If a government wants to peek into your Web-based e-mail account, it is surprisingly easy, most of the time not even requiring a judge’s approval.
That is a problem, according to Google, which said it had received 21,389 requests for information about 33,634 of its users in the second half of last year, an increase of 70 percent in three years. Google handed over some personal data in two-thirds of those cases.
The vast majority of the requests came from the United States government. In the last six months, United States officials made 8,438 requests for data, and Google complied with at least part of the request 88 percent of the time. (One of those, most likely, was for access to the Gmail account of Paula Broadwell, which ultimately revealed her affair with David H. Petraeus, formerly C.I.A. director.)
To mark Data Privacy Day on Monday (a holiday that, no doubt, you have highlighted on your calendar in eager anticipation), Google is trying to rally support against broad government access to personal online data.
“We want to be sure we’re taking our responsibilities really seriously, protecting our users’ information and being transparent about it,†David Drummond, Google’s chief legal officer, said in a rare interview.
“We want people to know that we are not going to just roll over but we are going to make sure that governments around the world follow standards and do this in a reasonable way that strikes the balance,†he added.
The heart of the issue is that the law grants more protection to a piece of paper on your desk than it does to an e-mail stored online. The Electronic Communications Privacy Act was enacted in 1986, years before widespread use of e-mail or cloud storage, or the invention of social networking.
“People probably assume that all their communications, whether it’s physical letters or phone calls or e-mails, are protected by the Fourth Amendment and the police have to go to a judge to get a warrant,†said revor Timm, a privacy advocate studying surveillance at the Electronic Frontier Foundation. “In fact, that’s not the case.â€
For instance, the law says the police do not need a search warrant, which requires a judge to agree there is probable cause, to read e-mail messages that are more than 180 days old.
Congress is expected to consider amendments to the 1986 law this year. Meanwhile, the Obama administration has been pushing for Web companies to allow easier electronic wiretapping.
In the United States, 68 percent of requests for Google users’ information come in the form of subpoenas, which do not require a judge’s approval. The rest are search warrants or other types of court orders.
Google said it had been fighting the broad use of subpoenas by requiring search warrants for detailed personal data â€" beyond things like a user’s name, location, phone number and time that an e-mail was sent â€" ev! en if the! law seems to say a subpoena is enough.
In a primer to be published on Monday, Google says it requires a search warrant to share Gmail messages, private YouTube videos, stored voicemails or text messages on Google Voice and private blog posts on Blogger.
Though Google has sometimes struggled over the years to earn users’ trust in how it handles personal data, the company stands out in its efforts to protect users against government requests for data.
“Google’s been kind of a pioneer,†Mr. Timm said.
Since 2010, it has published its transparency report, outlining the number of government requests it receives for users’ data or to remove content from the Web. Companies including Twitter, which employs several former Google lawyers, have followed suit. Mr. Drummond says he wants other Web companies to do so, too.
Google says it scrutinizes each government request, narrows the scope if possible, and notifies users of the request if it is not prohibited by law.
