Beware: Google is NOT your privacy friend
UPDATE: Google users ought not be breathing any sigh of privacy relief, at any time, I warned just two weeks ago (see story below).
European regulators concurr: Google Inc., owner of the world's most popular search engine, may be violating the European Union's privacy laws by storing information on customer queries for as long as two years, advisers to EU regulators told the company, according to Bloomberg News reports.
GOOGLE PRIVACY JUNGLE: WHERE IS YOUR DATA? DON'T ASK GOOGLE!
May 12, 2007: "Google CEO wants your personal information" I underscored in reporting Google’s announced claim of “taking steps to further improve our privacy practices” two months ago.
The touted Google privacy “step” at the time was that user search data will be “much more anonymous, so that it can no longer be identified with individual users (after 18-24 months).”I asked though, “Will Google searchers be breathing collective sighs of privacy relief three years out?” Not exactly, according to Google itself:
Do these changes guarantee anonymization? It is difficult to guarantee complete anonymization.
In fact, Google users ought not be breathing any sigh of privacy relief, at any time.
Peter Fleischer, Global Privacy Counsel, in March:
When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we're pleased to report a change in our privacy policy: Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google's services and protect them from security and other abuses)—but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.
Fleischer is now following-up with an “explanation” to his March announcement: “Why does Google remember information about searches?”
Why indeed! Google offers three reasons:
1) Improve our services
2) Maintain security and prevent fraud and abuse
3) Comply with legal obligations to retain data
While Google Speak is seductive, it is not meaningful. Here’s why:
Improve Our Services
Every action of every individual taken through any and all Google services, public or private, is tracked, logged, analyzed and archived for seeming perpetuity, for the benefit of Google’s corporate operations and on Google's servers throughout the world.
Google wraps its user tracking in Googley “quality improvement” rhetoric.
Really? Google targets every single person and every single organization in the world as a Google user and/or customer. Is it really necessary for a company whose name and business is driven by mathematical formulas and algorithms to accumulate Internet activity data for every man, woman and child in the guise of “search quality” and product development?
Why must Google “spy” on all the world’s mouse clicks?
After all, The Pew Internet & American Life Project relies on a few thousand telephone interviews to make definitive pronouncements of the entire U.S. adult population’s online behavior!
Maintain Security and Prevent Fraud Abuse
Does Google have a slam dunk on this one? NO. Google does not rely on a click by click analysis to “maintain security and prevent fraud abuse” in the click fraud detection arena.
Google told me it relies on two principal automated methods of analysis to uncover prohibited click activity:
1) Pattern Recognition Analysis of click sequence for signs of a malicious pattern to drive up an advertiser’s clicks and or a publisher’s earnings.
2) Statistical Anomaly Analysis to detect abnormal network behavior based on historical metrics.
Google can utilize automated flagging methods as well then to “maintain security and prevent fraud abuse” without subjecting every single piece of user data to analysis and retention.
Comply with Legal Obligations to Retain Data
Perhaps, but Google does not need to go “above and beyond the call of duty”!
Google believes it may have an ace in the (privacy) hole:
It’s also worth reiterating that we do not ask our users for their names, address, or phone numbers to use most of our services.
What is THAT Google stance really worth though?
In its “Complaint and Request for Injunction, Request for Investigation and Other Relief” before the Federal Trade Commission, in the matter of Google, Inc. and DoubleClick, Inc., the Electronic Privacy Information Center last month wrote:
1) Courts have recognized a privacy interest in the collection of information that concerns Internet use even where the information may not be personally indentifiable.
2) Privacy laws routinely require that information about consumers be deleted once it is no longer needed.
3) The Organization for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data recognize that “the right of individuals to access and challenge personal data is generally regarded as perhaps the most important privacy protection safeguard."
I have oft pointed out that Google does not offer any absolute guarantee of users’ rights to “access and challenge" personal data. Therefore, Google does not provide the “most important privacy protection safeguard.”
New York State is also calling Google to task for holding consumer data hostage as I report and analyze in: NY to Google: Stop trapping consumer data, or no DoubleClick merger
Fleischer, however, says NOT to ask “Where is my data,” as I present and analyze in Google user data cloud: Do you trust it?
In the Google era, all the world needs to know is that the Google cloud is the only place to be, the world’s safe haven, Fleischer asserts:Now, if you want to know how your data is being protected, the important question is not “where is my data?”, but rather “who holds my data?”
Perhaps, but users’ data ought only be “held” upon users’ consent and subject to users’ meaningful access to and control of the data, even if Google is the one doing the "holding."
ALSO: Google zeal breeds more identity theft risks and Google plots server farm land grab in Europe and Google Analytics: Should Google be minding YOUR Web business?