A blogger set the Internet into a panic over privacy earlier this month. She claimed she was visited by a joint terrorism task force as a result of her online search for a “pressure cooker” and “backpack” in the wake of April’s Boston Marathon bombing. The FBI denied involvement and local law enforcement eventually offered a much less sensational explanation – but the question remains: what is our realistic expectation of privacy online?
Michele Catalano is a freelance writer who has written for Forbes and in this most recent instance for Medium, a well-funded start-up blogging site. She hastily posted her account of a visit from six agents of a purported joint terrorism task force who searched her home and questioned her husband on topics that seemed to relate to their recent Google searches. The story spread instantly over Twitter and was picked up by several media outlets.
Ultimately Suffolk County Police Department claimed responsibility. They’d received a tip from a computer company about a former employee, Catalano’s husband, conducting suspicious searches from his work computer. After interviewing the company representatives, the local police then visited the husband at home to follow up, ultimately determining the concerns were unfounded.
While circumstances of the story may not be remarkable, the speed with which it spread is. It shows the resonance of surveillance stories in a world after Edward Snowden and his whistleblowing report on the NSA. The account seemed to give credence to the fear that everyone is being watched.
Even if the government had the resources to audit each person’s search history, that data wouldn’t be freely surrendered by Google. Google and other Internet search providers are protected by a federal statute called the Electronic Communications Privacy Act (ECPA). The ECPA regulates when and how a government agency, like the FBI or local police, can compel companies like Google to disclose information about their users. It requires a requesting agency to provide legal documents – such as a subpoena, court order, or search warrant – to force Google to disclose the information, like search histories or email messages.
These hurdles don’t necessarily stop the government from asking for—or getting—the information. According to Google’s annual Transparency Report, the company received nearly 8,500 requests for user data from law enforcement agencies in the United States in 2012 alone – at least 4 times as many as the nation with the next highest requests tracked. In 88% of those instances, Google released at least some information requested.
It’s probably also worth mentioning: law enforcement agencies don’t always have to run to Google every time they want to spy on someone online. Any time a user fails to use an encrypted (https) connection for its online activity, its search history and personal data are vulnerable to surveillance – by identity thieves and government agents alike.
The lesson here? It’s probably safe to assume the government isn’t watching your every move. But it’s wise to assume they could.