Friday, February 10, 2006

Suicides, ISPs and IP addresses, online forums, social networking, email privacy, "anonymity vs liability" again, Japan, and euthanasia

Now here's a really fascinating issue. I was reminded of it today by Michael Williams' blog, although I remember reading about it last year, probably on SlashDot. The article linked to is this one, and it says:

A total of 91 people committed suicide in 34 Internet-related incidents across Japan last year, but police managed to prevent several potential victims from killing themselves by cooperating with Internet service providers, it has been learned.

Police began cooperating with Internet service providers in October last year, based on guidelines created by an organization on Oct. 5.

Under the cooperation system, Internet providers hand the names and addresses of people who post suicide-related messages on the Internet in emergencies.

Two of the 14 people police managed to contact were in the process of committing suicide at the time of their discovery, but they were taken to hospital and survived. Nine others were persuaded not to commit suicide. The remaining three did not actually intend to commit suicide.


This is actually saving lives! Neat, huh?

Now, all they say is that this system finds "people who post suicide-related messages on the internet", which implies forums, message boards, and so on. Remember that forums and message boards are NOT private. A good samaritan - it could be anyone, like a search engine, the forum owners, or even anyone with a web-crawling program, like Amazon - just reads non-private things posted online, and alerted the police. So far, no privacy problems.

But how do the police find out what actual person posted those messages? Here's where things get tricky.

Say "suicideboy1982" posts about killing himself. The person writing the post probably feels safe that no one will find out that HE is "suicideboy1982". The people with access to that kind of information will keep it private, right?

The log files on the forum host's computer can say what IP address posted what message and when. And the ISP can say who was accessing the internet from that IP address at that time.

The IP information in the log files may or may not be private. Depends on the forum's privacy policy. For the record, if you ask me to look at my site's log files to ask me what IP address accessed what and when, I'd be happy to tell you (because nowhere on my site do I specify or imply that your access to my site is private. There are hosting companies that take the same approach, so that they are not liable for stuff hosted there, like illegal MP3s or whatever - they just say "IP address so-and-so did it"). Some online forums even automatically write, under each post, the IP address from which the request came that generated the post (in other words, the IP address that supply the information you supply when you click on "Submit"). On the other hand, some social networking services make a big deal about NOT handing over IP addresses without a court order, subpoena, or other justice / law enforcement communication. So if someone writes me a mean note on my orkut page, the orkut people will NOT tell you the IP address behind that message, unless a court tells them to (because, say, the note is defaming you) or unless a police investigation asks them to (because, say, the note is threatening you). I know because I used to be one of those orkut people.

People broadcast an IP address when they do anything online. While some people think that this IP address is private and will not be revealed to people who ask "Who did THIS?", these people are usually wrong.

Now, going from IP address to individual person is currently a little trickier, usually. For that, you need the ISP's help, because the ISP is the one who assigns IP addresses to different computers. The "ISP" is AOL, Comcast, SBC, a university, a workplace, whoever gives the user his internet access. Most ISP's privacy policies usually specify that they will not reveal who used what IP address at what time, unless told to reveal it under subpoena, court order, etc. This has come into play recently when the RIAA went after people who downloaded songs illegally. All the RIAA knew is that certain IP addresses shared certain copyrighted songs. The ISP sometimes "gave up" the culprit (i.e. revealed what person was using that IP address at the time), and sometimes refused to snitch on its users. So the knowledge that YOU were the person using a certain IP address is usually private, actually, thanks to the privacy policies in the ISPs' contracts. This may not protect you if you do something illegal or just really bad, though (there's that "liability vs anonimity" thing I talked about earlier), or if your ISP decides to no longer consider your IP address private and changes the privacy policy in the contract.

So, back to where we started... These Japanese ISPs are revealing to the police who used what IP address when, if the police says that it's to stop a suicide. And it's working! Are these ISPs violating the user's privacy? Depends on what they specify on the Privacy Policy part of the contract. But even if they DO specify that the identity of users of IP addresses would not be revealed except under court order, in which case this IS an invasion of privacy... I still think it's OK. I mean, it's like an ambulance breaking the speed limit to save a life. It might be almost-illegal, it might be inconvenient to lots of people, but it's for a good reason. The article mentioned that, out of 14 people contacted by the police from this kind of monitoring, three were NOT about to commit suicide. I can imagine those three might initially have felt mad, betrayed by their ISP, whatever. But they feel that way due to the harmless error of a process, a process that is saving lives. Being annoyed at this for too long would be like being annoyed that you have to pull over when an ambulance goes by.

Michael, who posted about this on his blog, says:

I don't think there's any legal privacy issue if a private company decides to monitor the traffic that goes through its servers.


