Monday, October 09, 2017

US Government Wants Your Data

Reports from Apple and Google indicate that there has been a dramatic
US after your data!
increase in the last year in the number of requests by the US government for user account details.

Requests To Google Hits Six-Year High

Requests to Google are reported to have reached a six-year high in the half of 2017, with the US government reportedly seeking details about 48,902 user accounts. This is a 24% increase in requests over the last six months of 2016.
Although the volume of requests appears to be high, Google has said the number of requests could actually be lower because governments may have asked for the same data multiple times.

Google, Apple, Yahoo, Twitter, Facebook and others release details of government requests as part of (typically) six-monthly Transparency Reports.

What Type of Requests?
The types of legal requests that Google receives for user data, for example, include:
  • Tap and trace orders / pen register requests, to collect data on a person's communication, including dialled phone numbers and IP addresses, in real-time. These have seen a 49% increase.
  • Emergency requests e.g. to obtain information to prevent death or serious physical harm (no legal process required). These have targeted 35% more users.
  • Search warrants. Probable cause must be shown for these, and this year 31% more Google users have been targeted with such requests.
  • Subpoenas. Government agencies can use these to get information about e.g. IP addresses and names associated with Google accounts. 18% more users have been targeted with these this year.
Similar At Apple
Apple’s Transparency Report data shows a similar increase in the number of government requests for user data. Although Apple received 6,432 requests for data (a 62% jump on last year), it reports that it only provided that data in 32% of cases.

Apple reports that increases in user-account requests were mainly linked to phishing investigations, and that the types of account requests it received from the US government centred on things like iCloud content e.g. stored photos, emails, iOS device backups, contacts and calendars.

What About The UK?
Even though the ‘Snooper’s Charter’ / Investigatory Powers Act is now in place in the UK, and the UK and the US are known to share online data gathered about citizens, the number of requests from the UK government for user data has reportedly fallen by 7% to 325, the lowest since 2014.

What Does This Mean For Your Business?

We now live in a post-snowden era where investigators are having to adapt to a world where consumers, and criminal suspects, spend less time on landline telephones, which could be tapped, and more time online e.g. on social media, on encrypted apps (WhatsApp), or using mobile devices that manufacturers are very reluctant to give them access to (e.g. Apple). This means that government agencies quite simply have to go to where the data is i.e. user accounts for Google, and there is very little that individual citizens or businesses can do about it. By law, businesses will have to comply with government requests for user information, while at the same time working hard to make sure that they protect customer data in a compliant way as part of GDPR, and in the UK the Data Protection Bill.

The new government administration in the US has also been very public in its desire to gather intelligence about individuals from social media and other accounts, and to use this information as a way of screening entry into the US. The current UK government has also shown itself to be willing to widen surveillance to the Internet by storing the browsing history or UK citizens (as part of the Snooper’s Charter), and by pushing hard to get ‘back doors’ into popular social media platforms and apps. The trend for more information requests from governments therefore looks likely to continue, and businesses can therefore expect greater pressure to comply with more regulations concerning data in future, and can expect the possibility of contact with government agencies as part of investigations.

No comments: