There should be a wider list of who to notify.<p>For example, if the court request is "Hand over names of all users in this geographic region at this time", then <i>every</i> Google user should be notified. Many of the notifications will say "A court ordered us to check your location history. You were <i>not</i> in the relevant area at the relevant time, so we handed no further of your data to the court".<p>Such notifications would inform regular Joe how often and why the government is looking at his data.
So I actually received one of these notices from Google.<p>A few years ago detective in Massachusetts had subpoenaed all information having to do with my GMail address.<p>Not having done anything wrong it was very stressful time for me trying to figure out what the police were after.<p>Turns out some scammer had put down my email address (a common first name/ last name combo) on a form at a UPS store.<p>UPS being the terrible company it is didn't bother to verify said address. (And BTW refused to remove my address even after I repeatedly called their help line).<p>In the end I had to hire a lawyer a thousand miles away in order to contact the detective to try and clear up the situation.<p>Five things stick out in my memories of this incident:<p>1. If I was so inclined it would have been really easy to destroy all of my computers given the advance warning.<p>2. They attack surface was bigger than I could imagine. Given that I payed for Google Drive and used Google DNS Google knows everything about my online life including all the illegal things (copyright related) that the fuzz might find despite looking for something completely unrelated.<p>3. It is super easy to find oneself in a kafkaesque type situation where one if forced to try and prove a negative. "Yes that is my email address but I swear I never scammed someone out of their iPhone. Yes I know that's what actual scammers would say."<p>4. It would have been super easy to dismiss the warning email as spam.<p>5. They don't tell you why you where subpoenaed. I get Google doesn't know but it does leave (innocent) people to spin out into a paranoid frenzy.
I would like to see all gag orders be time-limited. And I'd like to see the vast majority of them not being for more than a year - very few investigations take over a year, so why should the gag order be longer?
> In Google’s case, the company typically lets users know which agency is seeking their information.<p>So, they dont have to let you know. :)<p>> Because of this, it’s important for providers such as Google to act as a check on law enforcement, Crocker said.<p>I feel safe now /s
<p><pre><code> We have a well-established process for managing requests from law enforcement for data about our users: when we receive a request, we notify users that their information has been requested, push back on overly broad requests to protect users’ privacy, and provide transparency around such requests in our transparency report
</code></pre>
As a non-native speaker of l'inglese, there's two ways my brain parses this - simultaneously:<p>(A) when we receive a request, we notify users (... well knowing they can't do anything ...), push back on overly broad requests to protect users' privacy (i.e., we do push back on requests that request we respect users' privacy, who do you think we are?!) and provide transparency ... ("only") in our "transparency" report<p>I.e., we very well sell the hide of anybody and everybody as quickly as possible, not only abiding by requests but filling in the blanks as well. Then we increment a counter "requests_served++" and include that in our transparancy "report" lol<p>(B) when we receive a request, we notify users (..to warn and enable them..), push back on overly broad requests IN ORDER TO protect users' privacy and provide transparency (as best as possible)<p>I.e., we are the good guys and actually try to serve our users as best as possible.<p>The sentence "we push back on overly broad requests to protect users' privacy" is at the center of this dichotomy for me. To clarify: we push back on (overly broad requests to protect users' privacy) vs. we push back on (overly broad requests) [in order] to protect users' privacy. To you native speakers: is there doubt which of the two are meant for you?
Short article. They have a soft paywall. Article text:<p><i>You’re scrolling through your Gmail inbox and see an email with a strange subject line: A string of numbers followed by “Notification from Google.”<p>It may seem like a phishing scam or an update to Gmail’s terms of service. But it could be the only chance you’ll have to stop Google from sharing your personal information with authorities.<p>Tech companies, which have treasure troves of personal information, have become natural targets for law enforcement and government requests. The industry’s biggest names, such as Google, Facebook, Twitter and LinkedIn, receive data requests — from subpoenas to National Security Letters — to assist in, among other efforts, criminal and non-criminal investigations as well as lawsuits.<p>An email like this one is a rare chance for users to discover when government agencies are seeking their data.<p>In Google’s case, the company typically lets users know which agency is seeking their information.<p>In one email The Times reviewed, Google notified the recipient that the company received a request from the Department of Homeland Security to turn over information related to their Google account. (The recipient shared the email on the condition of anonymity due to concern about immigration enforcement). That account may be attached to Gmail, YouTube, Google Photos, Google Pay, Google Calendar and other services and apps.<p>The email, sent from Google’s Legal Investigations Support team, notified the recipient that Google may hand over personal information to DHS unless it receives within seven days a copy of a court-stamped motion to quash the request.<p>That’s a high bar to clear in a short amount of time, said Paromita Shah, co-founder and executive director of immigration rights law firm Just Futures.<p>“What Google expects you to do is to quash the subpoena and that would require you to go to federal court,” Shah said. “I’d like to know how many people are gonna have the resources and the understanding that they have only seven days to hire an attorney to quash an ICE subpoena in federal court.”</i>