Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finding Fault With Google's Privacy Policy

Posted by timothy on from the wonder-what-bill-joy-thinks-of-it dept.

orenh writes "Viacom has recently obtained a court order that requires Google to hand over a complete list of every video watched by YouTube users. These logs will include the login names and IP addresses of the users. Google are now asking Viacom if they can anonymize the logs before turning them over; Viacom hasn't responded yet. But this privacy nightmare could have been greatly reduced if Google had anonymized the data in advance. Google's privacy policy states that they keep personally identifiable information for 18 months. There is no real reason to do so; Google can achieve everything they need even if they anonymize their search logs after just one month, and it's time users told them to do so."

2 of 155 comments (clear)

  1. No, Judge being stupid! by DigitAl56K · · Score: 4, Interesting

    Viacom do not need this information. Any of it. At all.

    Viacom, as I understand, want to show what percentage of YouTube content views are of Viacom content. In order to accomplish this all they need to do is provide Google with a list of content IDs, which they would need to have if they themselves were to perform the analysis anyway, and then to allow Google to provide a count of views for each of these pieces of content versus the total of all other content views for the same period.

    Done. Mission accomplished. No private data changes hands.

    I personally cannot comprehend how a judge ruled that privacy issues resulting from this are "speculative". You are essentially handing over information on millions of people on what content they watched, uploaded, commented on, rated, tagged, etc. to a media company, without need. This information is also the foundation for YouTube's business being handed over to a competitor.

    The judge says it's speculative? I say remove the judge for willfully violating the privacy of millions of citizens and foreign nationals.

    I would also like to know how the judge has completely ignored the Video Privacy Protection Act? If it's on the Internet suddenly all privacy concern automatically goes away, even if you're engaged as a customer of a company with a published privacy policy offering you many protections?

  2. Re:Forget one month... by mysidia · · Score: 5, Interesting

    The records could have been unobtainable by the US division of Google.

    For example, the records in the "safe" country would be owned by an independent subsidiary, such that the related company (Google) wouldn't have direct executive authority to force the other company to release the records.

    Because they're independent companies and Google has no legal authority to force an outside company to do anything.

    Google could then request the records, but the data storage company could refuse to approve the request, and there would be no way for Google to force the other company to provide the information.

    Because the use and manner which the records could be accessed would be spelled out by some binding agreement.

    Limiting the volume of records that could be requested at any time, limiting the allowed uses for every record, and requiring them to be destroyed a short time after loaded.

    And for google to "request all the records" from their separate company formed to hold the records would be an operation requiring special permission, extensive justification, and full disclosure, regarding reasons for the request, which the board of the other company would have to vote on (after researching to guarantee that Google is not possibly under any kind of duress in making the request, to release information).

    Also, the company in the foreign country could be prevented from illicitly disclosing records, by having each log line independently encrypted.

    The US-based Google would have the decryption keys but not the data.

    The foreign "record storage company" would have the logs, but no means to decrypt them.

    Or alternatively, the logs would have been produced in a split binary format:

    The US-based Google would have half the information; the foreign "data storage" company would have the other half --- and no individual record could be obtained without bitwise XOR'ing all pieces together.

    And there could be more than two pieces: there could be more than 1 subsidiary that has to agree to any massive information release request.