X
Business

Google: G'arn, I'll swap ya privacy for security

Would you be happier that Google collects data about your Internet history if you knew their log data was used to fight some seriously nasty worms?
Written by Liam Tung, Contributing Writer

Like a school yard card-swapping scheme, some Google researchers think privacy is a token ripe for exchanging. Would you be happier about Google collecting data on your Internet history if you knew they used it to fight nasty Web worms?

A few weeks ago I listened to Justice Kirby's thoughts on the Internet and privacy. He talked about "usage limitation" -- a privacy principle applied to data collection which holds that an organisation can only use information collected for the reason expressed to the consenting individual.

The principle had worked well for at least 20 years, Kirby said. Then along came Google offering people Web search that was so good they tossed their privacy concerns overboard for the joy of free search.

But privacy watchdogs keep barking about the implications of Google's unchecked collection and retention of data on Internet users' habits. We're safe now, but what happens when Google's isn't so profitable any more? Did I hear the words "US recession" and "Google's share price" mentioned?

This is problematic for Google since, according to one of its chief economists, Hal Varian, it can't help collecting data.

"If we don't keep a history, we have no good way to evaluate our progress and make improvements," writes Varian in his blog.

Google security researcher Niels Provos has found another reason to support Google's thirst for data about you: it keeps you safe.

In 2004 the Santy worm exploited Google's search engine to find vulnerable PHP Bulletin Board software. The technique was effective, infecting thousands of Web servers across the world within hours of its release.

Google was equally effective in its response. It used its server logs to help develop a process to distinguish Santy requests from real ones, so that it could stop the worm accessing Google.com.

"What this means," Provos divines, "is that whenever you use Google search, or Google Apps, or any of our other services, your interactions with those products helps us learn more about security threats that could impact your online experience. And the better the data we have, the more effectively we can protect all our users."

I'm not sure how to take this really. Does that mean if I don't allow Google to collect data about me that I will somehow be worse off? Or should I say, if I had a choice about how much information it collects and keeps about me, would I be less secure?

Somehow I doubt it. And even though I doubt I will ever be given a choice in this matter, as Kirby said, we shouldn't just give in to the demands technology-makers impose on us, because: "To do nothing is to make a decision to let others go and take technology where they will."

Editorial standards