In this age of NSA leaks and telephone tapping of (now) outraged global leaders, the government also asks a lot of questions about people’s digital lives. Whether that shocks or interests you personally, it should worry you a bit professionally, as marketers and business owners are unfortunate “collateral damage” in the public and policy reaction to government surveillance.
The trend is clear: since July 2009, global government requests for Google users’ information have more than doubled to 25,879 requests in the first half of 2013, according to the company’s latest transparency report released last week. In that time, the US government requests have more than tripled, to 10,918 requests.
The majority of requests are subpoenas and warrants (which each have unique legal authority), and Google breaks down the requests into categories: wiretaps, pen registers and disclosures made in connection with life-threatening emergencies. In the full report on U.S. requests, Google explains the legal authority behind each kind of order. In most cases, the company cites the Electronic Communications Privacy Act (ECPA), a law that’s currently being considered for updates in Congress.
The company’s related blog post emphasized what the company wanted to share, but could not.
“We want to go even further. We believe it’s your right to know what kinds of requests and how many each government is making of us and other companies. However, the U.S. Department of Justice contends that U.S. law does not allow us to share information about some national security requests that we might receive. Specifically, the U.S. government argues that we cannot share information about the requests we receive (if any) under the Foreign Intelligence Surveillance Act. But you deserve to know,” the blog reads.
This seems to be more than a volume game. The report suggests that law enforcement is relying more and more heavily on its ability to force companies to turn over information — with or without a warrant. Since Google’s last report in 2012, the number of requests from law enforcement agencies has increased by 29 percent, consequently increasing the number of accounts impacted by these requests by 47 percent.
Aside from the implications for FISA court reform that Google discusses in their blog, what does this have to do with business? Two things: the need to separate the responsible use of marketing data from government spying in the minds of both consumers and policy makers; and the need to ensure current regulation is updated to meet modern business needs.
- All too often in our national conversation about privacy, responsible data-driven marketing practices are lumped in with government spying or illegal uses of data. We must stay vigilant to educate consumers and policy makers on the difference. Marketing data used for marketing purposes provides huge value to consumers (think free hotel rooms from your loyalty program or free access to leading journalism) as well as to the economy. A recent report from the Data-Driven Marketing Institute found that marketing data (including the flow of data between companies) is a $156 billion industry. Without this education and vigilance, there is a very real risk that the use of marketing data will be regulated and/or limited. Imagine the cost to your business if you could no longer use marketing data. That — and a $156 billion economy — is what’s at stake.
- The law meant to safeguard electronic communications from government surveillance is woefully out of date. Enacted in 1986, the Electronic Communications Privacy Act (ECPA) was meant to stop federal agents from extracting electronic information from digital sources without a warrant. Specifically, the law says that federal investigators need a warrant to access email, whether the message is in transit or stored on a server. The catch: You don’t need a warrant if the email is more than 180 days old.
Now, this worked just fine in 1986, before the age of free Internet-based email services and cloud-based storage. Back then, the idea of keeping emails more than 180 days would have sounded crazy. ECPA was meant to protect electronic communications, but as technology evolved, it became a massive, gaping loophole for law enforcement. It’s time to close the gap.
Google, other big technology players and certainly DMA as the industry trade association (full disclosure: I work for DMA) have been working with Congress to have this law updated to safeguard the responsible use of data and protect user privacy. A new Data Protection Alliance is being formed by DMA to give industry participants a collective voice on these issues.