Finding Fault With Google's Privacy Policy

orenh writes "Viacom has recently obtained a court order that requires Google to hand over a complete list of every video watched by YouTube users. These logs will include the login names and IP addresses of the users. Google are now asking Viacom if they can anonymize the logs before turning them over; Viacom hasn't responded yet. But this privacy nightmare could have been greatly reduced if Google had anonymized the data in advance. Google's privacy policy states that they keep personally identifiable information for 18 months. There is no real reason to do so; Google can achieve everything they need even if they anonymize their search logs after just one month, and it's time users told them to do so."

Forget one month...

[wellingtonsteve]

...why keep identifiable logs in the first place?

Re:Forget one month...

[nospam007]

and why not keeping them in a country where privacy still means something, so that no US judge can touch them.

Re:Forget one month...

[gunnk]

Because it doesn't matter where the logs are housed as long as Google does business in the U.S.. Housing them elsewhere does not make them immune to a court order.

Re:Forget one month...

[mysidia]

The records could have been unobtainable by the US division of Google.

For example, the records in the "safe" country would be owned by an independent subsidiary, such that the related company (Google) wouldn't have direct executive authority to force the other company to release the records.

Because they're independent companies and Google has no legal authority to force an outside company to do anything.

Google could then request the records, but the data storage company could refuse to approve the request, and there would be no way for Google to force the other company to provide the information.

Because the use and manner which the records could be accessed would be spelled out by some binding agreement.

Limiting the volume of records that could be requested at any time, limiting the allowed uses for every record, and requiring them to be destroyed a short time after loaded.

And for google to "request all the records" from their separate company formed to hold the records would be an operation requiring special permission, extensive justification, and full disclosure, regarding reasons for the request, which the board of the other company would have to vote on (after researching to guarantee that Google is not possibly under any kind of duress in making the request, to release information).

Also, the company in the foreign country could be prevented from illicitly disclosing records, by having each log line independently encrypted.

The US-based Google would have the decryption keys but not the data.

The foreign "record storage company" would have the logs, but no means to decrypt them.

Or alternatively, the logs would have been produced in a split binary format:

The US-based Google would have half the information; the foreign "data storage" company would have the other half --- and no individual record could be obtained without bitwise XOR'ing all pieces together.

And there could be more than two pieces: there could be more than 1 subsidiary that has to agree to any massive information release request.

Obligatory

[Spy+der+Mann]

In soviet America, corporations tube you!

Google Being Stupid

[Nom+du+Keyboard]

Google has just been stupid here about privacy, and now it's coming home to roost in a very public way.

The problem is that we I.T. people are Data Hoarders. Even if the data isn't useful today, or at all useful into the foreseeable future, we still hang on to it. And we save every detail we can just to prove how clever we are to have been able to discover it in the first place. (Note: P2P program writers are the same, and that's how Media Sentry can tell you so much about filesharers they discover on the Internet right down to the full directory paths of files.) Now if storage wasn't so d@mn cheap we wouldn't have this habit, but Moore's Law applied to disc drives means we no longer have to store 2-digit years and have Y2K problems. We have these problems now instead.

This is why the RIAA is able to use IP addresses combined with timestamps to identify ISP account holders. It doesn't identify any actual copyright infringers, but they don't care as long as they have somebody to sue. If these logs were deleted after 3 days this whole RIAA mess would have been a non-starter.

We just have this compulsion to hang onto everything because we can, and perhaps with the faint hope that somewhere down the line we'll be able to show extreme cleverness to our PHB's when they ask some inane question like, "Duh, how many unique IP addresses have accessed our website since 1991?" and we'll be able to say, "Give me 10 minute and I'll let you know (wag tail)."

Chances are that Google themselves has never had to follow-up on an IP address to identify a user for anyone except the Chinese government and/or the NSA, neither of which are our friends. The first poster who asks why they keep this at all, let alone weren't anonymizing it long ago has it right. This is hardly the first time Google has had to turn over access records so they certainly know that it can and will happen.

Don't be evil at Google seems to mean don't destroy data you never needed in the first place in the event that some government we want to keep as our friend might want it. But now we find out that more than just governments can get to it with baseless suits and moronic judges.

The problem isn't Google, it's us.

[guanxi]

Google clearly should have anticipated this. Governments have requested/required info on individual users before, as has been posted many times to /. For some countries, Google even moved user data off-shore, to protect it. Privacy advocates warned of this problem happening.

Google's rule is 'don't be evil', as long as it doesn't interfere with business.

But the problem isn't Google, it's us. We keep using Google, though we knew about the risks and problems. The day a company risks significant revenue over privacy, is the day they will pay attention to it.

We have met the enemy and he is us.
http://en.wikipedia.org/wiki/Pogo_(comics)#.22We_have_met_the_enemy.....22

Re:The problem isn't Google, it's us.

[Televiper2000]

Why do I feel like I'm the only person that takes "don't be evil" with a grain of salt. Google has been a great corporation because they understood people on the Internet and how they wanted to be treated. But, they also use that knowledge when they calculate how far they can push the envelope. "Don't be evil" has translated into webmail accounts with massive amounts of space, web ads that's don't flash or pop-up, and a search engine who's front page maintains the very bland basic HTML feel. Now people dream of Google being the great fixer in any industry that has annoyed them over the years.

Re:The problem isn't Google, it's us.

[Digital+End]

oh yes, exactly. Google is zee devil.

They are out to kill us all.

Seriously, do people thrive on having enemys? Do they find no happyness simply in a group being what they are? Protip; "The Man" isn't out to get you, and all the companys aren't working for him.

And shall we stop using every service out there, because somewhere, deep down in their closet, is something we disagree with?

