Google Demands Warrants Before Releasing User Data Photo by s_falkow of Flickr. Licensed under Creative Commons.

Google Demands Warrants Before Releasing User Data

Google is saying "no way" to US law enforcement. The company is standing up and demanding a warrant should law enforcement agencies wish to seize its cloud user data.

Google (NASDAQ: GOOG) is thumbing its nose at law enforcement in the hopes of better protecting its users' data stored on Gmail and Google Drive. Although the Electronic Communications Privacy Act (ECPA) gives U.S. law enforcement agencies the right to obtain data that's more than 180 days old with nothing more than a subpoena, Google is ready to take on those agencies.

Google is demanding that law enforcement agencies obtain probable cause search warrants before it will hand over user data. Google released its biannual Transparency Report, which included for the first time information on how U.S. law enforcement agencies push service providers including Google into handing over customer data. At the same time, Google called "shenanigans" on the entire process. Even though law enforcement agencies have the right to obtain data under the ECPA, there frequently have been discussions about the fairness of the law, as well as concerns over privacy (many foreign businesses refuse to store data in U.S.-based data centers for just this reason).

If Google is successful in pushing law enforcement agencies to get search warrants before it will give up user data, this could have significant implications on the future of data privacy in the public cloud.
Other vendors are suggesting companies take some precautions on their own, which isn't a bad idea.

"If Google is insisting on a warrant to release data, that's not very hard for law enforcement to obtain and doesn't protect the enterprise that owns the data. Encrypting the data before you send it to the cloud and maintaining control of the keys is the only way to ensure that any legal requests for data disclosure have to come to the enterprise, the data owner," said Pravin Kothari, CEO of CipherCloud, in a prepared statement.

Kothari has a point, but even so, putting that extra bit of red tape between law enforcement agencies and corporate or private data can't be ignored as a potential for protecting end users.

Google's report noted that 68 percent of U.S. law enforcement data requests were made using subpoenas under the ECPA. As it's easier to get a subpoena than a warrant, it's no surprise that it's the preferred method for law enforcement to gather such data. Only 6 percent of such requests to Google actually came with an accompanying probable cause search warrant.

It will be interesting to see what happens the first time Google pushes back against law enforcement in regards to this outdated law.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.