Calif. Initiative To Regulate Search Engines?

Lauren Weinstein writes to tell us about CIFIP, the California Initiative For Internet Privacy — his attempt to get search engines off the dime on questions such as how long they retain search data. The initiative aims to explore "cooperative and/or legislative approaches to dealing with search engine and other Internet privacy issues, including a possible California initiative for the 2008 ballot." There is a public discussion list.

Sounds good in theory.

[CosmeticLobotamy]

But it's government, so to get anything done, anything enforceable would have to pretty much say, "You can only keep records for 25 years, and then you have to delete them. Seriously, guys, okay?" I'm not saying don't bother. Good on ya, California. But don't get yours hopes up.

Re:Sounds good in theory.

[jacquesm]

the government is at odds with itself over this, there is privacy protection and then there is the 'war on terror' bs that says that we will track everything everywhere all the time (carnivore and such).

I'm pretty sure that privacy protection (of which there is precious little in the US to begin with) is going to lose out on this one. The right thing for GOOG, AOL, MSN and so on to do would be of course to unilaterally stop keeping track of peoples searches in such a way that they can be attributed to a particular person.

Then the government would have to mandate that such queries be kept and we can all see the emperor again. As it is the big search companies do the governments bidding because their goals are fairly strongly aligned.

Keep everything -> more control over the population in terms of dollars spent or people on file.

kiss your privacy goodbye.

Lets get Ted Stevens on this...

[tehSpork]

When you allow companies to save mass amounts of information, mass amounts of information, about the searches performed on the tubes, the tubes could get clogged with all this information. Therefore, instead of allowing this information to accumulate on the walls of the tubes, we are putting forth a mandate that all search engines clean their tubes on a yearly basis. To protect privacy. To protect the tubes. To save the internets!

Re:Lets get Ted Stevens on this...

[bky1701]

Or someone could call Roto-Rooter, I hear they know about pipes.

I hope this doesn't go too far

[walnutmon]

Basically the most dangerous part of keeping this data is the fact that other people can match you to your queries.

I think the government should only get involved if there is a problem that cannot be solved by the people themselves. Unfortunately, the willingness of companies to offer easily accessable avenues for finding some of the risks of their services is not as good as it should be.

I think the first step here is not to make hard rules as to how long all search info can be held, instead, they should give rules as to what can be held indefinately, and what cannot.

In this case, I don't think there is anything wrong with queries being kept indefinately, but it should not be kept in relation to people. Make it so that they have to encrypt IPs to some other value, so that searches can be tracked, and even what the users search, but there will be no way to tie that information to actual people.

That way the information can be stored indefinately, and in the event other people want to see, they will have nothing that they can use maliciously against other people. They will see search trends, and even see what individual users search for in order to create correlation between searches, but will not have access to anyones personal business.

It would be difficult to argue against this because any business that wants to know specific peoples searches is obviously using information that the users did not intend anyone to have.

By doing this the search companies would have a much more trusting user base.

If only we had a media that brought up important stuff like this, the companies would do it on their own in order to generate good PR and more traffic.

Re:I hope this doesn't go too far

[finkployd]

(1) The identity can sometimes (often?) be figured out by going through all of the searches. This is basically what all of the uproar over the AOL snafu was all about

(2) The US government wants this data to be saved and tied to users in case they need to get it (via a court order I'm sure *snicker*). If you are against this you must love the terrorists and child porn.

(3) This data represents significant intellectual property of the search engines. Remember, you are NOT their customer, you are their product. The advertisers are their customers. As their product, they want to collect and retain as much as they can about you, this makes their product more valuble.

Basically, the search companies and government are not going to want to do this, only the "product". And if the data is all tied to a single IP (or long term cookie like google's), encrypted or not it is possibly still traceable.

Part of the problem is the weird notion that all internet searches should be completely anonymous, I don't know where that came from.

Finkployd

Re:I hope this doesn't go too far

[jacquesm]

the main reason for keeping searches anonymous is that you have no idea where that data will end up. You've looked up something about aids recently ? Your insurance just went up.

Tried to find out how to make TNT ? Off to Guantamo bay with you.

Finding out about the origins and local chapter of the KKK ? Better buy a new set of windows.

and so on.

Search queries are a private thing because like calling the help hot line for being suicidal if you can not guarantee privacy you end up causing real life damage.

Marketeers wet dreams and bottom lines only go so far, it's perfectly possible to run a search engine without profiling and still make a buck.

Maybe not quite as many bucks, and maybe you'd have to work a little harder to 'monetize' but to unconditionally hold hostage an individuals entire search history for an indefinite amount of time is a serious breach of privacy.

It would be like the phone company keeping a record of all your CONVERSATIONS, not just the numbers that you have dialled.

Re:I hope this doesn't go too far

[1134]

Looks like California is getting uppity... trying to regulate the world. Sometime I'd like to see someone like google just say "Fine, we are boycotting your state." I am not specifically complaining about Calf, but the general principle of someone thinking they are big enough to extort others into doing what they mandate. It would be nice to see someone give these these bullies the proverbial finger.