If so, I'm going to assume you're posting to /. from your wooden cottage on a privatly owned island that you found... how you're on the internet though is beyond me.

Frankly, I don't care. Yes, they should have known better, but their products (Google, GoogleMaps, Gmail, ect) are damn good. The very thing I love about them is their drive to cataloge all of the worlds information and present it to the world. The fact that I can go into google map, find a resurant, and then go to street level view to scout around for a parking garage... or that I can see a chart of what was searched on the internet when... seeing spikes of intrest.

And how does storing this information in the first place make you question their stupid slogan? They're evil because they don't sit up all night, wild eyed freaking out about the boogie man comming to hunt down your IP? It was information, they stored it. Now that they have a reason NOT to, we'll see if they adjust.

You sir have spent too long nose deep in these things and are posting irrationally...

...and mods... THAT is consitered insiteful?
"exhibiting insight or clear and deep perception"

Read his fearmongering company-phobic post again for me before you down-mod this to hell. Posts like that being taken seriously is part of the crazy rep this site gets from time to time. No, his isn't the only one, but ffs...

'Gov't has tried to take our IPs before, google shoulda knowed so dat meanz they waz just save'n dem to give dem to da gov't so they can take my hat!!'

The interenet has a lot of enemys, google however isn't one of them.

Re:Forget one month...Forget Other Countires Too

[Nom+du+Keyboard]

and why not keeping them in a country where privacy still means something, so that no US judge can touch them.

That didn't mean much to one European BitTorrent tracker site who was ordered by U.S. judges to turn over all access logs where the site didn't even keep logs to start with. The judge said in his infinite wisdom that because the data existed in RAM at some instant that the logs were required to be created and then turned over.

While I respect the USA law within the USA, I despise when judges attempt, often with too much success, to enforce it outside of the USA. And not just data laws. We enforce US sex laws in other countries to criminalize behavior completely legal there. This Is Wrong!

Not much of a problem...

[John+Hasler]

...if you don't have a Google login name. Google search works just fine without one. It even works fine without any Google cookies.

lose the files

just say they were 'lost' and that the backups were destroyed or lost due to shady backup practices. works for the White House.

Re:Better idea

[zappepcs]

There is an interesting tie in here to something I've promoted all along: If the last mile was owned by cooperative groups (meaning NOT ISPs) then they could pool the IP addresses assigned in a random, and meaningless way. That is to say that if 237 people in a housing association were sharing DHCP IP addresses through a server system with enough bandwidth that many ISPs could hook up and serve out email and other services by user, it would be possible to hide the end user IP. Then any stats by Google or others would apply to the group, not an individual. Share that cooperative environment out amongst all the people of your neighborhood or town where the number is now thousands or tens of thousands and the problem of privacy becomes less of a concern.

Only when there is centralized control of Internet usage is there a privacy issue. Imagine being part of a cooperative with 34 connections to various ISPs, and all of the 12000 users in the cooperative using something like TOR. Standard Internet browser usage would be anonymized completely. The idea that you should be identifiable comes from the fact that there is a way currently to identify you. If your packets arrived to the greater Internet backbone from more than one source and more than one IP, it would be anonymous, and the 'grid' would be truly that. If you and 14999 of your friends decide to make a mesh network using wireless and landline connections at each node, it would be impossible for anyone to identify your network habits. It would also be nearly impossible to cause a network-only outage. Power loss could still be catastrophic. My point is this, if you truly want anonymity, you have to work hard for it. Most people don't want to. Consequences of that are inevitable, unavoidable, costly.

I believe that this *IS* the answer to the problems of network neutrality. Force the powers that be to accept that they cannot regulate private networks by building our own outside of their useless understanding of how things work. When they finally discover that they cannot regulate, things will change a bit. I'm all for calling it a patriot network... might be over the top a bit, but we all need to start creating them.

Oh the shame

[EEPROMS]

The world will find out about my Thomas the Tank engine fetish....

No, Judge being stupid!

[DigitAl56K]

Viacom do not need this information. Any of it. At all.

Viacom, as I understand, want to show what percentage of YouTube content views are of Viacom content. In order to accomplish this all they need to do is provide Google with a list of content IDs, which they would need to have if they themselves were to perform the analysis anyway, and then to allow Google to provide a count of views for each of these pieces of content versus the total of all other content views for the same period.

Done. Mission accomplished. No private data changes hands.

I personally cannot comprehend how a judge ruled that privacy issues resulting from this are "speculative". You are essentially handing over information on millions of people on what content they watched, uploaded, commented on, rated, tagged, etc. to a media company, without need. This information is also the foundation for YouTube's business being handed over to a competitor.

The judge says it's speculative? I say remove the judge for willfully violating the privacy of millions of citizens and foreign nationals.

I would also like to know how the judge has completely ignored the Video Privacy Protection Act? If it's on the Internet suddenly all privacy concern automatically goes away, even if you're engaged as a customer of a company with a published privacy policy offering you many protections?

And judge is either clueless or in pay of MPAA

[Morgaine]

> Google has just been stupid here about privacy, and now it's coming home to roost in a very public way.

This is true, but it's not the worst of it.

Much, *MUCH* worse is that the judge has imposed on Google a legal ruling that the RIAA must be wetting themselves to obtain. And of course, these records will go straight to the MPAA, despite the contraints placed on their use.

This is either a case of extreme naivete on the part of the judge in ignoring the privacy ramifications in his incredible ruling, or quite possibly a simple case of corruption. Such naivete would be so incredible in a judge that isn't senile, that corruption has to be far more likely.

As for Google, their lawyers should have IMMEDIATELY said to the judge "Our client cannot do that, on privacy grounds. Google's duty to protect the privacy of millions cannot be dismissed by a legal ruling." Judges are not omnipotent, even when some of them think they are.