Google has released its newest semiannual Transparency Report on Wednesday, which shows a "steady increase in government requests" for user data and marks a "disturbing growth in government surveillance online."
The report from the web giant, which discloses the number of requests it receives from governments and courts worldwide, shows that user data requests are up 70 percent since 2009, with a total of over 21,000 user data requests from over 33,000 users or accounts in the second half of 2012.
The U.S. made the biggest number of requests by far—8,438 during this period, which marks a nearly 136 percent increase since 2009.
Of those U.S. requests, 68% were from subpoenas, as Richard Salgado writes on Google's blog on the report, and "are requests for user-identifying information, issued under the Electronic Communications Privacy Act (ECPA), and are the easiest to get because they typically don’t involve judges."
The Guardian's Dominic Rushe points out how the use of EPCA to get user data is dangerous:
The ECPA has been widely criticised by privacy advocates, and was passed in 1986, long before electronic communication became so common. Under the act, email stored on a third party's server for more than 180 days is considered abandoned. To access that information, officials need only a written statement certifying that the information is relevant to an investigation.
But Holmes Wilson, co-founder of online advocacy group Fight For the Future, said the Justice Department had argued that emails are "abandoned" once they are opened. "Ironically, the emails that now have the most protection are the spam that you never open," he said. "ECPA is under dire need of reform. Right now the government can access almost anything that you have online without a warrant and at anytime. Electronic communication should be afforded the same protection as your physical mail or files stores in a cabinet," he said.
Berin Szoka, president of TechFreedom, says the report "reveals a disturbing growth in government surveillance online," and adds:
On its own, the growth in number of requests for private information like emails should be alarming, especially after the Petreus case. Even more disturbing is that most requests have not been reviewed by a court to ensure that law enforcement has established probable cause to believe a crime has actually been committed, as the Fourth Amendment generally requires.
Today's report doesn't really tell us the full extent of unconstitutional privacy invasions. Law enforcement officials rightly note that they need subpoena access to subscriber information as the 'building blocks' for establishing probable case. They also insist they're already getting warrants for content information, even when ECPA doesn't require that. But we still don't have hard data on either claim. Worse, while large companies like Google may rightly refuse to turn over user data without a warrant, smaller companies without legal staffs may feel compelled to turn over private data with only a subpoena, or perhaps even without one at all.