Risk
10/26/2011
06:39 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Says Government Requests For Data Rising

Demands for user information, content changes increase, though Google says that's to be expected with a growing number of users.

Government requests for Google user data continue to rise in the United States, at a rate slightly higher than in the three previous six-month reporting periods. Google began tracking efforts to obtain its user data in the second half of 2009.

"The increase isn't surprising, since each year we offer more products and services, and we have a larger number of users," Google said on Tuesday in its biannual Transparency Report.

There were 5,950 user data requests from January through June 2011. That's an increase of more than 29% compared to the 4,601 user data requests recorded in the July through December 2010 period. Comparing the second half of 2010 to the first half of that year, when 4,287 data requests were received, the rate at which data requests increased was only 7%.

Google complied with 93% of data requests during the first half of 2011. During the previous six-month reporting period, that figure was 94%.

[Google has a long history of pushing back against government demands for information. Read Justice Department Subpoenas Reach Far Beyond Google.]

Requests from U.S. officials for the removal of content on Google-operated websites also increased compared to the previous reporting period, rising from 54 in the second half of 2010, to 92 in the first half of 2011.

However, compared to the first two reporting periods, the number of removal requests declined: Google received 123 removal requests in the second half of 2009 and 128 in the first half of 2010.

The company took a harder line on content removal requests than on user data requests. It removed content in response to only 63% of removal requests during the first half of 2011, down from 87% during the second half of 2010.

Google says that the majority of the content removal requests it receives are from businesses or individuals and that it doesn't include such requests in its figures. It also notes that its figures are not necessarily comprehensive, due to omissions when requests are made.

In addition, laws like the Patriot Act may forbid disclosure of information requests in certain circumstances. Some countries like China make it illegal to disclose details about government information requests, so Google is also limited in what information it can lawfully provide.

In a blog post, Google senior policy analyst Dorothy Chou called for the modernization of laws like the 1986 Electronic Privacy Communications Act, which regulates government access to user information, and asked for help with the OpenNet Transparency Project, a project that aims to provide a standardized format for companies to disclose government information requests.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
10/28/2011 | 12:19:40 AM
re: Google Says Government Requests For Data Rising
Very interesting. I'm curious what the basis of the requests for user data were.
Brian Prince, InformationWeek contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.