By Andy Sullivan
When Google Inc.'s 19 million daily users look up a long-lost
classmate, send e-mail or bounce around the Web more quickly with its
new Web Accelerator, records of that activity don't go away.
In an era of increased government surveillance, privacy watchdogs
worry that Google's vast archive of Internet activity could prove a
tempting target for abuse.
Like many other online businesses, Google (Nasdaq:GOOG - news) tracks
how its search engine and other services are used, and who uses
them. Unlike many other businesses, Google holds onto that information
for years.
Some privacy experts who otherwise give Google high marks say the
company's records could become a handy data bank for government
investigators who rely on business records to circumvent Watergate-era
laws that limit their own ability to track U.S. residents.
At a time when libraries delete lending records as soon as a book is
returned, Google should purge its records after a certain point to
protect users, they say.
"What if someone comes up to them and says, 'We want to know whenever
this key word comes up'? All the capability is there and it becomes a
one-stop shopping center for all these kinds of things," said Lauren
Weinstein, an engineer who co-founded People for Internet
Responsibility, a forum for online issues.
Google officials say their extensive log files help them improve
service, fight fraud and develop new products, and unlike many other
online companies, it seems willing to pay for the enormous storage
capacity needed to save the data.
"If it's useful, we'll hold on to it," said Nicole Wong, a Google
associate general counsel.
Google complies with law-enforcement investigations, Wong said. She
declined to comment on the frequency or scope of those requests.
From the ground up, Google designs its offerings to minimally impact
user privacy, Wong said. Google doesn't share the information it
collects from visitors with outside marketers. Employees must get
executive approval before they examine traffic data, she said.
Google logs the numerical IP address of each computer that visits many
of its sites, and deposits small bits of code known as "cookies" on
users' machines to automatically remember preferences like which
language they use, she said. Users can reject cookies if they wish,
but some services like Gmail, Google's e-mail, will not work without
them.
It's difficult to tie cookies and IP addresses to a particular person,
Wong said. The IP address of a computer can change every time it signs
on to the Internet, and different services use different cookies so
the company doesn't know, for example, that a particular Gmail user
has visited the Web site of an abortion providers.
POLICIES COULD CHANGE
But absent regulation, there's nothing to prevent Google from linking
together those cookies in the future, said Chris Hoofnagle, who heads
the West Coast office of the Electronic Privacy Information Center.
"Events can change corporate culture, and those who use the Google
service may experience a shift in the definition of 'evil,"' Hoofnagle
said, referring to the company's "Don't be evil" motto.
Rivals like Yahoo Inc. and Internet service providers such as Time
Warner Inc.'s America Online also track user activity. But ISPs
generally don't hold onto such information for more than a month
because storage costs and privacy concerns can mount quickly, said
Stewart Baker, a Washington lawyer who has represented ISPs in
law-enforcement matters.
"If you don't have a reason to keep a bunch of data around, it's
probably prudent to get rid of it," he said.
Yahoo declined to say how long it holds on to its log files.
Google's generous mail service creates risks as well. While AOL purges
customer e-mail from its servers after 28 days unless users specify
otherwise, Gmail encourages users to hold onto their messages
indefinitely.
Most people don't know that a 1986 law gives less protection from
government searches to messages more than six months old, said Ari
Schwartz, an associate director at the Center for Democracy and
Technology.
"That doesn't mean that Google needs to change its technology, but
they do need to do some consumer education," he said.
Even when a user deletes a message it may remain on company servers,
according to the Gmail privacy policy.
Some don't see Google's long memory as a bad thing.
"You wouldn't want them to throw away all the queries that have been
done -- that's like throwing away history," said Danny Sullivan,
editor of the trade publication Search Engine Watch.
Weinstein doesn't think so.
"There's really no good reason to hold onto that information for more
than a few months," he said. "They seem to think that because their
motives are pure that everything is OK and they can operate on a trust
basis. History tells us that is not the case."
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.
[TELECOM Digest Editor's Note: Lauren Weinstein, quoted in the Reuters
news item above has been a long time netter. He was a founding, or
charter subsriber to Telecom Digest back in 1981. Although many times
he makes good sense in what he says, there have been times I felt he
was unduly concerned with some obscure privacy issues. I have read
some of his postings here, also in RISKS and elsewhere and wondered if
he really felt some of the concerns expressed were realistic or not.
His things make good reading, to be sure, but how _real_ are a lot of
his concerns? PAT]