Sophos Cloud Optix
Governments’ hunger for Twitter data continues to spiral upward.
Twitter on Monday released its second Transparency Report to coincide with #DataPrivacyDay.
When Twitter released its first Transparency Report last July, it noted that it had received more government requests in the first half of 2012 than in the entirety of 2011.
Judging by this second report, governments are on track to keep breaking their own records. The latest report shows that governments requested Twitter users’ account data 1,009 times in the second half of 2012.
That compares to 849 requests in the first half of 2012 and reflects governments’ growing taste for what Twitter itself labels “invasive requests” for information.
Twitter’s Transparency Report now has a permanent home on a standalone page.
Twitter Manager of Legal Policy Jeremy Kessel wrote in a blog post about the second report that the company is devoted to transparency when it comes to government requests for user information as well as government requests that Twitter withhold certain content, given that such requests can stifle free expression:
"We believe the open exchange of information can have a positive global impact. To that end, it is vital for us (and other Internet services) to be transparent about government requests for user information and government requests to withhold content from the Internet; these growing inquiries can have a serious chilling effect on free expression—and real privacy implications."
"It's our continued hope that providing greater insight into this information helps in at least two ways: first, to raise public awareness about these invasive requests; second, to enable policy makers to make more informed decisions. All of our actions are in the interest of an open and safe Internet."
Twitter has also introduced more granular details about information requests specifically from the US.
Given that Twitter is based in San Francisco, California, it’s not surprising that most government requests for data originate in the US. In fact, during the second half of 2012, 81% of all information requests worldwide – that’s 815 requests – came from the US.
Japan was a distant second, with a total of 62 requests. Brazil was third, with 34 requests. The UK asked for information 25 times.
Here’s a full breakdown of government requests by country.
In its breakdown of US data requests, Twitter specifies how the US government went after the data.
The US’s favored technique, at 60% of all data requests, is to issue subpoenas, the most common form of legal process issued under the Stored Communications Act.
Subpoenas generally don’t require a judge’s sign-off and usually seek basic subscriber information, such as the email address associated with an account and IP logs.
Twitter has also detailed the percentage of times that it handed over some or all of the information requested.
The US topped that data column, as well, managing to get some or all of what it was after (and it was after 1,145 users’ data) 69% of the time.
Twitter also detailed how often it was allowed to inform account holders about data requests (24% of the time), as opposed to how often US courts forbid Twitter from informing users about the requests (20% of the time).
The remaining 56% of requests didn’t result in user notification for various reasons, including the requests being withdrawn, being defective, or falling under Twitter’s guidelines for emergency requests.
In its transparency reports, Twitter has tipped its hat to Google, noting the search giant’s dedication to providing clarity into how it handles government data requests.
Google, for its part, last week put out its own transparency report.
Twitter’s findings echo those of Google: surveillance of Gmail and other accounts has skyrocketed, with much of it being authorized without a search warrant.
US authorities lodged 8,438 requests for Google user data in the second half of 2012, in comparison with 7,969 in the first half of the year for an increase of 6 percent. On average, Google complied with about 89 percent of US data requests.
David Drummond, Google senior vice president and chief legal officer, noted in a blog post that it’s important for law enforcement to pursue illegal activity in its efforts to keep the public safe.
Indeed, requests for data that could save people’s lives are exactly where law enforcement should concentrate their data-requesting energy.
An obvious case is that of a Twitter user who posted threats to carry out a mass killing in Manhattan that, he promised, would have been similar to the Aurora, Colorado murder of 12 people in a movie theater this past July.
Twitter has a good track record for standing up for users’ privacy—perhaps, even, a bit too zealously, given its initial resistance to turn over user data with regards to the Manhattan shooting threat.
On the flip side of that coin, Twitter has resisted (ultimately, unsuccessfully) to turn over user data on an Occupy Wall Street activist, as well as resisting a French court’s recent order to turn over user data behind hate posts.
In keeping with this approach to privacy, with its latest Transparency Report, Twitter continues to pull the curtain back ever further to show what gets done with our data and why.
Kudos, and thank you, Twitter.
Thanks for this transparency report. Also curious about Hotmail/Outlook, Chrome, and other services receiving requests for user data.
It is interesting how governments routinely break basic privacy conventions to gain data. What concerns me most is Googles face recognition technology. There are clues that it is already being trialled in the background (also on Facebook). It is not accessible to the public, but the question is, is it accessible to government agencies? Can Sophos do an investigation and report?