Google, Security Researcher Outline Data Privacy Protections
It's Data Privacy Day, a day when the world seeks to draw attention to how important it is to preserve online privacy and security. Google took the opportunity to share how it deals with government requests for user data.
David Drummond, senior vice president and chief legal officer at Google, noted that it's important for law enforcement agencies to pursue illegal activity and keep the public safe. Although Google complies with law enforcement, Drummond also keeps in mind laws that protect consumers against overly broad requests for personal information.
The keyword is balance. How does Google strike it?
"First, for several years we have advocated for updating laws like the U.S. Electronic Communications Privacy Act, so the same protections that apply to your personal documents that you keep in your home also apply to your e-mail and online documents," Drummond said. Second, we'll continue our longstanding strict process for handling these kinds of requests."
What Google Does for You
When government agencies ask for a user's personal information, Google does several things, including scrutinizing the request to make sure it satisfies the law and Google policies, evaluating the scope of the request, and notifying the user about legal demands when appropriate so the user can contact the entity requesting it or consult a lawyer.
Drummond said Google requires that government agencies conducting criminal investigations use a search warrant to compel the company to provide a user's search query information and private content stored in a Google account, such as Gmail messages, documents, photos and YouTube videos. Google believes such a warrant is required by the Fourth Amendment, which prohibits unreasonable search and seizure and overrides provisions in the electronic privacy act if they conflict.
"We've added a new section to our Transparency Report that answers many questions you might have," Drummond said. "And last week we released data showing that government requests continue to rise, along with additional details on the U.S. legal processes -- such as subpoenas, court orders and warrants -- that governments use to compel us to provide this information."
What You Can Do for Yourself
Lee Reiber, director of Mobile Forensics at Access Data, told us one of the biggest threats to data privacy comes through mobile devices. Reiber said the types of data accessible just by opening a phone and looking on a screen include contacts, e-mail and text messages, pictures and memos.
But cyber criminals can go deeper with widely available forensic technology and access any application data, including banking, social, Web and productivity apps. They can also access passwords, deleted call logs and e-mails and other data, Reiber said.
"Smartphones and tablets hold a treasure trove of information. Data recovered can include lists of LinkedIn contacts, your tweets, your SMS and your contacts. If you are reselling your old device on a site like Craigslist or eBay, you shouldn't include your SIM card since data is stored there as well as on the device," Reiber said.
"Because everything is location-based right now, I have analyzed phones where I could plug a latitude and longitude recovered from an application the user had installed on the phone into a browser and pull up a street view of someone's house."