The United States remains far ahead of all governments who request user information from Google according to the company’s latest Transparency Report (July through December 2012) which was released on Wednesday.
American government agencies (including federal, state, and local authorities) made over 8,400 requests for nearly 15,000 accounts—far exceeding India, the next largest country in terms of information requests. In 88 percent of those queries, Google complied with at least some, if not all, of the request.
For the first time, the search giant is also breaking down the type of legal requests that were made.
Google said that 22 percent of those requests were made under probable cause driven search warrants delivered via the Electronic Communications Privacy Act (ECPA). Authorities have also been known to request information using ECPA suboenas, which are much easier to obtain. It is unclear how many of the subpoenas or warrants that Google complied with—the company has only said it complied in part or in full to 88 percent of total requests from American authorities.
"In order to compel us to produce content in Gmail we require an ECPA search warrant," said Chris Gaither, Google spokesperson. "If they come for registration information, that's one thing, but if they ask for content of email that's another thing."
While relatively few tech companies publicly disclose how many government requests they get, Google appears to be one of the few e-mail providers that is challenging law enforcement agencies to produce a warrant to access users’ e-mail.
Beyond Google’s own convictions, the company can also take some comfort in the fact that in 2010 the Sixth Circuit Court of Appeals ruled that the Fourth Amendment protecting unreasonable searches and seizures also protects e-mail, even if it’s over 180 days old, despite what ECPA says.
An out-of-date law
Currently, law enforcement agencies have a fairly wide latitude when it comes to accessing users’ e-mail. That harsh reality was illustrated most clearly by the General David Petraeus sex scandal, in which intimate e-mails were revealed despite the lack of any criminal action.
As Ars’ own Tim Lee wrote in November, “ECPA requires a warrant to obtain freshly sent e-mail before it's been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient's e-mail box for 180 days, a lower standard applies. These rules simply don't line up with the way modern e-mail systems work.”
The United States Senate took up ECPA reform last year, but that effort seems to have fallen by the wayside. Still though, because there hasn't yet been a ruling by the Supreme Court as to what standard applies, Google is clearly pushing for an interpretation that would protect users' privacy further.
Former Rep. Bob Barr (R-GA), wrote about ECPA in a letter to members of the Senate Judiciary Committee in September 2012: "[It] has created uncertainty the Leahy amendment [one of the proposed revisions] would replace with clarity: law enforcement officers would no longer wonder whether they should seek communications content without a warrant, or whether the warrant requirement applies in one jurisdiction but not another,"
"This clarity will help ensure that seized evidence will not be suppressed at the end of the prosecution, thereby allowing a guilty party to escape punishment."