Law enforcement authorities are permitted to confidentially request personal data from Facebook to obtain account details ranging from IP addresses, photos, messages, credit card details and email addresses. Every six months, Facebook provides details on the number of requests, the number of accounts specified in the requests, and the percentage granted for each country.
The latest report has revealed the number of data requests is on the up, with substantial increases from authorities in the US, UK, France and Germany. Compared to this time last year, the number of requests from the US has grown from 23,854 to 32,716, while those from the UK, Germany and France rose by 1,376, 1,516 and 937, respectively. At a global level, requests increased by 21 percent from the second half of 2016.
Not all requests are secret, but 57 percent of those from the US were accompanied with a non-disclosure agreement prohibiting the company from notifying the user.
There has also been a slight increase in the percentage of requests that have prompted data to be disclosed. Approximately 74 percent of all requests were granted – at least in part – during the first half of 2017, compared to 70 percent in the same period of 2016, according to The New Economy’s calculations. In the first six months of 2013, when the transparency reports first began, approximately 62 percent were granted.
Approximately 74 percent of all government requests for Facebook user data were granted – at least in part – during the first half of 2017
The report covers every information request from across the world over the first half of the year – apart from those subject to national security delays. They cover the full range of products owned by Facebook including Messenger, WhatsApp and Instagram, as well as the Facebook site itself. According to Facebook, the “vast majority” of such requests are related to criminal cases such as robberies and kidnappings.
When responding to requests, the company follows guidelines that are based on its own company policy and adapted to the relevant country’s laws. For instance, in order for US law enforcement to compel the disclosure of messages, photos and location information, they must provide a valid search warrant and have ‘probable cause’. To access more basic information, such as names and email addresses, only a valid subpoena in connection with an official investigation is required.
Outside of this framework, the company can also voluntarily disclose information in emergencies when there is a “good faith reason to believe that the matter involves imminent risk of serious physical injury or death”.
In a foreword to the report, the company stated: “If a request appears to be deficient or overly broad, we push back, and will fight in court, if necessary.
“We’ll also keep working with partners in industry and civil society to encourage governments around the world to reform surveillance in a way that protects their citizens’ safety and security while respecting their rights and freedoms.”