Government demands for Apple and Google data keep on climbing

This year’s autumn crop of transparency reports from the first half of the year reveals that Google’s had to respond to an all-time high of government data requests – while US national security orders for data from Apple have likewise burgeoned.

Google, the search engine Goliath, released its biannual transparency report on Thursday, disclosing to the public how often it gets – and complies with – requests from the government for users’ private information.

Google displays the information in the form of a bar chart that shows the number of user data requests from government authorities, alongside the total number of users/accounts those requests apply to, in six-month increments from July 2009 up until 31 July 2017 (though it only began reporting on the number of users/accounts affected in 2011).

Those bars have been climbing skyward. On a worldwide level, Google received 12,539 requests in the second half of 2009. That number had hit 48,941 by the first half of 2017. So far this year, 83,345 users/accounts were involved, topping the previous high of 81,311 users/accounts in the second half of 2015.

Google’s compliance has been on a gentle downward slope. It produced data for 65% of the requests as of Jan. 1, 2017, compared with 76% in July 2010.

It’s worth noting that there’s nothing gentle about the reaction of US courts to this kind of failure to comply. In fact, Ars Technica described the Department of Justice (DOJ) as “going nuclear” recently in its fury over Google’s fight over a search warrant: in this particular case, Google has declined to abide by court orders to turn over data tied to 22 e-mail accounts.

“Willful and contemptuous,” the government called it.

At any rate, back to that transparency report; Google also discloses the number of National Security Letters (NSLs) it receives. These are requests for information that the US government makes, via the FBI or other government agencies in the executive branch, in the course of conducting national security investigations. The FBI can use an NSL to seek a user’s name, address, length of service, and local and long-distance phone records. The Electronic Communications Privacy Act (ECPA) forbids the FBI from using NSLs to obtain content: no Gmail content, no search queries, no YouTube watch lists nor user IP addresses.

No surprise here: the number of NSLs Google receives has been climbing. Reporting in bands of 500, Google says that it received between 1000 and 1499 NSLs.

Last week, Apple also released its latest transparency report (PDF) outlining government data requests received in the first half of this year, from 1 January to 30 June.

Apple strives to make its reports detailed. One of the information-request buckets it provides data for is how many requests for information regarding devices it receives. Examples of such requests are law enforcement agencies trying to help people find their lost or stolen devices. This category also covers information about devices that are suspected of being used in fraud. These type of requests generally look to find out details on the customers who are either connected to the devices themselves and/or to Apple services.

In the US, Apple received 4479 requests for 8958 devices and provided data 80% of the time (in 3565 cases). Worldwide, Apple received 30,814 requests for data from 233,052 devices and provided data 80% of the time (in 23,856 cases).

For whatever reason(s) – more people losing their phones? More phone thieves? More fraudsters? – Germany sticks out like a sore thumb in this category. Germany accounts for 12,677 requests for data on 24,446 devices. And as far as overall regions go, there’s quite a lot going on in Asia Pacific: 160,221 devices were the subject of 6120 data requests.

Overall demands for data were slightly down compared to requests during the second half of 2016: Apple got 30,184 requests that covered 151,105 devices during that time period.

But Apple disclosed a much higher number of national security requests that include orders received under FISA and NSLs. According to Apple, to date, it has not received any orders for bulk data.

Apple says that in the first half of this year, it received between 13,250-13,499 national security letters. Between 9000-9249 accounts were affected. It was able to declassify a big fat 0% of those letters.

That’s a huge jump over the second half of last year. Between 1 July and 31 December 2016, Apple reported (PDF) receiving between 5750-5999 NSLs. The orders affected between 4750-4999 accounts, and Apple declassified only one of the NSLs.