In an effort to stay transparent, Google released details of its three-point plan for handling government requests for its users’ email and cloud services today.
The move is significant because the majority of companies that store exuberant amounts of user data in the cloud don’t normally outline exactly how they handle requests for data, perhaps fearing that it’ll paint their services as unsafe. Right now, privacy laws for Internet user data are somewhat vague on the federal level, which could create problems down the road. Google, which has long advocated for transparency, said it gets about 1,400 requests a month from U.S. authorities for access to email accounts and documents.
“It’s important for law enforcement agencies to pursue illegal activity and keep the public safe. We’re a law-abiding company, and we don’t want our services to be used in harmful ways,” said Google SVP and chief legal officer David Drummond in a blog post today. “But it’s just as important that laws protect you against overly broad requests for your personal information.”
Google provided the following information regarding how it handles governmental requests:
We scrutinize the request carefully to make sure it satisfies the law and our policies. For us to consider complying, it generally must be made in writing, signed by an authorized official of the requesting agency, and issued under an appropriate law.
We evaluate the scope of the request. If it’s overly broad, we may refuse to provide the information or seek to narrow the request. We do this frequently.
We notify users about legal demands when appropriate so that they can contact the entity requesting it or consult a lawyer. Sometimes we can’t, either because we’re legally prohibited (in which case we sometimes seek to lift gag orders or unseal search warrants) or we don’t have their verified contact information.
We require that government agencies conducting criminal investigations use a search warrant to compel us to provide a user’s search query information and private content stored in a Google Account—such as Gmail messages, documents, photos and YouTube videos. We believe a warrant is required by the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure and overrides conflicting provisions in ECPA.
Google’s transparency plan also includes continuing to update users via its regular transparency report as well as pushing for a revision to the U.S. Electronic Communications Privacy Act to ensure digital information enjoys the same protection as traditional documents.