Today, we’re releasing the latest version of our Transparency Report regarding government requests for user data. In the second half of 2016, we received over 45,000 government requests for user data worldwide. This is the most government requests we’ve received for user data in a six-month period since we released our first transparency report in 2010.
In many ways, this shouldn’t be surprising. As more people use more of our services, and as we offer new ones, it is natural that we are seeing an increase in government requests. For example, Gmail had around 425 million active users in 2012, and more than 1 billion by 2016. And as digital evidence increasingly becomes part of criminal investigations, other companies are seeing similar trends. We of course continue to require appropriate legal process for these requests, resist overbroad requests not narrowly calibrated to legitimate law enforcement requirements, and reform modernization of data surveillance laws.
Cross-border requests for data continue to account for a substantial portion of overall requests, with over 31,000 in the second half of 2016 coming from outside of the United States.. This volume underscores the need for an improved international framework that meets legitimate law enforcement needs and ensures high standards of due process, privacy and human rights. The Mutual Legal Assistance Treaty (MLAT) process facilitates the production of digital evidence in cross-border investigations (when the crime occurs in one country but data is held by a company in another country). But the MLAT process is often slow and cumbersome: on average, it takes 10 months to process an MLAT request in the United States. That’s a long time for an investigator to wait.
Without better and faster ways to collect cross-border evidence, countries will be tempted to take unilateral actions to deal with a fundamentally multilateral problem. A sustainable framework for handling digital evidence in legitimate cross-border investigations will help avoid a chaotic, conflicting patchwork of data location proposals and ad hoc surveillance measures that may threaten privacy and generate uncertainty, without fundamentally advancing legitimate law enforcement and national security interests.
We believe that governments can develop solutions that appropriately balance the various interests at stake. This includes respecting the legitimate privacy rights of users, wherever they are, as well as the obligations of governments to investigate crimes and protect their residents. The conversation should include a broad group of stakeholders, including not just law enforcement and national security perspectives, but also the voices of citizens, civil society groups and providers of information services that cross national borders.
This discussion will raise difficult questions about the scope of government surveillance powers, the extent of digital jurisdiction, the importance of rapid investigations, and privacy rights in the Internet age—fundamental issues that can’t be adequately addressed by courts using antiquated legal standards or by governments acting in an ad hoc fashion.
We look forward to sharing more thoughts about the legal frameworks that can address some of these challenges in the coming weeks and months. And we look forward to working with relevant stakeholders to craft viable and lasting solutions.