06:39 PM
Connect Directly

Google Says Government Requests For Data Rising

Demands for user information, content changes increase, though Google says that's to be expected with a growing number of users.

Government requests for Google user data continue to rise in the United States, at a rate slightly higher than in the three previous six-month reporting periods. Google began tracking efforts to obtain its user data in the second half of 2009.

"The increase isn't surprising, since each year we offer more products and services, and we have a larger number of users," Google said on Tuesday in its biannual Transparency Report.

There were 5,950 user data requests from January through June 2011. That's an increase of more than 29% compared to the 4,601 user data requests recorded in the July through December 2010 period. Comparing the second half of 2010 to the first half of that year, when 4,287 data requests were received, the rate at which data requests increased was only 7%.

Google complied with 93% of data requests during the first half of 2011. During the previous six-month reporting period, that figure was 94%.

[Google has a long history of pushing back against government demands for information. Read Justice Department Subpoenas Reach Far Beyond Google.]

Requests from U.S. officials for the removal of content on Google-operated websites also increased compared to the previous reporting period, rising from 54 in the second half of 2010, to 92 in the first half of 2011.

However, compared to the first two reporting periods, the number of removal requests declined: Google received 123 removal requests in the second half of 2009 and 128 in the first half of 2010.

The company took a harder line on content removal requests than on user data requests. It removed content in response to only 63% of removal requests during the first half of 2011, down from 87% during the second half of 2010.

Google says that the majority of the content removal requests it receives are from businesses or individuals and that it doesn't include such requests in its figures. It also notes that its figures are not necessarily comprehensive, due to omissions when requests are made.

In addition, laws like the Patriot Act may forbid disclosure of information requests in certain circumstances. Some countries like China make it illegal to disclose details about government information requests, so Google is also limited in what information it can lawfully provide.

In a blog post, Google senior policy analyst Dorothy Chou called for the modernization of laws like the 1986 Electronic Privacy Communications Act, which regulates government access to user information, and asked for help with the OpenNet Transparency Project, a project that aims to provide a standardized format for companies to disclose government information requests.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
10/28/2011 | 12:19:40 AM
re: Google Says Government Requests For Data Rising
Very interesting. I'm curious what the basis of the requests for user data were.
Brian Prince, InformationWeek contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.