[Infowarrior] - Your Life as an Open Book

[Richard Forno]

August 12, 2006
Your Life as an Open Book
By TOM ZELLER Jr.
http://www.nytimes.com/2006/08/12/technology/12privacy.html?pagewanted=print

Privacy advocates and search industry watchers have long warned that the
vast and valuable stores of data collected by search engine companies could
be vulnerable to thieves, rogue employees, mishaps or even government
subpoenas.

Four major search companies were served with government subpoenas for their
search data last year, and now once again, privacy advocates can say, ³We
told you so.²

AOL¹s misstep last week in briefly posting some 19 million Internet search
queries made by more than 600,000 of its unwitting customers has reminded
many Americans that their private searches ‹ for solutions to debt or
bunions or loneliness ‹ are not entirely their own.

So, as one privacy group has asserted, is AOL¹s blunder likely to be the
search industry¹s ³Data Valdez,² like the 1989 Exxon oil spill that became
the rallying cry for the environmental movement?

Maybe. But in an era when powerful commercial and legal forces ally in favor
of holding on to data, and where the surrender of one¹s digital soul happens
almost imperceptibly, change is not likely to come swiftly.

Most of the major search engines like Google, Yahoo and MSN collect and
store information on what terms are searched, when they were queried and
what computer and browser was used. And to the extent that the information
can be used to match historic search behavior emanating from a specific
computer, it is a hot commodity.

As it stands now, little with regard to search queries is private. No laws
clearly place search requests off-limits to advertisers, law enforcement
agencies or academic researchers, beyond the terms that companies set
themselves.

³This is a discussion that we as a society need to have,² said Kevin
Bankston, a lawyer with the Electronic Frontier Foundation, a rights
organization based in San Francisco.

Mr. Bankston¹s group, which is spearheading a class-action lawsuit against
AT&T for sharing consumer phone records with the National Security Agency,
issued an alert this week calling the AOL incident a ³Data Valdez,²
asserting that it may be in violation of the Electronic Communications and
Privacy Act, which regulates some forms of online communications.

³I am very skeptical of any claims that the monetary worth of this
information to these companies is worth the privacy trade-off to millions of
people,² Mr. Bankston said.

That is not to say that marketers are not keenly interested in being able to
push ads to a particular computer based on the types of searches coming from
that address over time. For users who register as members with some search
engines, including Yahoo, this is already happening ‹ although consumers are
unlikely to realize it.

Which is why privacy advocates question whether such advertising models are
appropriate in the first place.

³In many contexts, consumers already have the expectation that information
about their cultural consumption will not be sold,² said Chris Jay
Hoofnagle, a senior researcher at Boalt Hall School of Law at the University
of California, Berkeley. ³They understand that the library items that they
check out, the specific television shows that they watch, the videos that
they rent are protected information.²

Indeed, legislation like the Cable TV Privacy Act of 1984 and the Video
Privacy Protection Act of 1988 were tailored to keep the specific choices
consumers make in their daily diet of cultural ephemera off limits.

There are exceptions: video ³genre preferences,² for instance, may be
disclosed for marketing purposes.

And of course, such fare as magazine subscription lists and club membership
information are bought and sold for marketing purposes all the time.

But how to characterize a search engine¹s vast catalog, not of what an
individual bought, rented or subscribed to, but merely what he or she was
curious about ‹ perhaps only for a moment in time ‹ for reasons that are
impossible to know?

That¹s one thing that the culture and the law need to address fully, Mr.
Hoofnagle suggested. And simply relying on the terms of service posted by
Internet companies to sort things out, he said, is not enough.

³The problem with the consent model is that users don¹t read the terms and
it¹s hard to comprehend what the effect of storing the data over time will
be,² Mr. Hoofnagle said. ³And there¹s a corresponding promise that the
company will protect the data,² he added, ³and sometimes, obviously, those
promises are broken.²

Indeed, AOL¹s publication of user search data comes in a social context that
is newly sensitive about data leaks.

