Phone calls, e-mails, and now search data. Where will Bush stop?

Summary:First, it was in the interests of national security.  Now, it's in the interest of childrens' rights (particularly those that could be the victims of child pornography).

First, it was in the interests of national security.  Now, it's in the interest of childrens' rights (particularly those that could be the victims of child pornography).  Already in the midst of a controversy over the way the President authorized eavesdropping on international phone calls and e-mails (see CNN's coverage of Vice President Dick Cheney's defense of domestic spying), the Bush Administration has subpoenaed search giants AOL, Google, Microsoft, and Yahoo for a "random sampling" of the search data they keep as a result of the usage of their search engines.  According to News.com's Declan McCullagh and Elinor Mills which quotes American Civil Liberties Union officials who claim familiarity with the subpoenas and the degree to which the search giants have responded,  AOL, Microsoft and Yahoo have apparently complied but Yahoo's compliance fell short of the Fed's expectations.  

However, in a move that will no doubt earn it some serious street cred with Internet users (should that be "Net cred?"),  Google is digging in its heels and is the only one of the four to stand up to the US Department of Justice (DOJ) by refusing to comply altogether.  Meanwhile, in the course of complying, the other search giants are claiming that they have not compromised the privacy of their users.  An AOL official disputed the ACLU's account saying "We did not and would not comply with such a subpoena. We gave (the DOJ) a generic list of aggregate and anonymous search terms, and not results, from a roughly one day period."  The story quotes a Microsoft official as saying "We were able to share aggregated query data (not search results) that did not include any personally identifiable information, at their request."

Of the four companies being subpoenaed, I can't help but wonder if Microsoft has the least amount of wiggle room when it comes to bending to the DOJ's will.   Dating back to the antitrust inquiries that began in the 1990's, Microsoft's relationship with the DOJ is somewhat checkered.  The company's behavior is constantly scrutinized by regulators with the most recent incident to make headlines involving Microsoft's Windows Media Player.  In a telephone interview this morning, Harvard Law School visiting professor (also a co-founder of Harvard's Berkman Center on Internet & Society and the Chairperson in Internet Governance and Regulation at Oxford University) Jonathan Zittrain downplayed that possibility saying "Bureaucratically speaking, the  DOJ is organized into units.  The antitrust division is separate from the civil division (where this case is being handled) and I think you've essentially got a separate set of people working on these cases that don't have the time to talk to each other."

In the bigger picture, though (and on the heels of the domestic spying issue), the warrant for search data, particularly when there isn't an investigation into a specific case of wrongdoing, raises more questions about how far the Feds can and will go when it comes to mining domestic sources of information that many (including Google, apparently) believe to be off-limits to the government.  Most US-based Internet users, for example, use the Internet on the assumption that a record of their behavior (whether it includes personally identifiable information or not) won't fall into government hands. 

Perhaps the most obvious question is "where does it end?"  Does compliance with the DOJ's request set an ugly precedent that paves the way for the Feds to come back for a mile once they've taken an inch? Even if the data that Yahoo, Microsoft, and AOL turned over to the Feds was uncompromising in terms of privacy, with no particular criminal investigation taking place, what happens when the Feds see something they don't like? Can they just come back for more and take it? Not to be alarmist or extreme here, but is China -- where Yahoo and Microsoft (also this) have already had anti-democratic run-ins with that nation's government  -- on the other end of the spectrum along which domestic Internet surveillance policies are shifting and how far along that spectrum of chilling effects will the US shift?

In the context of what the framers of the US Constitution had in mind when they drafted the Fourth Amendment (the closest thing the Constitution has to a privacy amendment), Zittrain told me:

It's an inevitability that the government is simply being the government in wanting to enforce the law. To their benefit, there are more and more sources of information out there that are really useful and helpful than there ever were.  But, it's also incumbent on us collectively to start thinking about what the limits are to trolling such data.  We're overdue to rethink it.  Without any claim that there's anything nefarious going on by the government, you don't want to end up in a place where, should a Herbert Hoover or Nixon situation arise, the tools that are available to spy on their enemies (the kind that the Framers wanted to keep in check) are self-executing --  you don't want it so they can just go [and start trolling]."