You volunteer this information.

[onion2k]

While search firms have a legitimate business interest in using this data in reasonable ways for both ongoing business and R&D purposes, it is difficult for reasonable observers to justify the retention of this data on an indefinite basis.

The information that you submit to a search engine, such as your search terms, your IP address, your user agent string, any cookie information, is all submitted voluntarily. You give up this data willingly. If you want to keep any of this information private then don't submit it. Of course, that means you won't be able to use the search engine, that's the cost of privacy. A price you should be willing to pay if your privacy is genuinuely important to you.

Too many people seem to expect that they should be able to live a private life despite handing over vast swaths of data on a daily basis. You can't. If you want your data to be private you need to keep it to yourself. Data retention issues are only applicable in situations where you don't have a choice about relinguishing your information (eg tax returns, vehicle licensing, etc).

Bottom line: If you choose to tell someone something voluntarily you cannot expect them to forget about it when you think they should.

Re:You volunteer this information.

[walnutmon]

You give up this data willingly.

To a certain extent.

My problem is this. It is not obvious to most users that this information is tracked to such a detailed degree. I spent four years in college for computer engineering, before that, I didn't know that entering text in a search engine was actually trackable to me. And I certainly didn't know that it was trackable, storeable, and searchable.

There is a reason people have their rights read to them when they are arrested. It is because not everyone knows the law and when something really important to someone is at stake, the government believes that the less educated still deserve to know how certain things will affect them...

This leads to a dispute over what should people know on their own, and what should people be told before using. Google has an EUA, but you don't need to read it, or even look at it to use their service. Maybe you should (oh yeah, and maybe it should be readable by normal people, not just lawyers).

I know there is sentiment to say "fuck people who use stuff they don't understand". I think that people need to be more responsible for themselves. But in the case of the internet it is a great tool for everyone, and I think the more people use it, the better. Something as basic to anyone who needs information as a search engine should have the risks better explained on a regular basis.

Re:You volunteer this information.

[pubjames]

You give up this data willingly.

Within the context of applicable laws. The laws we define.

You can apply your argument to pretty much everything - when you send a parcel via UPS, when you make a telephone call, when you give your details to a company to purchase something. Laws apply which protect us from misuse of our personal information.

If you choose to tell someone something voluntarily you cannot expect them to forget about it when you think they should.

Rubbish. An organisation can use your personal information within the bounds set by applicable laws.

Re:You volunteer this information.

[maxume]

This post is a little bit fanboyish, but Google does pretty well, so let's give them due consideration.

Their terms of service are clear and fairly concise:

http://www.google.com/intl/en/terms_of_service.htm l

They attempt to explain how your interactions with their services seperately from their actual privacy policy. The privacy highlights document is somewhat shorter than the actual policy, but neither is terribly long, and both are clearly written:

http://www.google.com/privacy.html
http://www.google.com/privacypolicy.html#informati on

They also include a link to what exactly they are tracking in their logs, that explains what information the actual text of the log represents:

http://www.google.com/privacy_faq.html#serverlogs

These documents aren't hard to find. I'm not sure what more google should be doing to communicate with their users. A link advertising all this stuff on the front page might be nice, but 'About Google' isn't exactly obfuscated.

It's not written in stone

[BadAnalogyGuy]

Though you may hand over this information, there's nothing forcing the government to force search engine companies hold on to the data. If the search engine decides it doesn't want to hold on to all these search stats, they can't do anything about it if their hands are tied by government regulation.

I don't care whether or not my privacy is protected by Google. I do care that the government cares enough that they see fit to codify it in a way that isn't leaning towards the privacy side.

I would rather they just left it alone and went on their way.

This may come as news to these folks, but...

[voice_of_all_reason]

If the search engine doesn't have an office in CA (and it'd be easy to move for stuff like this), they have no reason to listen to your silly laws.

Re:This may come as news to these folks, but...

[jacquesm]

no, not really the traffic passes through points located in California.

Also, right now:

Registrant:
                Google Inc. (DOM-258879)
                Please contact contact-admin@google.com 1600 Amphitheatre Parkway
                Mountain View CA 94043
                US

they're pretty well represented there, and moving house is also not cheap (not to mention relocating all your employees) and all that just to avoid abiding by the law.

You might as well set up shop in Afghanistan if that's you attitude :)

Re:This may come as news to these folks, but...

[IO+ERROR]

Mod parent up... I love these CIFIP guys. They basically are saying: "We want you to run your business OUR way, and if you don't, we'll get the guys with guns (the state) to MAKE you run your business OUR way." They act as if they didn't have a CHOICE or the ABILITY to protect their own privacy, both of which they do in abundance. Maybe this will finally wake up Silicon Valley and they'll finally get the hell out of the People's Communist Democratic Republic of Kalifornia. There are much better places, even in the U.S., for the tech industry to be located.