In this case, we have an emergency process. There are good reasons to have that process, if someone is threatening violence to themselves on social media, it’s useful for the tech company to share some information with law enforcement so they can be reached. But, having the ability to get that kind of response from tech companies is also an invitation to hackers. If they can create a fake emergency request they can collect personal information about any user. They can then use that information to target that individual.
When you create that kind of system, the request needs to be coming from a safe, verified, source. When the source is compromised, and the receiver doesn’t have an excellent validation process, bad things are going to happen.
Because when you have that kind of data, people will try and do bad things with it.