Singapore Law Watch

Singapore Law Watch.

Title: Police sought Google user info
Source: Straits Times
Author: Chua Hian Hou

Legal News Archive

SINGAPORE police and other law enforcement agencies have, over several occasions last year, asked Internet search giant Google to surrender information on its users.

Although Google refused to say what information was requested, The Straits Times understands that it could include what a user was looking for, when and where he used a Google service like Blogger, and even the contents of his Gmail account.

So far, police have asked for information on 62 Internet users, over a six-month period between July and December 2009.

Google disclosed this on a new website,, on Wednesday.

On the official Google blog, the company’s chief legal officer David Drummond said it ‘regularly receives requests from law enforcement agencies to hand over private user data… The vast majority of these requests are valid, and the information needed is for legitimate criminal investigations’.

Police spokesman Tham Yee Lin would say only that information obtained during police investigations is confidential.

Google spokesman Dickson Seow declined to elaborate on the specifics of Singapore’s requests. He said the company has always tried to protect its users’ privacy and therefore does not automatically comply with every such request. He added that whether it complies, and the extent to which it does, depends on the specifics of the case.

But lawyer Bryan Tan, who specialises in technology-related issues, said that companies like Google have to comply so long as the requesting party has the right to such information.

For instance, in pursuing an online scam, the police can ask Google for details of the alleged scammer’s Google profile, so that they can get clues to the perpetrator’s identity. Such requests are unlikely to meet much resistance, said Mr Tan.

A total of 40 countries had requested information about its users, said Google.

Law enforcement officials from Brazil, where Google’s Orkut social networking site is very popular, topped the list with 3,663 requests, ahead of the United States (3,580), the United Kingdom (1,166) and India (1,061).

But there was a noticeable absence in its list: China. By way of explanation, Google said ‘Chinese officials consider censorship demands as state secrets, so we cannot disclose that information at this time’.

Besides requests for user data, the world’s most popular search engine – which also owns the YouTube video-streaming service, the Blogger weblog host, Google Maps and Street View virtual maps – received a number of requests to remove content on its sites over the same period.

‘Many of these requests are entirely legitimate, such as requests for the removal of child pornography,’ said Mr Drummond.

Some requests, though, may be over civil complaints, said Mr Seow.

Examples include a band asking Google to remove a YouTube video which made use of its songs without permission, or an allegedly defamatory blog posting. There were fewer than 10 such requests; it complied with just half, Google said.


Accountability for electronic surveillance by government agencies

From slight paranoia. Only happens in the US, of course – I mean the public reporting of real-time wiretaps by law enforcement agencies.

If you were to believe the public surveillance statistics, you might come away with the idea that government surveillance is exceedingly rare in the United States.

Every year, the US Courts produce the wiretap report which details every ‘intercept’ order requested by Federal, state and local law enforcement agencies during that year. Before the police, FBI, DEA or other law enforcement agents can tap a phone, intercept an Internet connection, or place a covert bug into a suspect’s home, they must obtain one of these orders, which law professor and blogger Orin Kerr describes as a “super warrant,” due to the number of steps the government must go through in order to obtain one.
However, while there are many ways the government can monitor an individual, very few of these methods require an intercept order.

In general, intercept orders are required to monitor the contents of real time communications. Non-content information, such as the To/From and Subject lines for email messages, URLs of pages viewed (which includes search terms), and telephone numbers dialed can all be obtained with a pen register/trap & trace order.

While wiretaps require a “superwarrant” which must be evaluated and approved by a judge following strict rules, government attorneys can obtain pen register orders by merely certifying that the information likely to be obtained is relevant to an ongoing criminal investigation — a far lower evidentiary threshold.
The reporting requirements for intercepts and pen registers only apply to the surveillance of live communications. However, communications or customer records that are in storage by third parties, such as email messages, photos or other files maintained in the cloud by services like Google, Microsoft, Yahoo Facebook and MySpace are routinely disclosed to law enforcement, and there is no legal requirement that statistics on these kinds of requests be compiled or published.

Der Spiegel on privacy

Tagging two articles from Der Spiegel until I can get round to commenting on them. First on how the growing use of technology has given companies and governments the ability to spy on and even remotely erase private documents stored on individuals’ electronic devices. Second on the US government’s demands to be given the right to spy on Europeans’ financial transactions.,1518,637640,00.html,1518,638509,00.html

Data Protection in Singapore

In a reply to a question in parliament last month, Minister for Information, Communication and the Arts Lee Boon Yang said that the government was studying the introduction of data protection legislation, but this was a “complex issue” and the “review will take some time.” (Follow links for Straits Times report and extract from Hansard.)

As it turns out, the government really has been reviewing Privacy (sometimes known as Data Protection) legislation in Singapore for a v..e..r..y long time – 20 years in fact. Way back in 1989/90, the Singapore Academy of Law sub-committee on Technology and Law recommended that Singapore adopt Data Protection legislation modelled after that in Europe, Japan and other developed countries. Newspaper reports here. A summary of the sub-committee’s report is here while the full Working Paper is here (long). 

Obviously, no Privacy Laws were adopted, though the issue has bubbled back up to the surface several times. For example in 2002, then again in 2006, when Lee Boon Yang said that an inter-Ministerial committee had been formed and would make its recommendations in the middle of that year.