³Part of this conversation should be about the responsibility of companies
to maintain data securely,² said Mr. Hoofnagle, who was among several
privacy advocates who were critical of ChoicePoint, the large commercial
data broker, in the months before the disclosure in February last year that
criminals had foiled its screening protocols and gained access to consumer
information.

³The longer companies hold onto information, the greater the risk,² Mr.
Hoofnagle said.

The ChoicePoint debacle, in fact, was a watershed moment for data security
law, at least at the state level, with at least 30 states enacting some form
of breach-notification legislation requiring businesses to notify consumers
if their information is compromised.

Numerous bills have been proposed in Congress as well, but pitched battles
between privacy advocates, who seek comprehensive data protections for
consumers, and the financial industry, which wants to limit any onerous
legislation and pre-empt tougher state laws, have stalled progress.

It is not surprising, then, that a bill by Representative Edward J. Markey,
Democrat of Massachusetts, that seeks to force Web sites, including search
engines, to purge old data, has not moved since its introduction in
February.

³Corporate negligence with consumers¹ personal information shouldn¹t be
tolerated by average Americans, the financial markets, or the federal
government,² Representative Markey said in an e-mail message.

The bill was inspired by the Justice Department¹s subpoenas for search data
held by MSN, Yahoo, AOL and Google this year ‹ a move aimed at bolstering
the government¹s efforts to uphold an online child pornography law. Google
was alone in resisting the subpoena in federal court, which mostly sided
with the company, granting the government access only to information on Web
site addresses returned in Google searches, rather than search terms entered
by users.

And yet the vast data troves held by search engines and Internet companies
of all stripes continue to present an irresistible investigatory target,
particularly in an era of terrorist plots like the one that seriously
disrupted British airports, and much of the rest of global aviation this
week.

In December, the European Parliament passed sweeping data retention rules
aimed at the telecommunications and Internet industries, requiring that
fixed-line and cellphone records, e-mail and Internet logs be stored for up
to two years. The measure was lauded by law enforcement groups but decried
by privacy advocates and even industry, which would have to find space ‹ and
money ‹ to store it all.

Congress, too, has toyed with the idea of drafting data retention
legislation, and Attorney General Alberto R. Gonzales has signaled on
numerous occasions that he would like to see that happen.

Speaking at the Search Engine Strategies 2006 Conference and Expo in San
Jose, Calif., on Wednesday, Google¹s chief executive, Eric E. Schmidt,
suggested that government interest in the sort of information Google
archives remains a chief concern for his company.

³I¹ve always worried that the query stream was a fertile ground for
governments to randomly snoop on people,² he said.

In a public forum with Danny Sullivan, the editor of Search Engine Watch, an
online news blog, and the San Jose event¹s organizer, Mr. Schmidt was asked
about the AOL incident. ³It¹s obviously a terrible thing, and the data as
released was obviously not anonymized enough,² Mr. Schmidt said.

Mr. Schmidt also said his company, which stores every query its visitors
make, deploys numerous safeguards to protect and keep that data anonymous,
and that he was confident that ³this sort of thing would not happen with
Google ‹ although,² he added, ³you can never say never.²

That might be the battle cry of privacy advocates, who wonder why any
company that doesn¹t have to, and that wants to maintain the faith of its
customers, would bother to hang onto so much data.

³This AOL breach is just a tiny drop in the giant pool of information that
these companies have collected,² Mr. Bankston said. ³The sensitivity of this
data cannot be overemphasized.²

A similar sentiment was at the heart of an e-mail message sent to employees
by AOL¹s own chief executive, Jonathan F. Miller, on Wednesday.

³We work so hard to protect this kind of information, and yet it was made
public without review by our privacy experts, undermining years of industry
leadership in a single act,² Mr. Miller wrote. ³The reaction has been a
powerful reminder of how quickly a company such as AOL can forfeit the good
will we have worked for years to engender.²