Google received more requests for customer data from governments around the world in the second half of 2016 than in any other six-month period since the company began releasing Transparency Reports describing such demands back in 2010.
The increased volume prompted Google’s general counsel Kent Walker this week to call for international standards for governments requesting customer data.
Between July 1 and Dec. 31 last year Google received more than 45,500 requests for customer data worldwide. That was about 4,800 more requests than the company received during the same six-month period in 2015.
At the same time though, the proportion of requests to which it responded with at least some of the requested data declined marginally in the second half of 2016 compared to the first half of the year. Google’s latest Transparency Report shows the company responded with at least some of the requested information in 6 out of 10 cases compared to about 6.4 in the first half of 2016 and 6.4 out of 10 in the second half of 2015.
The numbers pertain to requests for data that governments around the world address to Google and almost every other Internet service provider in connection with criminal and national security-related investigations.
Overall, except for the second half of 2014, government demands for customer data from Google has increased steadily over the years from just over 14,200 in December 2010 to last year’s 45,549.
As has been the case for several years, the U.S. continued to be the country with the largest number of requests with 13,680 in the second half of 2016 followed by Germany with more than 9,900. Rounding out the top five were France with 4,775, India with about 3,450 and the United Kingdom with 3,175.
A lot of the increase in government demand for data is not surprising and tracks the overall growth in Internet use and the availability of new services, Walker said. “For example, Gmail had around 425 million active users in 2012 and more than 1 billion by 2016.”
With digital evidence increasingly becoming a part of criminal investigations, other Internet companies have begun seeing similar spikes in customer data requests as well Walker said.
“We of course continue to require appropriate legal process for these requests,” Google’s chief counsel said. He added that Google continues to resist overly broad requests for data or requests that Google considers are not relevant to law enforcement requirements.
Even so, there is a need for reform and modernization of surveillance laws, he said. The sheer volume of cross-border requests for data, which companies like Google are receiving highlights the need for an international framework for data requests that meet established standards of due process and privacy.
Existing processes like the Mutual Legal Assistance Treaty (MLAT), which governs government requests for digital evidence in cross-border investigations, are not enough, he said. The process is so slow and cumbersome that some countries might be tempted to take unilateral action to get at the data they want. This could result either in a patchwork of conflicting laws or the implementation of ad hoc surveillance measures that threaten user privacy and human rights, Walker said.
Resolving the issue will require governments to work not just with law enforcement but also consumer rights and public interest groups along with ISPs like Google. “This discussion will raise difficult questions about the scope of government surveillance powers, the extent of digital jurisdiction, the importance of rapid investigations, and privacy rights in the Internet age,” Walker noted.
Google and other major U.S. cloud companies have a lot at stake in ensuring more transparency and better legal processes covering government requests for customer data. Edward Snowden’s leaks on the U.S. government’s practice of obtaining customer data from ISPs via court orders and other means have raised fears overseas about the privacy of data stored by U.S. cloud companies.