web-tracks; a valuable investigative tool. But one has to be a target to be looked at, as a practical matter - there's just too many people to look at any but a tiny fraction of users. Targets get investigated - if you're Kim DotCom you got a problem, and damn well should IMO. I don't see this process as something new.
The data-bases may well be huge but that hasn’t stopped Google, Facebook et all from mining them for their own purposes. The huger the better, it would seem. The only safeguard is that they are owned by the likes of Google and Facebook, not the government.
Then again, if the corporations own the government …
"L/E isn't going to look at one's online record unless something else has put the user on the radar screen."
.
The problem is that "something else" may not be something criminal in nature, or even generated by the suspected individual. There are myriad things that my look illegal but be completely legal, or look illegal but still be quite embarassing. Such information can be used either for political ends, like getting someone to stop protesting against, say, the Los Angeles Sheriff/Police Department.
.
And even if not illegal, but suspect, such information could be used to extract a guily plea from someone just because the prosecutor has greater political ambitions, based on a trumped up list of "evidence" that he will use to lock you up for a while. Innocent people take such bargains every day because they are afraid of being in prison for an even longer stretch. And, prosecutors often try to make their case look stronger than it is during such a negotiation.
.
Plus, it is not that hard to manipulate electronic data. It would not be difficult for some errant hacker to start planting data making it look like anyone is a criminal. Some group like Anonymous has the techincal capability. They could put anyone on the FBI radar in about 10 minutes. It would be a more sophisticated form of "swatting." If that were you, how would you feel then?
Hopefully TE doesn't disclose that I recommended your comment. Oops, just gave myself away!
The problem as I see it, is the datamining tech others have mentioned. It makes it possible to find human needles in humanity haystacks for any criteria. And its power and sophistication are only growing. God may only know what is in the hearts of men, but so does Google and anyone else who gets their hands on the data. There are yotta bytes of the stuff stored away.
Hoping for anonymity is now a scary proposition of the got nothing to hide argument flavor.
Minority Report!
PS Is the abuse worth a hammering over? ;)
PSPS I almost assume you were fishing for that outcome.... heheh
Umm ... after being 'corrected' by MollyAnn I was just a little fearful that you might have wanted .... Do wish though that someone would have come forward to defend the pint-sized little ....
.
I agree with all of you - Web-tracks are a source of info that's so radically different in degree from pre-Web stuff that maybe it deserves special consideration. In character though, it really seems like it's no different than being photographed by CTV while out-and-about in public - except of course Web stuff is all ID'd and sortable and that kind of thing.