By tools and self-execution, Zittrain told me he was referring to the most intrusive and dangerous kinds of searches that the framers understood the need for, but that also required additional steps or "speed bumps" before they could be undertaken.  Zittrain noted two important and useful speed bumps to self-executing searches.  The first of these is where the data is held by a third party like Google that can say "Hey, wait a minute" before it simply turns the data over to the government.  Referring to Google's refusal to satisfy the DOJ's request, yesterday, in his blog, World Wide Web Consortium general counsel Danny Weitzner wrote:

In this case, Google is assuming the role of privacy protector very similar to that which telephone carriers and cable companies have traditionally performed. Historically, it has often been phone companies who have protected, or at least sought to protect, their customers privacy against government access requests because of the simple fact that the telcos, not the individuals whose privacy is at risk, have the physical ability to grant or deny access to the government.

The second of Zittrain's so-called speed-bumps is where the data is actually held by the target of the search (eg: the target of a criminal investigation) and a warrant is required before the search can be executed.  For example, searching a suspected child pornographer's hard drive. 

According to Zittrain, these two examples of limits to self-executing searches have eroded in recent years.  Today for example, under the auspices of the Patriot Act, many searches no longer require a warrant.  Instead, says Zittrain, "it just takes a request on letterhead from the Executive Branch that says give us this information and you're not allowed to tell anybody or you can go to jail."  In place of the checks and balances (the "speed bumps") that the framers had in mind, Zittrain noted how now, we're just being asked to trust the government.  "The government is on its own honor when writing these requests.  Hopefully, they're writing them under the limitation of the statute."  Given the way the system has been abused when the checks and balances were in place (eg: Hoover, Nixon), falling back to a system of trust is clearly problematic and demonstrates to some extent, the brilliance of the framers who, in my opinion (at least in this case), had a preference for instruments over subjectivity (interpretation of the Constitution is a never ending debate that scholars dedicate their entire lives to).

According to Zittrain, another "erosion" -- an area where we've found ourselves suddenly trusting the government to do the right thing -- has to do with the amount of information that the government is already collecting and who is collecting it.  For example, Zittrain says that most of the data that the DOJ is trying to get from the search engine is probably already in the government's possession based on what the NSA is gleaning from the Internet.  "That doesn't mean that if the DOJ's statistician goes to the NSA that the NSA will give it to him" said Zittrain. "I'm just saying that they already have a trove and to search that, there's no outside permission or warrant required.  They're on their honor to use it and use it well.  Even if we presuppose that the government is acting not only honorably, but as it should because it's fighting the war on terrorism that we want them to in order to avoid an attack, overall, these approaches may not be the way to do it. You want the speed bumps in place that reflect framers' wisdom."

In briefly analyzing some of the legal documents associated with Google's position, Zittrain sees a request that's typical of the sort of data that a statistician at the DOJ might be looking for rather than a witch-hunt for the type of information that might compromise the privacy of specific Internet users.  That's one reason he suspects that Yahoo, AOL, and Microsoft went along with the request.  "It's possible that the legal departments of the companies looked at it and felt that it wasn't privacy intrusive" said Zittrain "They also might have made a legal judgement that if they fought the request, that they'd lose." But, on the chances that such information could still be culled from the data that DOJ collects, he also agrees with Google's position:

I applaud Google for fighting it because of the prospect that a given link in a search might well contain information that identifies the searcher.  Handing that information over to government (not in the context of investigation of wrongdoing) is problematic.  I think that there's essentially someone creative at the DOJ that said "we've been asked to prove that there's a bunch of [pornography] web sites out there that keep moving and changing to avoid the law and what better way to prove it than to go to the search engines." 

I applaud Google as well (not to be taken as a condemnation of Yahoo, Microsoft, or AOL).  Even if privacy data can't be culled from the data that the search company might turn over to the DOJ, we need companies with deep pockets to not only view this as another in a series of rights-eroding events, but to use their legal resources to help reverse the trend.

Topics: Government

About

David Berlind was fomerly the executive editor of ZDNet. David holds a BBA in Computer Information Systems. Prior to becoming a tech journalist in 1991, David was an IT manager.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.