In general, I agree. But here's an interesting question: What if it were email? I mean, in this case, public posts are being monitored, but what if it were email (the one thing in the online world I agree always is and should be super-private)? Someone reading my email without my permission is not really different from someone stealing my snail-mail or going through my closets and drawers without my permission. Does a company have the right to "monitor" my email just because it goes through their servers? Depends on what "monitor" means.

I agree with Michael that a company should have the right to monitor what goes through their servers. But with email you have to be careful. Does my landlord have the right to open my mail because it is in "his" house? Does the post office have the right to read my letters? Well, they have the right to scan packages for bombs and anthrax, and I think they can X-ray international packages to make sure drugs (and expensive things not mentioned in the customs form) aren't being smuggled...

Thing is, though, the ISPs in this case aren't just monitoring the information, they're acting on it. That is also relevant to the question. Does a company have the right to act on stock tips that go through their servers? I don't think so.

Say these Japanese ISPs did set up a system where emails were monitored for suicide-related content. If the email is read by some automatic system that then determines "suicide probability: high, call police", this may be all right. That's not too different from Gmail computers reading your email to give you targeted ads. But I bet there would have to be a real person in there somewhere, who would actually READ the stuff to decide if he/she really ought to call the police. In other words, I doubt they'd just take the computer's word for it. And if they do this with people reading emails, then it might be a violation of privacy. Again, if it saves lives, it's probably all right, though.

Still, the article only talks about "posting messages", which are public anyways, so the email discussion is hypothetical. It's still an interesting one, though: WOULD it be all right to alert a human operator when one user's emails seem to contain many suicide-related words? To then allow the human operator to read the emails and to call the police?

Well, just as ISPs may reveal IP addresses when users break the law, in this case the invasion of privacy would probaby be justified if

a) suicide is illegal (which I think it actually is, at least in California, which has led people like Brian Copeland to say "And what is the punishment for committing THAT crime? DEATH?!")

b) preventing suicide is so important as to over-ride privacy concerns, Privacy Policy contracts, and possibly even privacy laws (like the ones about email).

Now, that last one is REAL tricky and goes a little beyond the scope of this blog. Do people have a right to commit suicide? Is it really "saving a life" if the person who owns that life doesn't want it anymore? Of course, as a society we have decided that much inconvenience is more than justified if it keeps a person from committing suicide, but this IS an interesting question. I personally think that euthanasia is ok. And if a suicidal person is PERSUADED not to commit suicide, then his life WAS saved. These questions are not terribly relevant to the privacy issues surrounding the screening of different kinds of online communication for suicide information, but it's tangentially related, in that this screening may or may not be justified.

As far as this blog is concerned, the question is: Am I OK with my ISP possibly revealing that I was the person behind my IP address, just because someone (or some computer) read some posts (or, say, some emails) and decided that, in their opinion, I was probably going to commit suicide? Personally, I'm ok with that - I don't really do anything online where it is important that my real identity NOT be easy to connect to my IP address (well, I do download the occasional illegal song or video, but I'm ok other than that).

Most of this blog is about users being aware of the privacy policy. In this case, though, an ISP may have to violate the Privacy Policy in order to lead police to the address where a suicide-related communication originated. I say it's ok because it's saving a life. The fact that suicide is illegal also helps. But I can see that some people may disagree, and in this case, they may have a point.

Still, this whole thing is just another reminder that, when you're online, you should not do thing you'd be ashamed of later. The internet is almost ALWAS less private than you think... even when you DO read the Privacy Policy...

Sunday, February 05, 2006

In Soviet Russia, Google searches YOU!

I like this article:

I really don’t think the average internet browsing person has a concept of what concerns about privacy they should have, and what they are led to worry about senselessly.

...

I stumbled across yet another article about privacy called “You Search Google, Google Searches You”. Throughout the article, the author, Andy Dornan, feeds readers with an extra dose of suspicious obsession with statements like “pretend privacy” and “advertisers manipulate you into giving them money”.

...

Yet Dornan goes on to say “…Google’s privacy policy admits that it does log traffic…”. He fails to embody the entire policy regarding logs they collect.

...

Is there a difference? Is there a difference between your newspaper being dropped at your front door (the same front door as every member of your household) because you signed up to receive it, and someone monitoring everything you read, who reads it, when each person reads it, what was most interesting to each individual, and then attaching that to your name, phone number, social security number, and birth date for sale and publication?

The privacy dogmatists (or whiners) would have you believe that you are being tracked on a very granular level and that the companies tracking you have an obsessive interest in you as an individual. For some reason, companies like Google want to know more about you – they want to know you inside and out – they want to know things that only you know about yourself and they want to put a name and a face to that, and use it to your disadvantage. This is a very naïve and amateurish viewpoint, but it is something that human nature would lead us to easily believe. Just as it makes us want to believe that we can be abducted by aliens, that we never went to the moon, that JFK was shot by a dozen or so people, and that there is a poltergeist in our kitchen.

