Meta and TikTok complied with 3654 of 4517 requests for user data from Australian authorities relating to 5338 accounts last year.
The statistics are included in the platforms’ latest biannual transparency reports.
Google and Microsoft are yet to release their July to December 2022 report on government information requests; in April Twitter said it had stopped publishing country-specific statistics on the requests.
Neither Meta nor TikTok’s report discloses the origins of the requests, but some authorities reveal examples and/or the number of times a requesting entity obtained end-user information.
Entities included the Australian Federal Police (AFP), eSafety Commissioner and courts.
In Australia, during 2022 Meta complied with 3563 of 4293 requests relating to 5109 users, including 179 legal requests and 16 emergency requests.
TikTok complied with 91 of 224 requests relating to 229 users, including 179 legal requests and 277 emergency requests.
Emergency requests are informal requests for foreign companies’ data that do not have to be processed through Mutual Legal Assistance Treaties (MLATs).
When the CLOUD Act treaty is ratified, formal requests for data will be able to be approved by US-based companies without going through the MLAT process when it relates to serious crimes like ransomware attacks.
TikTok said in its report that it attributed the rise in requests “to overall platform growth and investments made in familiarising law enforcement with our…guidelines and processes.”
Who’s asking?
Unlike telecommunications interception powers, there is no central register of which authorities make the requests for end-user information to social media platforms and what crimes they are used to investigate.
According to the eSafety Commissioner’s 2021-2022 annual reports, it sought end-user identity information or contact details four times during the period as part of investigations into crimes involving non-consensually shared images.
However, in her annual reports on actions taken against service providers, the Commissioner does not break the statistics down into companies.
The AFP’s account-takeover powers were used twice to investigate child abuse during the 2021-22 financial year, according to its annual report.
Thirty (30) technical assistance requests were sent to industry during the 2021-2022 period, including four from the Australian Criminal Intelligence Commission, two from the AFP, three from Victoria Police and 21 from NSW Police.
What data is released?
As highlighted by a recent, highly publicised case in Nebraska, Meta has a long-running history of providing law enforcement with the content of messages.
Currently, only Meta’s WhatsApp service uses end-to-end encryption by default, but, to the frustration of the eSafety Commissioner, it intends to roll encryption out to Instagram, Messenger and Facebook by the end of 2023. TikTok does not use end-to-end encryption.
According to Meta’s transparency report, when asked to assist law enforcement, “Meta may produce: basic subscriber information: such as name, length of service, payment information, email addresses, and recent login/logout IP addresses”
As well as, “the stored contents of an account: Such as messages, photos, videos, timeline posts, and location information.”