Calif. Initiative To Regulate Search Engines?

Lauren Weinstein writes to tell us about CIFIP, the California Initiative For Internet Privacy — his attempt to get search engines off the dime on questions such as how long they retain search data. The initiative aims to explore "cooperative and/or legislative approaches to dealing with search engine and other Internet privacy issues, including a possible California initiative for the 2008 ballot." There is a public discussion list.

Sounds good in theory.

[CosmeticLobotamy]

But it's government, so to get anything done, anything enforceable would have to pretty much say, "You can only keep records for 25 years, and then you have to delete them. Seriously, guys, okay?" I'm not saying don't bother. Good on ya, California. But don't get yours hopes up.

Lets get Ted Stevens on this...

[tehSpork]

When you allow companies to save mass amounts of information, mass amounts of information, about the searches performed on the tubes, the tubes could get clogged with all this information. Therefore, instead of allowing this information to accumulate on the walls of the tubes, we are putting forth a mandate that all search engines clean their tubes on a yearly basis. To protect privacy. To protect the tubes. To save the internets!

I hope this doesn't go too far

[walnutmon]

Basically the most dangerous part of keeping this data is the fact that other people can match you to your queries.

I think the government should only get involved if there is a problem that cannot be solved by the people themselves. Unfortunately, the willingness of companies to offer easily accessable avenues for finding some of the risks of their services is not as good as it should be.

I think the first step here is not to make hard rules as to how long all search info can be held, instead, they should give rules as to what can be held indefinately, and what cannot.

In this case, I don't think there is anything wrong with queries being kept indefinately, but it should not be kept in relation to people. Make it so that they have to encrypt IPs to some other value, so that searches can be tracked, and even what the users search, but there will be no way to tie that information to actual people.

That way the information can be stored indefinately, and in the event other people want to see, they will have nothing that they can use maliciously against other people. They will see search trends, and even see what individual users search for in order to create correlation between searches, but will not have access to anyones personal business.

It would be difficult to argue against this because any business that wants to know specific peoples searches is obviously using information that the users did not intend anyone to have.

By doing this the search companies would have a much more trusting user base.

If only we had a media that brought up important stuff like this, the companies would do it on their own in order to generate good PR and more traffic.

Re:I hope this doesn't go too far

[finkployd]

(1) The identity can sometimes (often?) be figured out by going through all of the searches. This is basically what all of the uproar over the AOL snafu was all about

(2) The US government wants this data to be saved and tied to users in case they need to get it (via a court order I'm sure *snicker*). If you are against this you must love the terrorists and child porn.

(3) This data represents significant intellectual property of the search engines. Remember, you are NOT their customer, you are their product. The advertisers are their customers. As their product, they want to collect and retain as much as they can about you, this makes their product more valuble.

Basically, the search companies and government are not going to want to do this, only the "product". And if the data is all tied to a single IP (or long term cookie like google's), encrypted or not it is possibly still traceable.

Part of the problem is the weird notion that all internet searches should be completely anonymous, I don't know where that came from.

Finkployd

Re:I hope this doesn't go too far

[jacquesm]

the main reason for keeping searches anonymous is that you have no idea where that data will end up. You've looked up something about aids recently ? Your insurance just went up.

Tried to find out how to make TNT ? Off to Guantamo bay with you.

Finding out about the origins and local chapter of the KKK ? Better buy a new set of windows.

and so on.

Search queries are a private thing because like calling the help hot line for being suicidal if you can not guarantee privacy you end up causing real life damage.

Marketeers wet dreams and bottom lines only go so far, it's perfectly possible to run a search engine without profiling and still make a buck.

Maybe not quite as many bucks, and maybe you'd have to work a little harder to 'monetize' but to unconditionally hold hostage an individuals entire search history for an indefinite amount of time is a serious breach of privacy.

It would be like the phone company keeping a record of all your CONVERSATIONS, not just the numbers that you have dialled.

You volunteer this information.

[onion2k]

While search firms have a legitimate business interest in using this data in reasonable ways for both ongoing business and R&D purposes, it is difficult for reasonable observers to justify the retention of this data on an indefinite basis.

The information that you submit to a search engine, such as your search terms, your IP address, your user agent string, any cookie information, is all submitted voluntarily. You give up this data willingly. If you want to keep any of this information private then don't submit it. Of course, that means you won't be able to use the search engine, that's the cost of privacy. A price you should be willing to pay if your privacy is genuinuely important to you.

Too many people seem to expect that they should be able to live a private life despite handing over vast swaths of data on a daily basis. You can't. If you want your data to be private you need to keep it to yourself. Data retention issues are only applicable in situations where you don't have a choice about relinguishing your information (eg tax returns, vehicle licensing, etc).

Bottom line: If you choose to tell someone something voluntarily you cannot expect them to forget about it when you think they should.

Re:You volunteer this information.

[pubjames]

You give up this data willingly.

Within the context of applicable laws. The laws we define.

You can apply your argument to pretty much everything - when you send a parcel via UPS, when you make a telephone call, when you give your details to a company to purchase something. Laws apply which protect us from misuse of our personal information.

If you choose to tell someone something voluntarily you cannot expect them to forget about it when you think they should.

Rubbish. An organisation can use your personal information within the bounds set by applicable laws.

This may come as news to these folks, but...

[voice_of_all_reason]

If the search engine doesn't have an office in CA (and it'd be easy to move for stuff like this), they have no reason to listen to your silly laws.

Re:This may come as news to these folks, but...

[jacquesm]

no, not really the traffic passes through points located in California.

Also, right now:

Registrant:
                Google Inc. (DOM-258879)
                Please contact contact-admin@google.com 1600 Amphitheatre Parkway
                Mountain View CA 94043
                US

they're pretty well represented there, and moving house is also not cheap (not to mention relocating all your employees) and all that just to avoid abiding by the law.

You might as well set up shop in Afghanistan if that's you attitude :)