Google’s latest transparency report is a bit of a mixed bag.
The company revealed this week that during the six-month period ending December 2015 it received more user data requests from the U.S. government than ever before. That seems like bad news given that Google holds information about where its users are, with whom they communicate, and what they plug into its search engine.
These requests take three forms: Foreign Intelligence Surveillance Act (FISA) requests; National Security Letters (NSLs) from the FBI; and requests from other law enforcement groups for assistance in ongoing criminal investigations. Each form has its own rules a the data it collects and what Google can disclose.
FISA requests are used in matters of national security. Google is only allowed to share a range of requests — it can say it received between 0 and 499 requests, not that it received 273 — and whether those requests sought metadata or content. Metadata would allow an intelligence agency to know who you’ve emailed, for example, while content requests would allow it to learn exactly what you said.
The graphs don’t show much because FISA requests are subject to a six-month delay. But, if the trend from Google’s previous transparency reports continues, it wouldn’t be surprising to learn that FISA requests have fallen both in their absolute number and in the number of Google users who are affected by them.
NSLs are used by the FBI in national security investigations. As Google explains in its report, they differ from FISA requests in that they are limited to forcing U.S.-based companies to disclose “the name, address, length of service, and local and long distance toll billing records” of their subscribers. Metadata, not content.
Like FISA requests, Google is only allowed to share a range of NSL’s received in a given period. The ranges from this last transparency report match the previous one, and show a continued fall in NSLs from their highs in 2013 and 2014. (It’s impossible to tell if Google received more or fewer NSL’s in this period because the two most recent disclosures cover 0-499 requests for data on 500-999 users.)
Google is able to share much more information about criminal legal requests. It can provide exact numbers about the types of request — subpoenas, wiretap orders, etc. — as well as the number of people whose data was affected by them.
The graphs show a slight increase in the number of requests with which Google complied, but the trend is still lower than it was a few years ago. The most notable increases are in the number of people affected by emergency disclosure requests; Google’s total compliance with wiretap orders; and a small uptick in the number of subpoenas that led to Google offering up information about its users.
All told, the two facets of these transparency reports — the number of requests Google has received and the number with which it has complied — oppose each other. The government is requesting more and more information while Google, for the most part, offers less and less in response. Whether that’s a good or bad thing likely depends on how you feel about government surveillance efforts.
These transparency reports are good public relations tools for Google, especially when they show that it’s responding to fewer requests than before. It’s still responding to more government data requests than Apple but it’s still a downward trend.