New Google data retention plan
p2pnet news view Freedom | P2P:- Under what it’s calling a new logs retention policy, Google says it’s anonymizing IP addresses on its server logs after nine months.
Is it significant it’s not totally destroying them? Does anonymizing (cloaking?) mean although the data won’t be generally available, they’ll still be accessible to certain parties under certain conditions? Forever?
“We’re significantly shortening our previous 18-month retention policy to address regulatory concerns and to take another step to improve privacy for our users,” says the company.
But there shouldn’t be a need to “improve” anything. User privacy should be a carved-in-rock given under Google’s much-vaunted Do No Evil philosophy.
It does, though, adhere rigidly to its first rule: “Focus on the user and all else will follow.” The trouble is: the focus is on users as marks rather than collaborators and I’m sorry, but I don’t believe user privacy will suddenly become a matter of serious concern for the company.
A ‘difficult decision’
Google used to keep it logs intact “indefinitely,” then in March last year, it said it’d only keep them for 24 months and that it would ultimately reduce data retention to a-year-and-a-half.
Now, on its official blog and in a policy paper addressed to European Union privacy regulators, “It was a difficult decision because the routine server log data we collect has always been a critical ingredient of innovation,” it says. [For 'innovation' read 'for advertising purposes'.]
It goes on (provide your own translations to unspin Google corporate-speak ) »»»
We have published a series of blog posts explaining how we use logs data for the benefit of our users: to make improvements to search quality, improve security, fight fraud and reduce spam.
Over the last two years, policymakers and regulators — especially in Europe and the U.S. — have continued to ask us (and others in the industry) to explain and justify this shortened logs retention policy. We responded by open letter to explain how we were trying to strike the right balance between sometimes conflicting factors like privacy, security, and innovation. Some in the community of EU data protection regulators continued to be skeptical of the legitimacy of logs retention and demanded detailed justifications for this retention. Many of these privacy leaders also highlighted the risks of litigants using court-ordered discovery to gain access to logs, as in the recent Viacom suit.
Today, we are filing this response (PDF file) to the EU privacy regulators. Since we announced our original logs anonymization policy, we have had literally hundreds of discussions with data protection officials, government leaders and privacy advocates around the world to explain our privacy practices and to work together to develop ways to improve privacy. When we began anonymizing after 18 months, we knew it meant sacrifices in future innovations in all of these areas. We believed further reducing the period before anonymizing would degrade the utility of the data too much and outweigh the incremental privacy benefit for users.
We didn’t stop working on this computer science problem, though. The problem is difficult to solve because the characteristics of the data that make it useful to prevent fraud, for example, are the very characteristics that also introduce some privacy risk. After months of work our engineers developed methods for preserving more of the data’s utility while also anonymizing IP addresses sooner. We haven’t sorted out all of the implementation details, and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work.
While we’re glad that this will bring some additional improvement in privacy, we’re also concerned about the potential loss of security, quality, and innovation that may result from having less data. As the period prior to anonymization gets shorter, the added privacy benefits are less significant and the utility lost from the data grows. So, it’s difficult to find the perfect equilibrium between privacy on the one hand, and other factors, such as innovation and security, on the other. Technology will certainly evolve, and we will always be working on ways to improve privacy for our users, seeking new innovations, and also finding the right balance between the benefits of data and advancement of privacy.
Google the Good
I used to really like, and really believe in, Google.
It was the first company to make sense of the search process and it seemed to be run by a genuinely innovative, genuinely P2P-conscious (as in ‘people to people’) crew.
I also believed it would try to live up to its Do No Evil claim and I was really sorry I didn’t have enough money to buy shares when it went public. It’s a pity, I said to myself. I’d really have loved to have been a part of such a forward-thinking company.
Then Bill Xia discovered Google was knowingly and deliberately helping China to keep its citizens in the dark and IMHO, things have been steadily sliding downhill ever since.
Once upon a time, Google’s help entry on censorship read »»»
Google does not censor results for any search term. The order and content of our results are completely automated; we do not manipulate our search results by hand. We believe strongly in allowing the democracy of the web to determine the inclusion and ranking of sites in our search results. To learn more about Google’s search technology, please visit …
“We believe strongly in allowing the democracy of the web to determine the inclusion and ranking of sites in our search results.” That’s a statement with power. But during the China censorship scandal, I think it was, the sentence was abandoned and the emphatic No Censorship statement was modified to »»»
It is Google’s policy not to censor search results. However, in response to local laws, regulations, or policies, we may do so. When we remove search results for these reasons, we display a notice on our search results pages. Please note: For some older removals (before March 2005), we may not show a notice at this time.
This isn’t to suggest Google is alone in kowtowing to China’s demands. It isn’t. Microsoft, Cisco and Yahoo are but three of many companies who, for hard-core business purposes, ignore the fact China is one of the most repressive countries in the world.
Now Google says it’ll only keep use of data on tap for nine months. But nine months is a very long time. What will it do with it during that period?
Meanwhile, it’s worth remembering last year Google was the only firm to completely fail an important six-month investigation into privacy practices employed by key Net-based companies.
Jon Newton – p2pnet
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
September 9th, 2008 at 1:42 pm
If you want to make it more difficult for Google to track your internet activity, set your browser to refuse “cookies” from the Google domain (google.com in the USA). I did this at least three years ago, and I have no problems with the results of my searches. On the contrary, I think that I get fewer targeted ads because they don’t have my search history handy in a cookie to use for targeting me.
I suppose that Google will continue to log my searches by linking them to my IP address, but since my IP address changes from time to time their dossier on me can only exist in disassociated chunks that would be tedious to put back together.