"Who Has Your Back?" In Depth: Corporate Transparency About Government Demands for User Information
EFF recently launched a campaign calling on companies to stand with their users when the government comes looking for data. (If you haven’t done so, sign our petition urging companies to provide better transparency and privacy.) This article will provide a more detailed look at one of the four categories in which a company can earn a gold star in our campaign: transparency about government requests.
We're asking companies to do two things in order earn a gold star in the transparency category: provide reports on how often they provide data to the government, and publish their law enforcement guidelines.
First, EFF is measuring whether companies publish the number of government demands they receive for user data, whether it's an official demand such as a warrant or an unofficial request. Google led the way in this category, and is the only company in our list currently publishing a Transparency Report. According to the report, over the course of six months Google has received 30 data requests from Israel, 71 data requests from Belgium, 1,343 data requests from the U.K. and 4,287 data requests from the U.S. As Google explains:
We believe that this raw data will give people insight into whether or not our services are accessible in a given country at a given time. Historically, information like this has not been broadly available. We hope this tool will be helpful in studies about service outages and disruptions and that other companies will make similar disclosures.
Google's report is just a start — they are continuing to investigate providing more detailed information about the requests they receive and we have ideas about how they can do even more, but for their transparency report they received half a gold star.
Second, we are tracking which companies publish their guidelines for law enforcement requests for user data. This is something Twitter already does. While none of the other companies in our campaign currently publish their law enforcement guides, we know other companies have them. We learned about some law enforcement guides when EFF and the Samuelson Clinic at UC Berkeley filed a Freedom of Information Act lawsuit against a half-dozen government agencies seeking their policies for using social networking sites for investigations, data-collection, and surveillance. Through that suit, we obtained law enforcement guides from sites like Myspace, Ning, Facebook, MSN and Yahoo. Other guides are available at cryptome.
But the public shouldn't have to spend months or years in court to get this kind of information. Good corporate citizens should freely publish their guidelines for law enforcement so that the public knows what those policies are.
Users make decisions every day about which companies they will entrust with their data. It's vital that companies are forthcoming about how often and through what process they hand user data to the government. If you're as concerned as we are about overbroad government surveillance powers and the potential for those powers to be abused, then urge companies to be transparent about handing data to the government by signing our petition.