Facebook shares users’ information with the UK police 80 percent of the time when the situation is deemed an emergency, even if there is no legal warrant demanding they do so.
The social network released figures this month showing the number of times they agree to requests for users data from law enforcement, breaking it out between emergency requests and requests made through legal processes.
The data, for July to December 2016, shows that the social network hands over user data 90 percent of the time when a legal request is made, and 80 percent of the time when a non-legal ’emergency’ request is made.
Facebook defines an emergency request as when “we have a good faith reason to believe that the matter involves imminent risk of serious physical injury”.
This equates to 997 approved ’emergency’ request for the period, up from 731 in the first half of the year.
Generally Facebook will hand over basic subscriber information, such as name, registration date and length of service. The company may also provide more in-depth IP address logs or account content though, depending on the request.
Facebook says that it will require a Mutual Legal Assistance Treaty request when it comes to disclosing account content, instead of basic information.
This includes requests made of all Facebook owned entities, so requests for user information on Instagram, WhatsApp, Messenger and Facebook itself. WhatsApp is end-to-end encrypted, so law enforcement won’t be able to see conversation content, but will be able to see basic subscriber information. Facebook Messenger is not end-to-end encrypted unless you are using the ‘secret conversations’ feature.
Despite complying with the vast majority of requests, Facebook states that it carefully checks that they are “legally sufficient” and rejects requests which are “overly broad or vague.” The company will even seek outside counsel if it is unsure of the legal relevance of a request.
In an accompanying blog post to the data, Facebook’s deputy general counsel Chris Sonderby reiterated that: “We apply a rigorous approach to every government request we receive to protect the information of the people who use our services. We scrutinise each request for legal sufficiency, no matter which country is making the request, and challenge those that are deficient or overly broad. We do not provide governments with “back doors” or direct access to people’s information.”
The national press response to this data release was mainly in-line with the government party line: why would the social network not comply with 100 percent of requests when a life is in danger? The problem is, with no transparency into the process, the proportionality of the requests is down to an American technology company’s own, opaque judgement.
im Killock, executive director of Open Rights Group says: “The problem with Facebook’s report is that we don’t know exactly why some police requests were refused. We need much more transparency, not just through Facebook’s transparency reports but also from oversight bodies such as IOCCO [Interception of Communications Commissioner’s Office], about why data requests are made and how they are used.”
“In December, the Court of Justice of the European Union ruled that there should be independent authorisation when the police or other government departments request retained data from companies. The Court also ruled that individuals should also be informed about requests for retained data.
“Complying with this ruling for all data requests would help to ensure that requests are necessary and proportionate and in turn increase public confidence in the process.
In short, Facebook releasing just these top line statistics looks like yet another half measure, much like its approach to combating fake news or to police violent content on its platform using human moderators.
This data, and the sort of response it brought from the national media, will only help strengthen the government’s attempts to erode citizens online privacy. For example, home secretary Amber Rudd has been very public in her demands that tech companies like WhatsApp build backdoors so that security services can access content when it needs to.