Google Transparency Report raises concern, praised

One way to view search giant Google's biannual Transparency Report is to be alarmed that the company is increasingly allowing governments to monitor their citizens' online activities and to censor the Web by demanding the removal of certain content.

But another way to view it is that Google regularly goes public with the number of requests it receives from governments, and includes its rate of compliance with those requests.

For that alone, it gets a gold star, even from an organization like the Electronic Frontier Foundation (EFF), a vocal advocate for Internet privacy protections. "Whenever people read stories about report, their reaction tends to be, 'Oh, my God, Google gives up information to the government, or government is asking Google for information,'" said Eva Galperin, international freedom of expression coordinator for EFF.

"But the point is that government does it to all Internet companies. We have no idea how many are giving out information. At least Google is telling us what it does," she said.

Pierluigi Paganini, writingÃ'Â about the Google report on Infosec Island, said, "governments are increasing their control over social media and on internet ... using surveillance systems (and) court orders."

However, in an interview with CSO Online, he said he believes the company "is doing excellent work, despite the incredible pressures of governments."

The latest report shows government requests worldwide for user data steadily increasing, from 12,539 in the second half of 2009 to 20,938 in the first six months of this year. Requests to remove data remained relatively flat at an average of about 1,040 during the same time period, until the most recent six months, when it spiked to 1,791.

[See related: Government surveillance on rise in murky legal environment]

Galperin said a few companies provide transparency reports -- including Twitter, Wikipedia,, Dropbox and LinkedIn. She said the number has increased since EFF launched a campaign called "Who Has Your Back," which "encourages companies to be good corporate citizens, and one of the criteria for that was a transparency report."

But she said EFF believes that all companies that handle user data should make such reports regularly. She said the social networking giant Facebook "has been telling us that they will do something, but they've been telling us that for a while."

She also said it is not a cause for concern that the number of user data requests from the U.S. government, at 7,969, involving 16,281 users and/or accounts, were more than three times the number sought by second-place India, at 2,319 and 3,467.

Most countries listed in the report made less than 1,000. The compliance rate for U.S. government requests was 90%. The next-highest compliance rate was for Japan, at 86%, but that country made only 104 requests.

That, she said, is partially because Google is a U.S.-based company and partially because U.S. authorities are making those requests or demands properly.

Galperin said she expects requests from other companies to increase. "I think some of them are just catching on that they can do it, and how to do it," she said.

Marc Zwillinger, an attorney and privacy expert at ZwillGen, said it is also important to keep the numbers in context. Something over 16,000 users sounds like a lot," he said, "but Google probably has hundreds of millions of users."

Zwillinger also said the 90% compliance rate means "government is using the right legal process most of the time."

Chris Calabrese, legislative counsel for the American Civil Liberties Unio (ACLU), compliments Google for its transparency, but said the 90% compliance rate was not a comfort to him. "I'm fascinated as a citizen that 10% of these requests are wrong in some way -- they don't meet the legal standard," he said. "Multiply that by all the providers who are out there [who are not issuing reports], and it makes you wonder how many of those requests may be getting through when they shouldn't."

He also said even if the number of government requests is small, relative to the number of users, the trend is worrying. "These records didn't exist 10 or 20 years ago. That's the big story here," Calabrese said.

Regarding the recent spike in content-removal requests, Rebecca Herold, CEO of The Privacy Professor, noted, that alot of the cases had to do with defamation or copyright infringement. "While I believe in freedom of speech, I also believe that people must be held accountable for their statements, and should not be able to post damaging fabrications about others online," she said, noting that Google did not comply with a number of requests.

Herold said the increased requests for user data in the U.S. points to the need for comprehensive cybersecurity legislation. "Currently there are no effective legal protections for online data," she said. "This trend of increasing collection of data should be a bellwether call to enact comprehensive laws to for not only security, but also privacy."

She said all Internet users should be concerned about vulnerabilities in data collection. As is the case in cyber attacks, attribution can be a problem. "Just because they are finding information online that appears to be from specific individuals does not mean that the information actually is associated with them," she said. "It is very easy to spoof activities and data to make it look like it came from others."

Herold also said privacy advocates should be concerned about how the information is being used and shared. The Google report, she noted, "doesn't really go into enough details to answer this."

Finally, she noted an omission from the list of countries making user data requests: "What I find particularly interesting is that Google does not provide any statistics for China, or other countries where they have modified their practices because of the associated governments' pressure on them. Those would be some interesting statistics," she said.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsGoogledata privacyGoogle Transparency Reportsoftwaredata protectionData Protection | Data PrivacyElectronic Frontier Foundation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts