We've known for a long time that electronic privacy law is woefully outdated. But what we haven't known is how often the government is taking advantage of this fact to engage in a shopping spree in the treasure trove of personal information being collected by companies like Google.
So we're happy to see Google's just-released Government Requests tool, which is the company's attempt to shine some light on how often governments around the world request user information (and content removal) from Google. The ACLU has called for this type of disclosure for years and we applaud Google for taking this important first step to help Congress and the American people understand what's really going on and why it's time to demand a privacy upgrade that includes more transparency around when and how the government demands information from Google.
Google's Government Request Transparency Tool: What It Says — And What It Doesn't
Google's new tool displays the number of "user requests" that Google received from various governments from July to December 2009. According to the tool, the company received thousands of such requests from the U.S. government during that period — thousands of requests digging into the intimate details of individual lives that are captured in emails, search histories, reading and viewing logs, and the like. And if Google is receiving thousands of requests every six months, how many more are going out to Yahoo, Microsoft, Facebook and the thousands of other online services that we use every day?
But that number may understate the actual case for three reasons. First, Google's tool only tracks requests that are received as part of an official criminal investigation — which would exclude, for example, the infamous DOJ subpoena asking for millions of users' search queries, something that was not part of an official criminal investigation. Second, Google's tool only counts the number of requests it receives, not the number of user records that were requested. So that single DOJ subpoena seeking millions of records would only counts as a single request! Finally, Google is barred by law from disclosing the number of requests it receives pursuant to National Security Letters, although we know that upwards of 50,000 of these secret government requests are issued every year. All told, the requests that show up in Google's tool are just the tip of the iceberg.
So this is a great first step in increasing transparency — but it is only a first step. We hope that Google will continue to improve this tool to shine more light on how many non-criminal requests for user records it receives, break those down by type, provide more information on how many users were or would have been affected by those requests, and explore ways to disclose how it has responded to those requests (which is admittedly difficult to do).
Demand Your dotRights — Demand Transparency As Part of Electronic Privacy Reform!
The ACLU believes that transparency is an essential part of electronic privacy reform. As technology continues to evolve, our best hope of keeping privacy up to date is to ensure that we know how the government is using (or abusing) the current law to demand access to our personal information. That's why we think a "Wiretap Report for the Internet" is a key element to modernizing the Electronic Communications Privacy Act (PDF).
But we need your help to get Congress moving and get the privacy update we need. Please support our efforts to ensure that privacy isn't left behind as we move into the modern world by asking Congress to update ECPA!