Data Protection

Twitter gives user data to U.S. 7 times out of 10

January 17th, 2013

Twitter gives government agencies in the United States at least some of the information they ask for on users 69 percent of the time.

That data and much more about how the social network responds to government requests for user information, as well as demands to remove tweets and reports of copyright violations was part of Twitter’s second so-called transparency report, which it issued today “in celebration of”Data Privacy Day. Google issued such a report today as well.

“We’ve been thinking about ways in which we can more effectively share this information, with an aim to make it more meaningful and accessible to the community at large,” Twitter wrote in a blog post. “We believe the open exchange of information can have a positive global impact. To that end, it is vital for us (and other Internet services) to be transparent about government requests for user information and government requests to withhold content from the Internet; these growing inquiries can have a serious chilling effect on free expression — and real privacy implications.”

In the report, Twitter said that, worldwide, it received 1,858 requests from governments for information about users in 2012, as well as 6,646 reports of copyright violations, and 48 demands from governments that content they deem illegal be removed.

Although Twitter has a responsibility to provide information on users as a result of official actions like subpoenas and court orders, the company has long taken the public position that it protects users’ privacy and anonymity whenever possible. For example, last August, the company fought police attempts in New York to get information on an Occupy Wall Street protester’s account, claiming that law enforcement did not adequately follow the Constitution’s safeguards against invasion of privacy.

“It’s our continued hope that providing greater insight into this information helps in at least two ways,” Twitter continued in its blog post: “first, to raise public awareness about these invasive requests; second, to enable policy makers to make more informed decisions. All of our actions are in the interest of an open and safe Internet.”

Privacy advocates seem to agree. In an email sent to CNET, the Electronic Frontier Foundation’s Trevor Timm lauded Twitter’s report and its attempts to maintain users’ freedoms and privacy. “I think this is the most detailed transparency report that we’ve seen from any Internet company and it should become a model for other companies, especially Facebook,” Timm told CNET. “Facebook is by far the largest social media site, yet has so far refused to release transparency reports to show us how much information the government is requesting and how much they comply.

“The first step in combating unreasonable government surveillance is information. And these transparency reports are vital in that fight. Cell phone carriers should start releasing them on a yearly basis as well.”

It will likely be interesting to many people to see how many times governments around the world ask Twitter to provide information about users in their countries, as well as how often the company decides it has no choice but to comply with those requests. The transparency report includes a section detailing “actionable” demands — meaning situations in which Twitter is legally responsible to provide what is asked for — from every country, as well as a second section focusing solely on the United States.

China is missing from the report, as Twitter is officially blocked there. And while there appears to be evidence that some Chinese are able to access Twitter, the company doesn’t have a responsibility to reply to that government, explained a Twitter spokesperson.

U.S. requests

From July 1 to December 31, 2012, Twitter said, it received a total of 1,009 requests for user information from 30 countries. Across the board, the company complied by providing some or all information demanded 57 percent of the time, covering a total of 1,433 user accounts.

Outside the U.S., Japan issued the most requests, asking Twitter for information on 75 users a total of 62 times. Yet Twitter complied just 5 percent of the time, it said. Brazil submitted 34 requests, covering 43 user accounts, and got some or all of what it was looking for 12 percent of the time.

By comparison, American government agencies were given at least some of what they were demanding in 69 percent of the 815 cases in which they asked, the report said. “As Twitter is based in San Francisco…the great majority of government information requests for user information we receive come from the United States,” the company wrote. “To increase transparency and insight, we’re introducing more in-depth details about these requests.”

According to the U.S.-only report, 60 percent of demands in the U.S. came in the form of subpoenas, while 11 percent were court orders, 19 percent were search warrants, and 10 percent were other official requests. Twitter said that in the cases of subpoenas, the requests “do not generally require a judge’s sign-off and usually seek basic subscriber information, such as the email address associated with an account and IP logs.”

Because of the Fourth Amendment to the U.S. Constitution, Twitter wrote, search warrants “typically require the most judicial scrutiny before they are issued, including a showing of probable cause and a judge’s signature. A properly executed warrant is required for the disclosure of the contents of communications (e.g., tweets, [and direct messages]).”

