More governments want Twitter user data

Twitter has complied roughly 70 percent of the time with data requests from the US government

Twitter's sign at its headquarters on Market Street in San Francisco

Twitter's sign at its headquarters on Market Street in San Francisco

As with other technology companies, the number of requests for Twitter users' data from governments worldwide has continued to rise, it reported Thursday in a report showing that it complies with requests from U.S. authorities about 70 percent of the time.

The number of government requests for user account information increased by 22 percent overall during the latter half of 2013, to 1,410 total requests, Twitter reported in its fourth biannual transparency report. The majority of the requests, at 59 percent, came from the U.S., with Japan ranking a distant second at 15 percent.

However, unlike other technology companies, Twitter does not include requests for data related to U.S. national security because of the government's requirement that such information be provided only in vague terms.

Last week, an agreement was reached between the U.S. Department of Justice and technology companies to allow them to say more about national security-related data requests they receive. Twitter was not a party to that agreement, made in the wake of disclosures around government surveillance leaked by former National Security Agency contractor Edward Snowden.

Twitter does not say anything about the numbers of national security-related orders it receives, if any. The company says it is taking this route because of the restrictions put in place by the DOJ. As it stands now, companies are allowed to break out data requests coming from the Foreign Intelligence Surveillance (FISA) Court versus national security letters (NSLs), but only in ranges of 1,000.

"Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency," said Jeremy Kessel, Twitter's manager of global legal policy, on Thursday.

But that hasn't stopped Google, Facebook and Microsoft from saying more. On Monday, Microsoft made a surprising disclosure when it said that for the first half of 2013, it received between 0 and 999 FISA orders seeking user content.

For the requests that Twitter does disclose, which usually involve criminal law enforcement, the company often complies in the U.S., providing some users' information nearly 70 percent of the time during the latter half of 2013, a compliance rate that has stayed roughly the same since at least 2012, when Twitter first started releasing its transparency reports.

In Japan, Twitter's compliance rate has been below 25 percent since 2012.

Twitter does give some reasons for why it may not comply with requests. "We do not comply with requests that fail to identify a Twitter account," the company says on its website. Twitter also says it seeks to narrow requests that are overly broad.

The company says it notifies users of requests for their account information, unless it is prohibited by statute or court order.

But if Twitter complies nearly 70 percent of the time for the U.S. government requests it discloses, that also means Twitter does not comply more than 30 percent of the time. That's actually a high rate and shows that Twitter is doing a good job in how it handles certain types of government data requests, said Parker Higgins, an activist at the Electronic Frontier Foundation who specializes in freedom of speech.

Each year EFF releases its "Who Has Your Back" report, which grades companies' data protection practices based on whether they require a warrant for content, or publish law enforcement guidelines, among other factors. Last year, Twitter ranked among the top performers in the survey, tying with, an Internet service provider.

The real mystery might be Twitter's policies around how long it holds on to users' data, which may include IP address records, Higgins said. The EFF advocates for "data minimization procedures," to limit the amount of potentially sensitive user data that companies might hold on to. Often companies don't review their policies in this area as much as they should, he said.

Twitter did not reply to a request for comment about its report.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and serviceslegalsocial networkingtwitterdata protectionsocial mediainternetprivacyFacebookGoogleMicrosoftsecurity

More about Department of JusticeDOJEFFElectronic Frontier FoundationFacebookGoogleIDGMicrosoftNational Security AgencySonic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Zach Miners

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts