As with other technology companies, the number of requests for Twitter users' data from governments worldwide has continued to rise, it reported Thursday in a report showing that it complies with requests from U.S. authorities about 70 percent of the time.
The number of government requests for user account information increased by 22 percent overall during the latter half of 2013, to 1,410 total requests, Twitter reported in its fourth biannual transparency report. The majority of the requests, at 59 percent, came from the U.S., with Japan ranking a distant second at 15 percent.
However, unlike other technology companies, Twitter does not include requests for data related to U.S. national security because of the government's requirement that such information be provided only in vague terms.
Last week, an agreement was reached between the U.S. Department of Justice and technology companies to allow them to say more about national security-related data requests they receive. Twitter was not a party to that agreement, made in the wake of disclosures around government surveillance leaked by former National Security Agency contractor Edward Snowden.
Twitter does not say anything about the numbers of national security-related orders it receives, if any. The company says it is taking this route because of the restrictions put in place by the DOJ. As it stands now, companies are allowed to break out data requests coming from the Foreign Intelligence Surveillance (FISA) Court versus national security letters (NSLs), but only in ranges of 1,000.
"Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency," said Jeremy Kessel, Twitter's manager of global legal policy, on Thursday.
But that hasn't stopped Google, Facebook and Microsoft from saying more. On Monday, Microsoft made a surprising disclosure when it said that for the first half of 2013, it received between 0 and 999 FISA orders seeking user content.
For the requests that Twitter does disclose, which usually involve criminal law enforcement, the company often complies in the U.S., providing some users' information nearly 70 percent of the time during the latter half of 2013, a compliance rate that has stayed roughly the same since at least 2012, when Twitter first started releasing its transparency reports.
In Japan, Twitter's compliance rate has been below 25 percent since 2012.
Twitter does give some reasons for why it may not comply with requests. "We do not comply with requests that fail to identify a Twitter account," the company says on its website. Twitter also says it seeks to narrow requests that are overly broad.
The company says it notifies users of requests for their account information, unless it is prohibited by statute or court order.
But if Twitter complies nearly 70 percent of the time for the U.S. government requests it discloses, that also means Twitter does not comply more than 30 percent of the time. That's actually a high rate and shows that Twitter is doing a good job in how it handles certain types of government data requests, said Parker Higgins, an activist at the Electronic Frontier Foundation who specializes in freedom of speech.
Each year EFF releases its "Who Has Your Back" report, which grades companies' data protection practices based on whether they require a warrant for content, or publish law enforcement guidelines, among other factors. Last year, Twitter ranked among the top performers in the survey, tying with Sonic.net, an Internet service provider.
The real mystery might be Twitter's policies around how long it holds on to users' data, which may include IP address records, Higgins said. The EFF advocates for "data minimization procedures," to limit the amount of potentially sensitive user data that companies might hold on to. Often companies don't review their policies in this area as much as they should, he said.
Twitter did not reply to a request for comment about its report.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.