United States Legal Process FAQs

What types of legal requests does Google receive from US government agencies?

By far the most common is the subpoena, followed by search warrants. A federal statute called the Electronic Communications Privacy Act (ECPA), regulates how a government agency can use these types of legal processes to compel companies like Google to disclose information about users. This law was passed in 1986, before the web as we know it today even existed. It has failed to keep pace with how people use the Internet today. That's why we've been working with many advocacy groups and other companies to seek updates to this important law so it guarantees the level of privacy that you should reasonably expect when using our services.

What's the difference between a subpoena, a search warrant and a court order under ECPA? What information can a government agency get from Google with each?

It's complex, but here's a summary of the different forms of legal process covered by ECPA:

Subpoena

Of the three types of ECPA legal process for stored information, the subpoena has the lowest threshold for a government agency to obtain user information. In many jurisdictions, including the federal system, there is no requirement that a judge or magistrate review a subpoena before the government can issue it. A government agency can use a subpoena to compel Google to disclose only specific types of information listed in the statute. For example, a valid subpoena for your Gmail address could compel us to disclose the name that you listed when creating the account, and the IP addresses from which you created the account and signed in and signed out (with dates and times). Subpoenas can be used by the government in both criminal and civil cases.

On its face, ECPA seems to allow a government agency to compel a communications provider to disclose the content of certain types of emails and other content with a subpoena or an ECPA court order (described below). But Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure.

ECPA Court Order

Unlike an ECPA subpoena, obtaining an ECPA court order requires judicial review. To receive an ECPA court order, a government agency must present specific facts to a judge or magistrate demonstrating that the requested information is relevant and material to an ongoing criminal investigation.

With such a court order, a government agency can obtain the same information as a subpoena, plus more detailed information about the use of the account. This could include the IP address associated with a particular email sent from that account or used to change the account password (with dates and times), and the non-content portion of email headers such as the "from," "to" and "date" fields. An ECPA court order is available only for criminal investigations.

Search Warrant

The threshold is higher still for an ECPA search warrant. To obtain one, a government agency must make a request to a judge or magistrate and meet a relatively high burden of proof: demonstrating "probable cause" to believe that contraband or certain information related to a crime is presently in the specific place to be searched. A warrant must specify the place to be searched and the things being sought. It can be used to compel the disclosure of the same information as an ECPA subpoena or court order—but also a user's search query information and private content stored in a Google Account, such as Gmail messages, documents, photos and YouTube videos. An ECPA search warrant is available only in criminal investigations. The video below provides an overview of how we review and respond to ECPA search warrants.

Way of a Warrant

Way of a Warrant

How Google responds to U.S. search warrants, while working hard to protect our users' privacy and security. For more information, see our policies for how Google handles government requests for user information.

What are Wiretap, Pen Register and Trap and Trace Orders, and How Do They Differ from Other ECPA Legal Process?

Some US federal and local government agencies can ask courts to require companies to disclose user information in real-time. In contrast to subpoenas or search warrants, which are used to obtain information created in the past, these types of court orders look to collect information that doesn’t exist yet. They fall into two categories: wiretaps and pen register and trap and trace orders.

Wiretap

A wiretap order requires a company to hand over information that includes the content of communications in real-time. Of all the government requests that can be issued under ECPA, wiretap orders are the hardest to obtain. To satisfy legal requirements, a government agency must demonstrate that: a) someone is committing a crime listed in the Wiretap Act, b) the wiretap will collect information about that crime, and c) the crime involves the telephone number or account that will be tapped. The court must also find that ‘normal’ ways to investigate crime have failed (or probably would fail), or are too dangerous to attempt in the first place. There are limits on how long a wiretap can run and requirements to notify users who have been tapped.

Statistics about federal and state wiretaps are available here.

Pen Register, and Trap and Trace

A pen register or trap and trace order requires a company to hand over information about a user’s communications (excluding the content of communications themselves) in real-time. With such an order, a government can obtain “dialing, routing, addressing and signaling information.” This could include the numbers you dial on your phone to reach someone or an IP address issued by an ISP to a subscriber.

It’s easier for a government agency to get a pen register or trap and trace order than a wiretap order or search warrant. To obtain one, the requesting agent has to certify that information likely to be obtained will be “relevant to an ongoing criminal investigation.”