[LINK] SMH: 'Web giants loosen fine print ...'

Roger Clarke Roger.Clarke at xamax.com.au
Mon Mar 26 15:34:53 AEDT 2012 

Web giants loosen fine print to allow government 'fishing 
expeditions' for your data
ANDREW RAMADGE
The Sydney Morning Herald
March 26, 2012 - 3:06PM
http://www.smh.com.au/digital-life/consumer-security/web-giants-loosen-fine-print-to-allow-government-fishing-expeditions-for-your-data-20120326-1vtz6.html

A loosening of words in the terms and conditions of major websites 
could see government surveillance becoming commonplace, warns an 
Australian internet law expert.

David Vaile of the UNSW Cyberspace Law and Policy Centre said he had 
seen the terms of web companies including Google move from using 
phrases such as "court order" to the more worrying "government 
request" in recent years.

The former would require a court to inspect and approve requests for 
user data, while the latter could lead to "fishing expeditions" by 
government departments acting independently, Mr Vaile told Fairfax 
Media.

"The whole point [of obtaining a court order or search warrant] is 
that it's a very intrusive power and something that is necessary in 
some circumstances, but shouldn't be available on an open-ended 
basis," he said.

"In some situations they might still need to do that, but in others 
they might need merely to make what some of the online services coyly 
describe in their terms of use as a 'government request'.

"The danger is that without that restraint it becomes something that 
is routine."

Mr Vaile said he believed authorities were currently trying new ways 
to extract data from web companies without obtaining a search 
warrant, but the success of those attempts came down to the company 
involved.

"I think there is a range of different approaches being taken and 
there's a range of different reactions from the various online hosts 
and social networking sites to such approaches," he said.

Google's updated Privacy Policy, which was launched earlier this 
month, says the web giant will disclose user data when necessary to 
"meet any applicable law, regulation, legal process or enforceable 
governmental request".

It is understood requests for user data must be made in writing to 
the company's Australian office, be signed by a law enforcement agent 
and state which law the request has been made under.

A Google spokesperson would not discuss the specific details of 
requests but told Fairfax: "Whenever we receive a request we make 
sure the authority has followed appropriate legal procedures and that 
it meets the spirit of the law before complying.

"We have a team specifically trained to evaluate and respond to 
requests. If we believe a request is overly broad, we will seek to 
narrow it. When possible and legal to do so, we notify users about 
requests for user data that may affect them."

Google makes the number of requests for user information from 
authorities in each country public under its Transparency Report. In 
the first half of 2011, it received 361 government requests from 
Australia, 73 per cent of which - about 263 - were granted.

The company does not track how many requests are made internationally 
for data belonging to Australian users.

Less information is available about the number of requests made by 
authorities to Facebook. Communications and policy manager Mia 
Garlick did not provide a figure, but said the company did have a 
local contact for authorities.

"Nothing is more important than the safety and security of our users, 
which is why we have a strong relationship with Australian law 
enforcement agencies and resources in place to provide assistance, 
including a local contact point," she said.

"Our goal is to respect the balance between law enforcement's need 
for information and the privacy rights of the people who use our 
site."

Facebook's Data Use Policy states that the company "may share your 
information in response to a legal request (like a search warrant, 
court order or subpoena) if we have a good-faith belief that the law 
requires us to do so".

The company also has a publicly available set of guidelines for law 
enforcement officers which states that requests made in the US must 
include a valid subpoena, court order or search warrant.

When it comes to requests for data from overseas authorities, such as 
those in Australia, the guidelines say: "We disclose account records 
solely in accordance with our terms of service and applicable law."

If authorities want Facebook not to alert a user that their data has 
been released, they must obtain an appropriate court order or show a 
"risk of harm", according to the guidelines.

While information security was a troubling matter for Mr Vaile, he 
said many people failed to realise how serious the issue was because 
privacy violations were often hidden from view.

"When something happens, often the individual can't trace through 
what has occurred," he said.

"You know, why did I get arrested for that? Or why didn't I get a 
visa for there? Or how come I didn't get that job? Or why has my 
insurance just gone up?

"Often the connection is a little bit too remote to join the dots and 
understand the consequences, so you have a situation where it's hard 
to actually work out what the cause was."


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law               University of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list