There was a time in the not so distant past when hardly any Internet company wanted to release a transparency report—a report that summarized the number of law enforcement and intelligence requests that they received and responded to. What started with just Google and Twitter in 2010 and 2012, respectively, has become a steady stream of companies joining the bandwagon in the wake of Edward Snowden’s revelations. Companies that had no interest in reporting one year ago now hold out their reports in an attempt to earn back eroded customer trust. The problem is that transparency reports actually tell us very little about whether we should trust these companies.
According to Google’s latest transparency report, in the first six months of 2013, they received 25,879 requests for user data, and complied with 65 percent of them. Sounds like big numbers. And they are. As Google points out in their report, the number of requests has doubled since 2010. But what does that tell us about Google? Less than you might think.
The number of requests for user data that companies receive speaks only to the aggressiveness of law enforcement and intelligence agencies. The number of requests companies comply with is only slightly more within their control; although companies have some discretion in determining what data falls within a request and what requests are overbroad, they can no more reject valid legal requests than they can ignore environmental laws or wage laws in countries in which they operate. When we see a company comply with fewer requests than their peers, we’d like to think that’s because they were fighting on our behalf, but it could be simply because they received a larger number of requests that were too vague to answer. From a numbers standpoint, the two scenarios look identical in a transparency report.