As more tech companies request access to users’ digital information, the details of just how that data is handled and where it is distributed becomes all the more important.
Enter Data Privacy Day, an annual international celebration held on January 28 by large Web companies, consumer rights’ agencies and government dedicated to helping people understand how to control the flow of their data online and in digital products, such as mobile apps.
The event kicked-off in North America in 2008, based off a celebration in Europe commemorating the 1981 passage of the first legally binding international treaty on data management.
In the U.S., Congress has passed multiple resolutions designating the date, and celebrations online and off have been spearheaded by the National Cyber Security Alliance (NCSA), a nonprofit, public-private partnership founded in 2001, sponsored by Google, Facebook, Microsoft, PayPal, AT&T, Symantec and McAfee, among others.
For Data Privacy Day 2013, several of these companies also released their own reports on the alarming rise in attempts by government and law enforcement agencies to gain access user data, often without a warrant, using the Electronic Communications Privacy Act (ECPA) of 1986 — which only requires a subpoena to obtain electronic messages older than 180 days. Here’s an overview:
Google explains how it handles government requests for user data
Adding to an update of its Transparency Report from last week, the Internet giant on Monday published a lengthy new Q&A section detailing the process it goes through when law enforcement and government agencies request access to Google user data, which can include everything from Gmail to Google Documents to YouTube to users’ Google search histories.
But Google doesn’t just turn over all of a user’s data from any of these services when asked, the company explained. Here’s a screenshot of a Google graph of its compliance rate for handing over user data from 2010 to 2012 :
As Google’s senior vice president and chief legal officer David Drummond wrote in a blog post on Monday:
“We require that government agencies conducting criminal investigations use a search warrant to compel us to provide a user’s search query information and private content stored in a Google Account–such as Gmail messages, documents, photos and YouTube videos. We believe a warrant is required by the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure and overrides conflicting provisions in ECPA.
Google also took aim at the Electronic Communications Privacy Act of 1986 on Monday, writing in its update: “This law was passed in 1986, before the web as we know it today even existed. It has failed to keep pace with how people use the Internet today. That’s why we’ve been working with many advocacy groups, companies and others, through the Digital Due Process Coalition, to seek updates to this important law so it guarantees the level of privacy that you should reasonably expect when using our services.”
Google’s Drummond and other officers also blasted the ECPA law in a Bloomberg article Monday, and the search giant was said to be leading the effort to reform the law. Vermont Democratic Senator Patrick Leahy in late 2012 introduced legislation to amend ECPA to require search warrants for email newer than 180 days, but that bill stalled and hasn’t yet been reintroduced.
Twitter launches new transparency website
Twitter on Monday released a new website “transperancy.twitter.com,” where it will store its own “Transparency Report,” a periodically-updated running tally of all of the government requests for user information it receives. Twitter first began publishing Transparency Report statistics on its blog in July 2012, modeled after Google’s similar reports.
In the updated report, Twitter disclosed that it received a total of 1,858 requests for user information from government agencies since January 1, 2012, most of them — 1,009, made during the July to December period.
Again following in the footsteps of Google, Twitter took the time to provide more granular statistics for the United States: 815 requests came from U.S. authorities alone in between July and December 2012, 60 percent of which were subpoenas, 19 percent of which were search warrants, 11 percent of which were court orders and 10 percent of which were other types of requests for information — such as emergency situation disclosures.
The company also highlighted that “Twitter’s policy is to notify users of requests for their account information unless we are prohibited from doing so by law or in an emergency situation,” but revealed that it did so in less than a quarter of the cases in the U.S. (24 percent), because other factors precluded it from doing so in a majority of cases, such as requests being issued under an official seal legally prohibiting users from being notified that some government or law enforcement agency had sought their information, or because the request was withdrawn or considered “defective” by Twitter before any action was taken.
Facebook allows users to ask Chief Privacy Officer questions
Facebook debuted a new interactive feature for privacy-minded users on Monday: “Ask Our CPO,” or “chief privacy officer,” (screenshot below):
Facebook’s current Chief Privacy Officer Erin Egan, who was appointed in the wake of the company’s 2011 settlement with the Federal Trade Commission over alleged user privacy violations, on Monday took to Facebook’s official privacy blog to announce the launch of her new recurring Q-and-A section, writing: “Go to the Ask Our CPO to send me questions for our next note. I’ll answer some of the questions we receive in each note.”
Egan also took the occasion of her first note to answer some previous common questions she said the company had received, which included: “How does Facebook think about privacy when building its products?”, “How do you personally use Facebook’s privacy settings to share?” and “Does Facebook sell my private information to advertisers?”
But Egan also observed that the new section was not designed to handle, nor would it be handling, personal account questions. “For those questions, please check our Help Center,” she wrote.
Something Egan omitted was that Facebook launched its “Ask Our CPO” feature not solely to communicate more with users about its privacy policies, but also because it disabled the ability for users to vote on future privacy policy and terms of service changes in December 2012 after holding one final vote.
At that time, Facebook communications VP Eliot Schrage wrote that the voting would be replaced with “a system that leads to more meaningful feedback and engagement.” The Ask Our CPO feature is part of that new system.