According to Facebook’s first global government requests report, Indian authorities made the second largest number of requests of any country.
In the first six months of 2013, Indian authorities
Facebook claims to have strict guidelines and stringent processes in place to deal with all government data requests
In contrast the UK government made 2,337 requests, France 1,598, Brazil 857 and Australia 601. See the full list of global government requests here.
Governments make requests for account information in official investigations with most related to criminal cases, such as robberies or kidnappings.
In most of the cases, government requests seek basic subscriber information, IP address logs or actual account content. “We believe that while governments have an important responsibility to keep people safe, it is possible to do so while also being transparent,” said Colin Stretch, Facebook General Counsel.
Facebook said it complied with only 50% of the Indian government's data requests in the first half of 2013. It complied with 68% from the UK, France 39%, Brazil 33% and Australia 64%.
Manatosh Das, security analyst at Forrester Research, said these reports should reveal the authorities behind the requests and not just the country. “It’s very critical to know the authenticity of these authorities,” he said.
Facebook claims to have strict guidelines and stringent processes in place to deal with all government data requests and hopes to provide more information about the requests they receive from law enforcement authorities.
More on data requests
But Das said there are serious data protection risks associated with passing data to governments because they might not protect it adequately. “The data, once shipped to the authorities, is at their discretion. Most of the government authorities don’t have defined process of data handling. The data both in electronic and paper formats are handled by authorities without appropriate security controls,” he said.
“There is no mechanism in place that ensures the user data will not be misused by the requester and there is very low probability that these authorities have Information Security Policy in place. Moreover, the people who are handling the user data at these authorities can also become source for data leakage.”