Saturday, February 04, 2006

Search queries are not private. Get over it.

So you think Google would have violated your privacy by revealing some large number of random search queries to the Justice Department?

Well, do you think that Google Zeitgeist violates your privacy?

No, you don't.

And neither does Google:

We may share aggregated non-personal information with third parties outside of Google.

What is aggregated non-personal information?

"Aggregate non-personal information" is information that is recorded about users and collected into groups so that it no longer reflects or references an individually identifiable user.

So, end of story, right?

Not quite. Google's own lawyers have admitted that one can envision scenarios where queries alone could reveal identifying information about a specific Google user. In fact, Google suggests you google your Social Security number, your credit card numbers, etc, to see if they appear on the web. And who does not Google him/herself once in a while? I definitely want to see what comes up in a Gogle search for my name! (I am happy to report that, except for some embarassing song parodies I wrote at a young age, nothing too embarassing comes up).

However, people cannot complain when Google hands that information over, under a court order or subpoena. Google's Privacy Policy explicitly says

When you use Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

When you visit Google, we send one or more cookies - a small file containing a string of characters - to your computer that uniquely identifies your browser. We use cookies to improve the quality of our service by storing user preferences and tracking user trends, such as how people search. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Google features and services may not function properly if your cookies are disabled.

Google may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our search technology, customized content and advertising.

Google does comply with valid legal process, such as search warrants, court orders, or subpoenas seeking personal information. These same processes apply to all law-abiding companies. As has always been the case, the primary protections you have against intrusions by the government are the laws that apply to where you live.

They're perfectly transparent about all this.

Besides, this information (unlike, say, email) is NOT considered private under the Electronics Communications Privacy Act, if you want to get legal about it.

Some people think that search is private. Some people think that, when you search for something on Google, you have the right for that information (the fact you searched for something, and then went on to check out some of the search results) to never be revealed to anyone.

I don't know where those people got this delusional idea. They wouldn't have, if they read the Privacy Policy. Or if they just used common sense and knew about how user logs work (by which I mean, every site you vist - even my little photography site - knows your IP address, knows what link you followed to get there (i.e. what other site you came from), knows what Google query you made when you found the site, and knows what you typed in to the web forms on the site, such as a "search" box. Do people not know this? Everyone could learn a little something from being a webmaster. But it's not like engineers and physicists are the only ones who expect SUVs to tip over. Use some common sense, people).

SOME information really IS private, though, like your name, email address, credit card information, and other info you may give to Google in the course of signing up for services, as well as information we know to be related to confidential medical information, racial or ethnic origins, political or religious beliefs or sexuality. About THAT kind of information, Google sez:

When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.

If we propose to use personal information for any purposes other than those described in this Policy and/or in the specific service notices, we will offer you an effective way to opt out of the use of personal information for those other purposes. We will not collect or use sensitive information for purposes other than those described in this Policy and/or in the specific service notices, unless we have obtained your prior consent.

You can decline to submit personal information to any of our services, in which case Google may not be able to provide those services to you.

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

- We have your consent. We require opt-in consent for the sharing of any sensitive personal information.

- We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.

- We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

So, again, you don't have to worry about TRULY private information, any more than you do when you allow a law-abiding company to become aware of this information. Search queries and links visited, though, are NOT truly private. They never were, and Google has always said they weren't. Heck, Google displays a scrolling, streaming list of Google search queries on a projector screen on each lobby of each building! (It only updates about once a second, so there is less than 1% chance that any given query will appear, but still, it's possible that you search for something "personal" and have that be projected on a screen in the lobbies of the Google buildings for several seconds... Or be shown on similar lists on websites that do the same thing).

So all you crazy people worried about the subpoena can just learn to accept this. Sheesh.

Coming up next: Why it's OK for software to send information about your actions to a central server (as long as they're clear about this). Stay tuned.


Post a Comment

<< Home