Many headlines yesterday about two bloggers who received visits — and subpoenas — from the Transportation Security Administration after publishing a security directive that was emailed to them anonymously. The source used a Gmail account. So did Google get a subpoena, too? The company says it can’t comment either way, sending me this statement:
We don’t talk about individual cases to help protect all our users. Obviously, we follow the law like any other company. When we receive a subpoena or court order, we check to see if it meets both the letter and the spirit of the law before complying. And if doesn’t we can object or ask that the request is narrowed. We have a track record of advocating on behalf of our users.
Google quite famously — and successfully — fought a US Justice Department subpoena in 2006 that wanted access to search records in general, in relation to research it wanted to conduct on prevalence of child pornography in search results and requests. But since that time, the company has not gained headlines for fighting small scale subpoenas for information.
Indeed, earlier this year, Google revealed the name of a person who anonymously called model Liskula Cohen a “skank” using its Google’s Blogger service. Google did so in response to a court order. Also earlier this year, it handed over the names of some Gmail users. Google has also given out similar information in response to requests it deems legitimate in previous years.
I can think of no big cases where where it has come to light that Google has fought against a subpoena for someone’s identity (it did fight one we know of over competitive information from someone’s AdWords account). In contrast, when Facebook received a subpoena in a legal case out of Virgina earlier this year, it refused to provide the complete contents of a user’s account, causing the state to back-off.
So does Facebook have a better track record than Google? Is Google’s track record really just down to its one time action in 2006? It’s really hard to say. There could be plenty of requests that Facebook has honored that haven’t come to light. There could also be plenty of requests that Google has fought that haven’t come to light. Perhaps both companies should look into ways in ensuring their complete track record on this front is fully known.
Of course, complicating matters is the US Patriot Act. That made it possible for companies to get requests for information and prevent the companies from even saying they’d been ordered to provide data. A district court judge ruled that secrecy provision unconstitutional in 2007. In 2008, the Internet Archive managed to fight off one such request and the privacy provisions that went with it. But it’s not clear to me that the secrecy of such requests has been entirely lifted. I’ll check on this.
At any rate, the very best way for the TSA to learn the identity of its leak would be going to Google directly, rather than the two bloggers. Personally, it also feels like a huge waste of time for the TSA to be conducting such a hunt, when the security directive was sent out to apparently thousands of people worldwide, some of whom might not even fall under the jurisdiction of secrecy restrictions the TSA wants to impose.
Postscript: Boing Boing has an update on current developments, and Tnooz has a good update with one of the bloggers fighting. That’s Chris Elliott — and still makes me smile to be writing about him (though I wish in better circumstances. We were both editors for our campus newspaper at UC Irvine).