Apple, Facebook, Google, Microsoft Boost Data Request Disclosure Rules

A number of major US technology companies, including Apple, Facebook, Google and Microsoft, are changing their policies to expand the cases in which they will automatically notify users of data requests from the government.

The changes, reported by The Washington Post, are in response to the revelations of large-scale data collection activities by the National Security Administration (NSA), and IT companies’ role in those activities. The public controversy over this issue has led companies to seek ways of reassuring customers over the privacy of their data.

Routine notification

The policy changes will not, however, affect the data requests used by the NSA or those used by the FBI in national security investigations, both of which carry binding gag orders.

In general, the changes mean that these companies will seek to automatically notify users of a government request for data such as email, unless specifically gagged.

The shift means that routine data requests, such as those covered by subpoenas, could become more difficult for law-enforcement bodies, since they will now run the risk that the person targeted by the request could destroy data before it can be collected. Law-enforcement bodies may now be obliged to seek measures with more stringent standards, such as search warrants, or to go to a judge to seek a gag request.

Yahoo has had a policy on routinely notifying users of data requests since July, and Twitter has had such a request in place for several years.

Google, which already notified users of some requests, updated its policy last week to add details of the few situations in which notification is withheld, such as if there is an imminent risk of physical harm to a potential crime victim.

Policy changes

Apple, Facebook and Microsoft are also planning imminent policy changes to expand the cases in which they notify users, according to the Post’s report.

The US Justice Department said in a statement that the companies’ new policies weaken the ability of law enforcement bodies to protect potential crime victims.

“These risks of endangering life, risking destruction of evidence, or allowing suspects to flee or intimidate witnesses are not merely hypothetical, but unfortunately routine,” said a Justice Department spokesman.

The Electronic Privacy Information Centre (EPIC) applauded the changes. “It could slow the investigative process down,” Marc Rotenberg, the group’s executive director, told The Wall Street Journal. “But that’s the point.”

Are you a security pro? Try our quiz!