...

The fact is that Google doesn’t care about you. Nor do their advertisers. Their software doesn’t even care who you are. They care only about what is in your wallet, and their optimization engines only care that it is delivering advertising to the desktop that you are on with the possibility of it being slightly more affective because it is related to something that someone on that computer has viewed in the past. No one – not even Google – gives a damn who you are until it comes time to type your Billing Name and Address for a purchase, and even then their only interest in the information is to, oh my gosh, complete the transaction and make money. There is no Google Empire collecting information on citizens to have the world come to an evil end under their control. They just want to be the best advertiser in an industry where costs per millions of impressions has dropped into the pennies.

Dornan’s comment that “I’d rather get a thousand spams for breast enlargement and interest-only mortgages than one carefully tailored sales pitch that might work” is absolutely ridiculous. Why would you rather get breast enlargement advertising than something in which you might actually be interested?


Well said.

Saturday, February 04, 2006

Search queries are not private. Get over it.

So you think Google would have violated your privacy by revealing some large number of random search queries to the Justice Department?

Well, do you think that Google Zeitgeist violates your privacy?

No, you don't.

And neither does Google:

We may share aggregated non-personal information with third parties outside of Google.

What is aggregated non-personal information?

"Aggregate non-personal information" is information that is recorded about users and collected into groups so that it no longer reflects or references an individually identifiable user.


So, end of story, right?

Not quite. Google's own lawyers have admitted that one can envision scenarios where queries alone could reveal identifying information about a specific Google user. In fact, Google suggests you google your Social Security number, your credit card numbers, etc, to see if they appear on the web. And who does not Google him/herself once in a while? I definitely want to see what comes up in a Gogle search for my name! (I am happy to report that, except for some embarassing song parodies I wrote at a young age, nothing too embarassing comes up).

However, people cannot complain when Google hands that information over, under a court order or subpoena. Google's Privacy Policy explicitly says


When you use Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

When you visit Google, we send one or more cookies - a small file containing a string of characters - to your computer that uniquely identifies your browser. We use cookies to improve the quality of our service by storing user preferences and tracking user trends, such as how people search. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Google features and services may not function properly if your cookies are disabled.

Google may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our search technology, customized content and advertising.

Google does comply with valid legal process, such as search warrants, court orders, or subpoenas seeking personal information. These same processes apply to all law-abiding companies. As has always been the case, the primary protections you have against intrusions by the government are the laws that apply to where you live.


They're perfectly transparent about all this.

Besides, this information (unlike, say, email) is NOT considered private under the Electronics Communications Privacy Act, if you want to get legal about it.

Some people think that search is private. Some people think that, when you search for something on Google, you have the right for that information (the fact you searched for something, and then went on to check out some of the search results) to never be revealed to anyone.

I don't know where those people got this delusional idea. They wouldn't have, if they read the Privacy Policy. Or if they just used common sense and knew about how user logs work (by which I mean, every site you vist - even my little photography site - knows your IP address, knows what link you followed to get there (i.e. what other site you came from), knows what Google query you made when you found the site, and knows what you typed in to the web forms on the site, such as a "search" box. Do people not know this? Everyone could learn a little something from being a webmaster. But it's not like engineers and physicists are the only ones who expect SUVs to tip over. Use some common sense, people).

SOME information really IS private, though, like your name, email address, credit card information, and other info you may give to Google in the course of signing up for services, as well as information we know to be related to confidential medical information, racial or ethnic origins, political or religious beliefs or sexuality. About THAT kind of information, Google sez:

When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.

If we propose to use personal information for any purposes other than those described in this Policy and/or in the specific service notices, we will offer you an effective way to opt out of the use of personal information for those other purposes. We will not collect or use sensitive information for purposes other than those described in this Policy and/or in the specific service notices, unless we have obtained your prior consent.

You can decline to submit personal information to any of our services, in which case Google may not be able to provide those services to you.

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

- We have your consent. We require opt-in consent for the sharing of any sensitive personal information.

- We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.

- We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.


So, again, you don't have to worry about TRULY private information, any more than you do when you allow a law-abiding company to become aware of this information. Search queries and links visited, though, are NOT truly private. They never were, and Google has always said they weren't. Heck, Google displays a scrolling, streaming list of Google search queries on a projector screen on each lobby of each building! (It only updates about once a second, so there is less than 1% chance that any given query will appear, but still, it's possible that you search for something "personal" and have that be projected on a screen in the lobbies of the Google buildings for several seconds... Or be shown on similar lists on websites that do the same thing).

So all you crazy people worried about the subpoena can just learn to accept this. Sheesh.

Coming up next: Why it's OK for software to send information about your actions to a central server (as long as they're clear about this). Stay tuned.