[LINK] SMH: 'Web giants loosen fine print ...'
Roger.Clarke at xamax.com.au
Mon Mar 26 15:34:53 EST 2012
Web giants loosen fine print to allow government 'fishing
expeditions' for your data
The Sydney Morning Herald
March 26, 2012 - 3:06PM
A loosening of words in the terms and conditions of major websites
could see government surveillance becoming commonplace, warns an
Australian internet law expert.
David Vaile of the UNSW Cyberspace Law and Policy Centre said he had
seen the terms of web companies including Google move from using
phrases such as "court order" to the more worrying "government
request" in recent years.
The former would require a court to inspect and approve requests for
user data, while the latter could lead to "fishing expeditions" by
government departments acting independently, Mr Vaile told Fairfax
"The whole point [of obtaining a court order or search warrant] is
that it's a very intrusive power and something that is necessary in
some circumstances, but shouldn't be available on an open-ended
basis," he said.
"In some situations they might still need to do that, but in others
they might need merely to make what some of the online services coyly
"The danger is that without that restraint it becomes something that
Mr Vaile said he believed authorities were currently trying new ways
to extract data from web companies without obtaining a search
warrant, but the success of those attempts came down to the company
"I think there is a range of different approaches being taken and
there's a range of different reactions from the various online hosts
and social networking sites to such approaches," he said.
month, says the web giant will disclose user data when necessary to
"meet any applicable law, regulation, legal process or enforceable
It is understood requests for user data must be made in writing to
the company's Australian office, be signed by a law enforcement agent
and state which law the request has been made under.
A Google spokesperson would not discuss the specific details of
requests but told Fairfax: "Whenever we receive a request we make
sure the authority has followed appropriate legal procedures and that
it meets the spirit of the law before complying.
"We have a team specifically trained to evaluate and respond to
requests. If we believe a request is overly broad, we will seek to
narrow it. When possible and legal to do so, we notify users about
requests for user data that may affect them."
Google makes the number of requests for user information from
authorities in each country public under its Transparency Report. In
the first half of 2011, it received 361 government requests from
Australia, 73 per cent of which - about 263 - were granted.
The company does not track how many requests are made internationally
for data belonging to Australian users.
Less information is available about the number of requests made by
authorities to Facebook. Communications and policy manager Mia
Garlick did not provide a figure, but said the company did have a
local contact for authorities.
"Nothing is more important than the safety and security of our users,
which is why we have a strong relationship with Australian law
enforcement agencies and resources in place to provide assistance,
including a local contact point," she said.
"Our goal is to respect the balance between law enforcement's need
for information and the privacy rights of the people who use our
Facebook's Data Use Policy states that the company "may share your
information in response to a legal request (like a search warrant,
court order or subpoena) if we have a good-faith belief that the law
requires us to do so".
The company also has a publicly available set of guidelines for law
enforcement officers which states that requests made in the US must
include a valid subpoena, court order or search warrant.
When it comes to requests for data from overseas authorities, such as
those in Australia, the guidelines say: "We disclose account records
solely in accordance with our terms of service and applicable law."
If authorities want Facebook not to alert a user that their data has
been released, they must obtain an appropriate court order or show a
"risk of harm", according to the guidelines.
While information security was a troubling matter for Mr Vaile, he
said many people failed to realise how serious the issue was because
privacy violations were often hidden from view.
"When something happens, often the individual can't trace through
what has occurred," he said.
"You know, why did I get arrested for that? Or why didn't I get a
visa for there? Or how come I didn't get that job? Or why has my
insurance just gone up?
"Often the connection is a little bit too remote to join the dots and
understand the consequences, so you have a situation where it's hard
to actually work out what the cause was."
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link