Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finding Fault With Google's Privacy Policy

Posted by timothy on from the wonder-what-bill-joy-thinks-of-it dept.

orenh writes "Viacom has recently obtained a court order that requires Google to hand over a complete list of every video watched by YouTube users. These logs will include the login names and IP addresses of the users. Google are now asking Viacom if they can anonymize the logs before turning them over; Viacom hasn't responded yet. But this privacy nightmare could have been greatly reduced if Google had anonymized the data in advance. Google's privacy policy states that they keep personally identifiable information for 18 months. There is no real reason to do so; Google can achieve everything they need even if they anonymize their search logs after just one month, and it's time users told them to do so."

7 of 155 comments (clear)

  1. Forget one month... by wellingtonsteve · · Score: 5, Insightful

    ...why keep identifiable logs in the first place?

    1. Re:Forget one month... by nospam007 · · Score: 5, Insightful

      and why not keeping them in a country where privacy still means something, so that no US judge can touch them.

    2. Re:Forget one month... by gunnk · · Score: 5, Informative

      Because it doesn't matter where the logs are housed as long as Google does business in the U.S.. Housing them elsewhere does not make them immune to a court order.

      --
      Life is short: void the warranty.
    3. Re:Forget one month... by mysidia · · Score: 5, Interesting

      The records could have been unobtainable by the US division of Google.

      For example, the records in the "safe" country would be owned by an independent subsidiary, such that the related company (Google) wouldn't have direct executive authority to force the other company to release the records.

      Because they're independent companies and Google has no legal authority to force an outside company to do anything.

      Google could then request the records, but the data storage company could refuse to approve the request, and there would be no way for Google to force the other company to provide the information.

      Because the use and manner which the records could be accessed would be spelled out by some binding agreement.

      Limiting the volume of records that could be requested at any time, limiting the allowed uses for every record, and requiring them to be destroyed a short time after loaded.

      And for google to "request all the records" from their separate company formed to hold the records would be an operation requiring special permission, extensive justification, and full disclosure, regarding reasons for the request, which the board of the other company would have to vote on (after researching to guarantee that Google is not possibly under any kind of duress in making the request, to release information).

      Also, the company in the foreign country could be prevented from illicitly disclosing records, by having each log line independently encrypted.

      The US-based Google would have the decryption keys but not the data.

      The foreign "record storage company" would have the logs, but no means to decrypt them.

      Or alternatively, the logs would have been produced in a split binary format:

      The US-based Google would have half the information; the foreign "data storage" company would have the other half --- and no individual record could be obtained without bitwise XOR'ing all pieces together.

      And there could be more than two pieces: there could be more than 1 subsidiary that has to agree to any massive information release request.

  2. Google Being Stupid by Nom+du+Keyboard · · Score: 5, Insightful
    Google has just been stupid here about privacy, and now it's coming home to roost in a very public way.

    The problem is that we I.T. people are Data Hoarders. Even if the data isn't useful today, or at all useful into the foreseeable future, we still hang on to it. And we save every detail we can just to prove how clever we are to have been able to discover it in the first place. (Note: P2P program writers are the same, and that's how Media Sentry can tell you so much about filesharers they discover on the Internet right down to the full directory paths of files.) Now if storage wasn't so d@mn cheap we wouldn't have this habit, but Moore's Law applied to disc drives means we no longer have to store 2-digit years and have Y2K problems. We have these problems now instead.

    This is why the RIAA is able to use IP addresses combined with timestamps to identify ISP account holders. It doesn't identify any actual copyright infringers, but they don't care as long as they have somebody to sue. If these logs were deleted after 3 days this whole RIAA mess would have been a non-starter.

    We just have this compulsion to hang onto everything because we can, and perhaps with the faint hope that somewhere down the line we'll be able to show extreme cleverness to our PHB's when they ask some inane question like, "Duh, how many unique IP addresses have accessed our website since 1991?" and we'll be able to say, "Give me 10 minute and I'll let you know (wag tail)."

    Chances are that Google themselves has never had to follow-up on an IP address to identify a user for anyone except the Chinese government and/or the NSA, neither of which are our friends. The first poster who asks why they keep this at all, let alone weren't anonymizing it long ago has it right. This is hardly the first time Google has had to turn over access records so they certainly know that it can and will happen.

    Don't be evil at Google seems to mean don't destroy data you never needed in the first place in the event that some government we want to keep as our friend might want it. But now we find out that more than just governments can get to it with baseless suits and moronic judges.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  3. Re:Forget one month...Forget Other Countires Too by Nom+du+Keyboard · · Score: 5, Insightful

    and why not keeping them in a country where privacy still means something, so that no US judge can touch them.

    That didn't mean much to one European BitTorrent tracker site who was ordered by U.S. judges to turn over all access logs where the site didn't even keep logs to start with. The judge said in his infinite wisdom that because the data existed in RAM at some instant that the logs were required to be created and then turned over.

    While I respect the USA law within the USA, I despise when judges attempt, often with too much success, to enforce it outside of the USA. And not just data laws. We enforce US sex laws in other countries to criminalize behavior completely legal there. This Is Wrong!

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  4. lose the files by Anonymous Coward · · Score: 5, Funny

    just say they were 'lost' and that the backups were destroyed or lost due to shady backup practices. works for the White House.