Canadian analysts are divided on the value and impact of Google’s recently announced privacy measures.
While one observer says they are inadequate, another welcomes them, saying they will bolster user confidence in the search company.
Mountain View, Calif-based Google Inc. announced, on Wednesday that the new privacy measures it’s adopting would make it difficult to connect online search requests with the people making them.
Google said it would provide its search engine users greater privacy by removing from its system – every 18 to 24 months – key elements that could lead to users’ being identified.
The schedule is designed to comply with an assortment of regulations around the world that stipulate how long search engines are supposed to retain user information.
A Canadian privacy advocate called Google’s recent measures unsatisfactory.
“In my view two years is still a long time to keep this sort of information,” said Philippa Lawson, director, Canadian Internet Policy and Public Interest Clinic in Ottawa.
Noting that Google is “still way off the mark”, Lawson said the company could have been “trying to get good press and appease both sides.”
She said the timetable proposed by Google coincides with demands by some European Union governments seeking greater access to Internet users’ data, but could also be seen as bolstering privacy rights.
Commercial companies, Lawson said, might need to hang onto customer data for marketing purposes but there is not such need for search engines to retain this sort of information for two years.
Lawson said there have been numerous reports of security agencies using people’s Web habits to link them with certain terrorist groups.
Indeed, she said, law enforcement agencies in the U.S. have been given an almost carte-blanche access private sector databases to for counterterrorism investigation.
“The more power you give governments the more potential there is for abuse.” She said putting a two-year limit on data retention is akin to “basically treating everyone as a suspect.”
Another Canadian observer, however, took a very different stand from Lawson.
“These [measures] are going to boost user confidence in Google,” according to Joe Greene, vice-president, IT research, IDC Canada Ltd.
He said the company’s move is “a step and the right direction” and expects other search engine companies to follow suit. “Certainly other search engines will have to respond in some form to match or exceed this move.”
He said the “big question” is whether this development will generate a “backlash” from pro-law enforcement organizations.
Under Google’s current policies, authorities can demand to review personal information of users before Google purges the data.
If enforcement agencies want Google to retain the data beyond the new time limit – they would need a court order.
This is the first time the company has detailed precisely how long it retains data that can link an individual to his or her Web surfing activities.
Google’s announcement comes a year after it was entangled in a court battle on user information it was keeping. While collecting evidence for an online pornography case, the U.S. Justice Department subpoenaed major search engines for lists of search requests by their users.
Microsoft Corp.’s MSN, Time Warner Inc.’s AOL and Yahoo Inc. complied with parts of the demand but Google fought to keep its data from scrutiny. Afederal judge ordered Googleto turn over a sampling of Web addresses but later decided the company didn’t have to turn over search requests, as demanded by the government.
“The search engines can make all the announcements they want but if the government steps in there’s nothing much they can do,” he added.
A former law enforcement officer and current head of a computer forensics firm yesterday said, Google’s does not present any major hurdle for investigators.
“This development is not going to be devastating to law enforcement,” said Thomas Welch, CEO of Bullzi Security Inc., a security services and consulting firm headquartered in Lake Mary, Florida.
Welch, who investigates corporate technology crime as well as tracks down pedophiles, said most of his investigations involve sifting through data already embedded in suspects’ laptops or desktop computers.
He said investigators can also apply for subpoenas to search Internet service provider (ISP) and search engine databases should the need arise.
U.S. government agencies – such as those hunting down potential terrorists – do not rely solely on search engine data, but also sift through e-mail and other communications, the Bullzi Security CEO said.
He said while law enforcement requires access to information this should be balanced against the need to protect individual rights. “I myself don’t like my Internet use being tracked by anyone. It’s none of their business.”
QuickLink 072275
