How much wiretapping is really going on?

How much wiretapping is really going on? Image by Victorgrigas [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons

In a previous article I described a situation I often encounter where discussions about law enforcement access to data immediately leap to wiretapping. Obviously wiretapping is worthy of careful consideration because it is a very intrusive measure and the oversight that is in place to prevent misuse of this measure must, of course, balance the needs of the investigation against the individual right to privacy of the suspect. I maintain that discussions about law enforcement access to data that focus exclusively on wiretapping grossly oversimplify of the situation. In this article I want to present some research that I have done to try to establish how much wiretapping is actually going on.

The results below indicate that the overwhelming majority of law enforcement requests received by Facebook, Google and Microsoft in 2017 (almost 96%) related to subscriber identity information/non-content data. Only 4.3% of all requests received resulted in disclosure of content in any form - and not all of these were in the form of wiretapping. Therefore, 4.3% is a huge overestimate of the amount of wiretapping requests being issued, with the vast majority of requests relating to subscriber information/non-content data.

In summary, to frame the law enforcement requirement for access to data in the context of wiretapping demonstrably misrepresents the requirements of law enforcement in the vast majority of criminal investigations.

Sources of Data

The only readily accessible sources of information that I have been able to find are the transparency reports published periodically by the various multinational service providers. For the purpose of this analysis, I have looked at the Google, Facebook and Microsoft transparency reports. The Amazon transparency report was also reviewed but the data it contained did not allow for any meaningful interpretation.

Analysis of Data

Because these corporations are all headquartered in the United States, all requests for content data must (apparently) be forwarded through the United States authorities. Therefore, the reporting on requests received for content data are only present in the figures for the United States. It is not possible to tell whether these orders originated with United States or international authorities.

Generally speaking the transparency reports include data in various categories and report on:

  • The number of requests of that type received
  • Percentage of requests of that type where some data produced
  • The number of users/accounts specified in all requests of that type

It is not possible using these three figures to definitely determine the percentage of accounts/users for which data was produced but for the purpose of generating some sort of estimate, it has been assumed that if the percentage of requests received is applied to the number of accounts requested this will yield a meaningful approximation. Of course, this estimation methodology will not be accurate if a small number of requests represent a large percentage of the requested users but more information would be required to discriminate between these possibilities.

Most organisations produce bi-annual transparency reports, so the figures that have been calculated here cover the entire year of 2017.

No explanatory notes are available for any of the source data so some educated guesses have been made. The following sections describe the interpretation of the data that has been used in each case.

Google

The Google data is available in a long, difficult to analyse spreadsheet where it is possible to find the number of requests of different types received from different countries. The categories of requests that are presented are (not all categories are present for all countries):

  • Emergency disclosure requests
  • Other court orders
  • Pen register orders
  • Preservation requests
  • Search warrants
  • Subpoenas
  • Wiretap orders

For the data of all countries apart from the United States, the most applicable figure for “all” requests for data received from that country appears to be the “Other Legal Requests” entry. For the United States figures, the figures that appear to best represent “all” requests for data received would seem to be the sum of the “Search Warrants” plus “Subpoenas” entries.

For the wiretapping calculation, only the United States figures contain wiretapping data, and in this case the sum of the “Pen Register Orders” and the “Wiretap Orders” entries have been used.

Facebook

Facebook produce two sets of transparency figures per year, one for the first half of the year and another separate set of data for the second half of the year. The data is presented in a tabular form with a single row of information for each country from which requests have been received.

No explanatory notes are available, so it has further been assumed that the columns titled

  • Total Data Requests,
  • Total users/accounts requested, and
  • Percent requests where some data produced

encompass all requests that have been received by Facebook, and the columns that relate to

  • Pen Register/Trap and Trace
  • Court Order (18 USC 2703(d))
  • Title III

encompass all requests that have been received by Facebook for wiretapping or other content disclosure. Brief searching online indicates that Title 18, Section 2703 of the US Code relates to the disclosure of the content of wire or electronic communication and Title III relates to electronic surveillance. Therefore, in the interests of over-representing rather than under-representing the wiretapping figures, all three of these sets of figures have been aggregated in the results below.