Twitter said that its general policy is to notify users when a government agency is demanding their information, “unless we are prohibited from doing so by law or in an emergency situation.” All told, it explained, less than 20 percent of cases involved such prohibitions issued “under seal.”

The EFF’s Timm said, “I don’t necessary blame Twitter for complying with valid subpoenas and warrants, since they are required to by law. It seems they have been vigilant in challenging unnecessarily broad legal requests. They only comply with 69 percent, while Google complied with 88 percent. And they’ve also written a detailed explanation of why they may not comply, and notify users whenever legally possible. The blame lies with the government for making so many warrantless requests and with Congress for not giving much of our electronic data more protection than just a subpoena.”

Added Timm, “It’s also great to see Twitter requires warrants for all content, despite [the Electronic Communications Privacy Act] not requiring it by law. It’s encouraging to see Google, Facebook, Microsoft, and Yahoo all come out and say this in the past week. The Fourth Amendment should protect the content of our email, just like it protects our physical letters and phone calls.”

Removal requests

Twitter has long held that its users have the right to post almost anything they want, as long as it isn’t illegal. But in some cases, it does respond when governments ask it to remove offending content.

According to the transparency report though, such cases are exceedingly rare. Between July and December, there were just 26 such court-ordered requests worldwide, Twitter said, and in just 5 percent of cases did it actually remove some or all of the content in question.

A recent situation involving a series of anti-Semitic tweets in France is one such case. And as a result, France’s removal requests were granted 100 percent of the time, the report detailed. But even so, that removal covered just 40 accounts, and only 44 individual tweets.

In the United States, by comparison, there were just two such requests between July and December.

Copyright takedowns

Although the parts of Twitter’s transparency report that are likely to get the most attention are the company’s responses to government officials for information on users, and the amount of offending content removed, it also contained interesting data on how often the company acted on demands that content posted to the social network contained copyright violations.

According to the report, Twitter received 3,268 take-down notices worldwide between July and December, and it’s agreed to comply with part or all of those requests 53 percent of the time.

Twitter said that when such requests are submitted, it notifies affected users. Among the types of media it has to remove as a result of these notices are “profile photos, header photos, background images, and Twitter-hosted media (e.g., pic.twitter.com).”

But Twitter also noted that it doesn’t comply with take-down notices for a number of reasons. In many cases, it said, such demands don’t supply adequate information for locating the allegedly offending content. And at the same time, it receives many “misfiled, non-copyright complaints” through its Web forms.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

China tightens the screws on Internet users

January 7th, 2013

The Chinese government is once again imposing new restrictions on Internet use.

A decision approved today by the Standing Committee of the National People’s Congress institutes an “identity management policy,” according to China’s official Xinhua news agency. Such a policy requires Internet users to use their real names when registering with an online provider or mobile carrier.

Though most Chinese Internet users already use their real names to sign up for online accounts, the new policy makes it the law.

Li Fei, deputy director of the Commission for Legislative Affairs of the Standing Committee, did acknowledge public concerns that the measure could “hamper the exposure of corruption cases online, public criticism lodged on the Internet, and the supervisory role of the Internet,” Xinhua said.

Several cases of public corruption in China have been unveiled on the Internet. The new policy could make it easier to track down citizens who expose such cases online.

But Li dismissed such concerns as “unnecessary” claiming that “identity management work can be conducted backstage, allowing users to use different names when posting material publicly.”

Further, Chinese service providers will now have to remove any Internet pages or other online information considered “illega,” and then turns that information over to the authorities. The authorities then have the legal right to halt publication and to punish those who posted the illegal information.

The decision also asks the public to report any such illegal online information to the authorities.

The policy doesn’t quite explain what information is considered illegal. But the Chinese government insists the law works in the best interests of its citizens, saying that the decision will “protect digital information that could be used to determine the identity of a user or that which concerns a user’s privacy,” according to Xinhua.

Further, the decision prevents service providers and government agencies from leaking the digital information of Internet users, and from selling or providing this information to others, Xinhua said.

But Li also added a warning in today’s press conference, according to Reuters.

“When people exercise their rights, including the right to use the Internet, they must do so in accordance with the law and constitution, and not harm the legal rights of the state, society… or other citizens,” Li said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta