Google's Privacy Policy Link: Too Little, Too Late?
By Wendy Davis, Monday, July 7, 2008
Now that it's facing a genuine privacy crisis, Google has decided to quell a completely insignificant privacy dust-up. The search giant has finally placed a link to its privacy policy on the home page. Previously, users had to click on multiple links, or search on the terms "Google privacy policy," to reach the information.
This purely cosmetic change might placate some watchdogs, who argued that Google was violating California law by not including the link on its home page, but does nothing to solve the larger problem: Google stores too much information about its users.
Among other data, the company retains logs showing users' IP addresses and their search queries. Google contends that IP addresses don't usually reveal people's identities. But that assertion ignores the reality that examining all of a person's searches can in itself reveal identity. In other words, users' identities can be deduced whether the IP address is real or a made-up sequence of numbers -- as long as it's paired with all of the searches originating from a single computer.
Last week, a federal judge ordered Google to disclose to Viacom complete user logs for YouTube, including all users' IP addresses, screen names and which videos they watched. Google and Viacom have since tried to quell privacy concerns, with Google saying it will ask to "anonymize" IP addresses, even though that won't necessarily preserve users' privacy as long as all of their information is still paired with the same identifier. Viacom has also said it will handle all information confidentially.
As privacy advocates point out, Google wouldn't be facing this problem now if it hadn't compiled and stored these records in the first place.
Louis Stanton, the federal judge who issued the order in the YouTube lawsuit, wrote in his opinion that Google argues in its public policy blog that IP addresses aren't necessarily personally identifiable. "We have proposed broad global privacy standards, and are strong supporters of the idea that data protection laws should apply to any data that could identify you. The reality is though that in most cases, an IP address without additional information cannot," the blog states.
But, on other sections of its site, Google equates IP addresses with personally identifiable information. "Due to user privacy concerns, Google Analytics doesn't report on personally identifiable information, including a visitor's IP address," the company states on a site about Google's analytics tool.
In other words, even Google realizes that, for all practical purposes, IP addresses should be treated as personally identifiable information. Given the events of last week, the company should rethink the wisdom of retaining such data.
Post your response to the public Online Examiner blog.
See what others are saying on the Online Examiner blog.
If this issue was forwarded to you and you would like to begin receiving a copy of your own, please visit our site - www.mediapost.com - and click on [subscribe] in the e-newsletter box.
For advertising opportunities see our online media kit. If you'd rather not receive this newsletter in the future click here. We welcome and appreciate forwarding of our newsletters in their entirety or in part with proper attribution.
(c) 2008 MediaPost Communications, 1140 Broadway, 4th Floor, New York, NY 10001
From what I've seen the IP address can provide very specific information that can track people. This is especially true if a time and date stamp is included with the log informaiton, which it generally is. you may need a court order to get the information from the person's ISP, but that's not all that hard if you have a reason to request it. I think we need this. While tracking people can be as benign but annoying as showing you ads based on past activity, it can also be abused on a more serious level. On the other hand if everyone can mess around on the web with little or no chance of being identified or tracked..., well, we already have enough spammers, hackers, crackers, and Turkish script kiddies to keep us busy.
Perhaps Google should encrypt the IP address and some of the other information to keep it from being abused, well abused by anyone except them. Of course if we saw signs of abuse then we would know it was them, wouldn't we...?
No comments:
Post a Comment