Microsoft

Microsoft produce two sets of transparency figures per year, one for the first half of the year and another separate set of data for the second half of the year. As with the other transparency reports, the figures do not allow determination of the percentage of accounts/users for which data was actually produced, only the percentage of requests for which data was produced is reported, but for the purpose of estimating it has been assumed that if the percentage of requests received value is applied to the number of accounts requested will yield a meaningful approximation. This estimation methodology will not be accurate if a small number of requests represent a large percentage of the requested users.

No data is provided about how many user accounts were subject of requests resulting in disclosure of content. The only figure provided is the total number of user accounts specified in all law enforcement requests.

Summary of Findings

 

 

 

Requests for subscriber data (from all jurisdictions) for which some data was produced

Total user accounts

Total content requests received for which some data was produced

Total user account content requests received

Percentage of requests for which some data was produced that were requests for content

Percentage of user accounts for which content was requested

 

 

Google

 

58,935[1]

100,774[2]

553[3]

1,328[4]

0.94%

 

1.32%

 

 

Facebook

 

120,249[5]

181,775[6]

6,541[7]

9,374[8]

5.44%

5.16%

 

Microsoft

 

32,046[9]

56,400[10]

2,002[11]

No Data

6.25%

No Data

 

Totals

 

211,230

338,949

9,096

-

4.3%

-

 

[1] The sum of the value of the total requests entry from the “Other Legal Requests” row for each country, multiplied by the corresponding percentage for H1 2017 and H2 2017 added to the value of the total requests entry of the “Search Warrants” and “Subpoena” rows for the United States for H1 2017 and H2 2017.

[2] The sum of the value of the user/accounts specified entry from the “Other Legal Requests” row for each country, multiplied by the corresponding percentage for H1 2017 and H2 2017 added to the value of the total requests entry of the “Search Warrants” and “Subpoena” rows for the United States for H1 2017 and H2 2017.

[3] Value of the total entry from the “Wiretap orders” row multiplied by the percentage specified in the corresponding percentage column plus the corresponding value calculated for the “Pen Register Orders” row for H1 of 2017 added to the same value calculated for H2 of 2017.

[4] Value of the user/accounts specified entry from the “Wiretap orders” row multiplied by the percentage specified in the corresponding percentage column plus the corresponding value calculated for the “Pen Register Orders” row for H1 of 2017 added to the same value calculated for H2 of 2017.

[5] Value of the “Total data requests” column multiplied by the percentage specified in the “Percent requests where some data produced” column for H1 of 2017 added to the same value calculated for H2 of 2017.

[6] Value of the “Total users/accounts requests” column multiplied by the percentage specified in the “Percent requests where some data produced” column for H1 of 2017 added to the same value calculated for H2 of 2017.

[7] Value of the “Court Order (18 USC 2703(d))” column multiplied by the percentage specified in the “Court Order (18 USC 2703(d) Percentage” column, added to the equivalent value for the “Pen Register/Trap and Trace” columns, added to the equivalent value for the “Title III” columns for H1 of 2017 added to the same values calculated for H2 of 2017.

[8] Value of the “Court Order (18 USC 2703(d)) Accounts” column multiplied by the percentage specified in the “Court Order (18 USC 2703(d) Percentage” column, added to the equivalent value for the “Pen Register/Trap and Trace” columns, added to the equivalent value for the “Title III” columns for H1 of 2017 added to the same values calculated for H2 of 2017.

[9] The sum of the “law enforcement requests resulting in disclosure of content” plus “law enforcement requests resulting in disclosure of only subscriber/transactional (non-content) data” for H1 2017 added to the same figure for H2 2017.

[10] Estimated as follows: The sum of the “law enforcement requests resulting in disclosure of content” plus “law enforcement requests resulting in disclosure of only subscriber/transactional (non-content) data” divided by total number of law enforcement requests received. This proportion multiplied by the “accounts/users specified in requests” figure. The result of calculation of this ratio for H1 2017 and H2 2017 are added together.

[11] The sum of “Law enforcement requests resulting in disclosure of content” for H1 2017 and H2 2017.

 

 

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site you are accepting the use of cookies in accordance with our privacy policy.
Privacy Policy Accept