Who's looking at your data? - A loosening of words in the terms and conditions of major websites could see government surveillance becoming commonplace, warns an Australian internet law expert.
David Vaile of the UNSW Cyberspace Law and Policy Centre said he had seen the terms of web companies including Google move from using phrases such as “court order” to the more worrying “government request” in recent years.
David Vaile ... says web giants are loosening legal terms. Photo: Louie DouvisThe former would require a court to inspect and approve requests for user data, while the latter could lead to “fishing expeditions” by government departments acting independently, Mr Vaile told Fairfax Media.
“The whole point [of obtaining a court order or search warrant] is that it's a very intrusive power and something that is necessary in some circumstances, but shouldn't be available on an open-ended basis,” he said.
“In some situations they might still need to do that, but in others they might need merely to make what some of the online services coyly describe in their terms of use as a 'government request'.
“The danger is that without that restraint it becomes something that is routine.”
Mr Vaile said he believed authorities were currently trying new ways to extract data from web companies without obtaining a search warrant, but the success of those attempts came down to the company involved.
“I think there is a range of different approaches being taken and there's a range of different reactions from the various online hosts and social networking sites to such approaches,” he said.
Google's updated Privacy Policy, which was launched earlier this month, says the web giant will disclose user data when necessary to “meet any applicable law, regulation, legal process or enforceable governmental request”.
It is understood requests for user data must be made in writing to the company's Australian office, be signed by a law enforcement agent and state which law the request has been made under.
A Google spokesperson would not discuss the specific details of requests but told Fairfax: “Whenever we receive a request we make sure the authority has followed appropriate legal procedures and that it meets the spirit of the law before complying.
“We have a team specifically trained to evaluate and respond to requests. If we believe a request is overly broad, we will seek to narrow it. When possible and legal to do so, we notify users about requests for user data that may affect them.”
Google makes the number of requests for user information from authorities in each country public under its Transparency Report. In the first half of 2011, it received 361 government requests from Australia, 73 per cent of which – about 263 – were granted.
The company does not track how many requests are made internationally for data belonging to Australian users.
Less information is available about the number of requests made by authorities to Facebook. Communications and policy manager Mia Garlick did not provide a figure, but said the company did have a local contact for authorities.
“Nothing is more important than the safety and security of our users, which is why we have a strong relationship with Australian law enforcement agencies and resources in place to provide assistance, including a local contact point,” she said.
“Our goal is to respect the balance between law enforcement's need for information and the privacy rights of the people who use our site.”
Facebook's Data Use Policy states that the company “may share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good-faith belief that the law requires us to do so”.
The company also has a publicly available set of guidelines for law enforcement officers which states that requests made in the US must include a valid subpoena, court order or search warrant.
When it comes to requests for data from overseas authorities, such as those in Australia, the guidelines say: “We disclose account records solely in accordance with our terms of service and applicable law.”
If authorities want Facebook not to alert a user that their data has been released, they must obtain an appropriate court order or show a “risk of harm”, according to the guidelines.
While information security was a troubling matter for Mr Vaile, he said many people failed to realise how serious the issue was because privacy violations were often hidden from view.
“When something happens, often the individual can't trace through what has occurred,” he said.
“You know, why did I get arrested for that? Or why didn't I get a visa for there? Or how come I didn't get that job? Or why has my insurance just gone up?
“Often the connection is a little bit too remote to join the dots and understand the consequences, so you have a situation where it's hard to actually work out what the cause was.” ( smh.com.au )
David Vaile of the UNSW Cyberspace Law and Policy Centre said he had seen the terms of web companies including Google move from using phrases such as “court order” to the more worrying “government request” in recent years.
David Vaile ... says web giants are loosening legal terms. Photo: Louie Douvis
“The whole point [of obtaining a court order or search warrant] is that it's a very intrusive power and something that is necessary in some circumstances, but shouldn't be available on an open-ended basis,” he said.
“In some situations they might still need to do that, but in others they might need merely to make what some of the online services coyly describe in their terms of use as a 'government request'.
“The danger is that without that restraint it becomes something that is routine.”
Mr Vaile said he believed authorities were currently trying new ways to extract data from web companies without obtaining a search warrant, but the success of those attempts came down to the company involved.
“I think there is a range of different approaches being taken and there's a range of different reactions from the various online hosts and social networking sites to such approaches,” he said.
Google's updated Privacy Policy, which was launched earlier this month, says the web giant will disclose user data when necessary to “meet any applicable law, regulation, legal process or enforceable governmental request”.
It is understood requests for user data must be made in writing to the company's Australian office, be signed by a law enforcement agent and state which law the request has been made under.
A Google spokesperson would not discuss the specific details of requests but told Fairfax: “Whenever we receive a request we make sure the authority has followed appropriate legal procedures and that it meets the spirit of the law before complying.
“We have a team specifically trained to evaluate and respond to requests. If we believe a request is overly broad, we will seek to narrow it. When possible and legal to do so, we notify users about requests for user data that may affect them.”
Google makes the number of requests for user information from authorities in each country public under its Transparency Report. In the first half of 2011, it received 361 government requests from Australia, 73 per cent of which – about 263 – were granted.
The company does not track how many requests are made internationally for data belonging to Australian users.
Less information is available about the number of requests made by authorities to Facebook. Communications and policy manager Mia Garlick did not provide a figure, but said the company did have a local contact for authorities.
“Nothing is more important than the safety and security of our users, which is why we have a strong relationship with Australian law enforcement agencies and resources in place to provide assistance, including a local contact point,” she said.
“Our goal is to respect the balance between law enforcement's need for information and the privacy rights of the people who use our site.”
Facebook's Data Use Policy states that the company “may share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good-faith belief that the law requires us to do so”.
The company also has a publicly available set of guidelines for law enforcement officers which states that requests made in the US must include a valid subpoena, court order or search warrant.
When it comes to requests for data from overseas authorities, such as those in Australia, the guidelines say: “We disclose account records solely in accordance with our terms of service and applicable law.”
If authorities want Facebook not to alert a user that their data has been released, they must obtain an appropriate court order or show a “risk of harm”, according to the guidelines.
While information security was a troubling matter for Mr Vaile, he said many people failed to realise how serious the issue was because privacy violations were often hidden from view.
“When something happens, often the individual can't trace through what has occurred,” he said.
“You know, why did I get arrested for that? Or why didn't I get a visa for there? Or how come I didn't get that job? Or why has my insurance just gone up?
“Often the connection is a little bit too remote to join the dots and understand the consequences, so you have a situation where it's hard to actually work out what the cause was.” ( smh.com.au )
No comments:
Post a Comment