Today, we’re releasing the latest version of our Transparency Report regarding government requests for user data. In the second half of 2016, we received over 45,000 government requests for user data worldwide. This is the most government requests we’ve received for user data in a six-month period since we released our first transparency report in 2010.
In many ways, this shouldn’t be surprising. As more people use more of our services, and as we offer new ones, it is natural that we are seeing an increase in government requests. For example, Gmail had around 425 million active users in 2012, and more than 1 billion by 2016. And as digital evidence increasingly becomes part of criminal investigations, other companies are seeing similar trends. We of course continue to require appropriate legal process for these requests, and resist overbroad requests not narrowly calibrated to legitimate law enforcement requirements.
Cross-border requests for data continue to increase over time as well, from 30,755 requests from countries other than the United States in the first half of 2016 to 31,877 in the second half of the year. This underscores the need for an improved international framework that meets legitimate law enforcement needs and ensures high standards of due process, privacy and human rights. The Mutual Legal Assistance Treaty (MLAT) process facilitates the production of digital evidence in cross-border investigations (when the crime occurs in one country but data is held by a company in another country). But the MLAT process is too often slow and cumbersome: on average, it takes 10 months to process an MLAT request in the United States. That’s a long time for an investigator to wait.
Without better and faster ways to collect cross-border evidence, countries will be tempted to take unilateral actions to deal with a fundamentally multilateral problem. A sustainable framework for handling digital evidence in legitimate cross-border investigations will help avoid a chaotic, conflicting patchwork of data location proposals and ad hoc surveillance measures that may threaten user privacy and generate uncertainty for users and businesses, all without fundamentally advancing legitimate law enforcement and national security interests.
We believe that governments can develop solutions that appropriately balance the various interests at stake. This includes respecting the legitimate privacy rights of users, wherever they are, as well as the obligations of governments to investigate crimes and protect their residents. These issues must be addressed by a broad group of stakeholders, including governments, citizens, civil society groups and providers of information services that cross national borders.
This discussion will raise difficult questions about the scope of government surveillance powers, the extent of digital jurisdiction, the importance of rapid investigations, and privacy rights in the Internet age — fundamental issues that can’t be adequately addressed by courts using antiquated legal standards or by governments acting in an ad hoc fashion.
We look forward to sharing more thoughts about the legal frameworks that can address some of these challenges in the coming weeks and months. And we look forward to working with relevant stakeholders to craft viable and lasting solutions.