US Tech Companies Alert Users to Data Requests, Data Requestors Get Huffy

| News

US technology companies are increasingly ignoring suggestions to keep data requests secret from users, according to the Washington Post. Not only are these requests ignored, but that ignoring has started to become policy.

Government agencies angry over business data transparency policiesGovernment agencies angry over business data transparency policies

A criminal investigation sometimes leads to a subpoena from a company such as Apple, Facebook, or Google. Instead of keeping it quiet, user policy agreements are being updated to notify users if their data is part of that investigation. Subpoenas have instructions on the front asking that subjects of data requests not be alerted, and that is the part being ignored.

Subpoenas are legal requests for information, where compliance can more easily be contested. Warrants are legal demands where compliance is the only option. A subpoena can be disputed in court before the request is followed. A warrant can only be sorted out afterwards. Or in simpler terms, a subpoena means “You should give me this,” where a warrant means “look what I just took.”

The best news here comes from Albert Gidari Jr, a partner at Perkins Coie who represents several technology companies. “It serves to chill the unbridled, cost-free collection of data,” he said.

On the upside, this means sometimes data requests are dropped so the subject doesn’t learn about the investigation. On the downside, this is not 100% of data seizure requests made. Certain types of investigations come with legally binding gag orders, where no notification is possible.

It is worth noting that a factory reset is apparently exceptionally thorough, since forensic investigators have complained they are unable to salvage data from a restored device.

It can be confusing to follow, but I recommend reading the piece at the Washington Post since it outlines the evolution of data requests over the years, and how those requests are being handled by different companies.

[Some image elements courtesy Shutterstock]

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

It's good to know this is starting to change, but it's concerning to know that mobile providers are releasing data hand over fist without any sort of notification. Even just the tiny bit of justification required is better for me, because I'd like to know there's at least a teeny weeny reason why anyone needs to know just how much time I spend Callin' Oates.

Popular TMO Stories



The headline in the WashPost reads that Apple and others “defy authorities” and notify users of “secret data demands”.

That’s overstating it a bit. The “demands” of a subpoena aren’t so much demands as threats—such as “do this or answer to the Judge”.A warrant, on the other hand, is an order from the Judge, and is essentially saying “do this or go to jail”. Big difference.

Also different is the fact that subpoenas are issued by prosecutors, D.A.s etc and, although authorized generally by a Judge, are not the same as warrants. Warrants are issued when there’s “probable cause” but subpoenas only require that what’s sought be “relevant”.

When a Judge issues a warrant, he/she can include a gag order with it to prevent notification to the target of the investigation. Apple and the others have said that they have and will continue to comply with this. Similarly, if, for example, a D.A. wants to issue a subpoena but make sure that it’s not disclosed, he/she can get a gag order to go with it - and that comes from the Judge. And Apple and the others will comply with it. No problem.

So the REAL issue behind all the “government agency” complaints is not “risks of endangering life, risking destruction of evidence, or allowing suspects to flee or intimidate witnesses ” as was claimed in the article. It’s just that these law enforcement folks will have to convince a Judge that secrecy is justified. That’s more work for them, compared to the “easy street” mechanism they’ve been using since 9/11. But that’s their job.

The key issue here is that no individual or organization should have the unchecked power to force disclose of private information. If it is a two-party event, such as a D.A. going to the Judge and a Judge that asks questions etc. then there is not a problem. But single-party demands, such as the infamous “National Security Letters” are not in reasonable compliance with the requirements of the Fourth Amendment. And most certainly not for secrecy.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account