Happy Data Privacy Day 2013!
To data privacy professionals and advocates, January 28th is an opportunity to create awareness and underscore the importance of how mission-critical data can affect our daily routine. In two separately released reports by “data” giants Google, Inc. and Twitter, Inc., both companies conclude that the U.S. government rarely establishes probable cause or obtains a search warrant from an impartial judge when wishing to obtain information, or conduct electronic surveillance, on users to those sites.
According to its own report in the second half of last year, Google, Inc., received, from the U.S. and other foreign governments, 21,389 requests for information about 33,634 of its users. The report states that this is a 70% increase over the last 3 years. Interestingly, of the 21,389 requests, Google admits to turning over personal information in two-thirds of those cases. The Google report states that over the last six months, United States government officials have made 8,438 requests for data, and 88 percent of the time, Google complied.
Twitter, Inc.’s, unaffiliated report states that the company complied nearly 7 out of 10 times where there was a request for user data. The Twitter report also mentioned that most requests from U.S. government agencies came with no more than a subpoena, which requires a relatively low burden of proof, and allows the government to request basic user information, like IP addresses and user e-mail addresses associated with the account. Only 19 percent of the information requests came with a search warrant, which the company says it requires for disclosing the content of communications. Another 11 percent were accompanied by a court order, which requires a judge’s approval.
Both companies are using the launch date of their respective reports, January 28th (Data Privacy Day), to garner support against broad government access to personal online data. Among the objectives of the reports, Google and Twitter seek the public’s support to lobby Congress in updating antiquated laws like the Electronic Communications Privacy Act off 1986 (note the enactment date of that law…did widespread e-mail use even exist in 1986?). Currently, some federal courts, specifically those located in the Ninth Circuit, are trying to address electronic warrantless government intrusion, but the need for Legislative action would be another big step in the right direction.
It has been my experience that most U.S. government officials understand the need to balance an individual’s right to privacy against their purpose to protect the public interest and welfare. The most effective means in dealing with a government request for access to mission-critical data is to (1) carefully scrutinize the request, (2) limit the scope of the search, and (3) when not prohibited by law, contact the party affected.