noteworthy wrote:
NYT says Google et al are wrong to store usage data.

The storing and sharing of [search] data is a violation of users’ privacy rights.

OK, so what's their reasoning?

When people talk on the phone, they assume that the words they utter will disappear when the call is over. They certainly do not expect that their phone company is recording and storing the words, to mine for commercial purposes or to sell to other companies. People have the same expectation about the Internet searches they do: when the search is over, the words they used will disappear.

They confuse the telecom provider's role as a common carrier and basic service provider with Google's role as an information service and enhanced service provider.

Don't you agree with them? I don't think search engines should store usage data indefinately. As time goes on from the search, the risks associated with holding on to that information far exceed the value of storing it. Unfortunately, all of the risk is bourne by the searcher and all of the value is borne by the holder. This sort of imbalance is an area where it makes sense for the government to intervene.

I'm not sure I folllow how your distinction between a common carrier and an enhanced service provider is relevent to this discussion. I would say that the phone numbers you dial have approximately the same privacy implications as search terms. Search terms are a bit worse but its the same ball park. Telephone users do not expect their dialed numbers to be stored indefinately, and yet federal data retention laws already require phone companies to keep some of that data around for a longer period of time then they naturally would. I wasn't aware of this until they present data retention drama started. Perhaps this fact could support more data retention by search engines. I think its an example of how far down the slope we're already slid.

Edward Markey, Democrat of Massachusetts, has introduced a bill to prohibit Internet companies from warehousing personal data, including search queries. It is a good start, but it still gives companies too much leeway to keep data. The bill should be strengthened and passed.

This seems rather heavy handed and ill-conceived. Obviously you'd need a user-consent exception to such a rule. Then search providers would force you to log in and accept a terms of service agreement. And then your semi-anonymous cookie is replaced with a login ID; is that better?

Take a look at the bill. I could drive a truck through the "any legitimate business purpose" loophole. This would, as a matter of fact, have no impact on search engine data retention. This is an anti data retention proposal, meant as an answer to some of Congress's attempt to turn the Internet into a surveillance system by requiring ISPs to retain data long after they would have usually thrown it away. The question of whether web sites should be included in that requirement has been raised. Passing this law would be a hard no, but I expect its purpose is really more symbolic then serious.

A solution to this problem is, however, desparately needed. People simply don't understand the risks. Their understanding will get better and better as time goes on, and search engines will find themselves addressing it eventually. Unforutnately, all that risk exists today and will exist until enough people understand it that they react.

Privoxy and Tor are not the right answer. Legislation would be preferable to arms. Crafting an appropriate law would be easy. Maybe the search engines could offer an alternative to stave off the need for this.

Decius wrote:

Don't you agree with them? I don't think search engines should store usage data indefinately.

As the recent Taylor ruling on the NSA case made clear, one can agree with a decision but not its line of reasoning.

Decius wrote:

I'm not sure I folllow how your distinction between a common carrier and an enhanced service provider is relevent to this discussion. I would say that the phone numbers you dial have approximately the same privacy implications as search terms. Search terms are a bit worse, but it's the same ball park.

My chief complaint was that NYT was making an apples-oranges comparison; there are legal precedents regarding the caller's expectation of privacy with regard to a common carrier, but those precedents do not apply to enhanced services.

The call detail records are a much better analogy, although the phone company has a (more) legitimate business need to retain the records (for a period of time) for billing purposes. Additionally, aggregated call records (perhaps at the level of digital-edge-to-digital-edge) play a role in long-term planning for network capacity. Since Internet search customers are not billed for service, these records do not serve that purpose.

The AOL case complicates the fundamental issue, due to the fact that a time-series history was released. For legal purposes, one would prefer to have a separate ruling on the privacy expectations associated with a single search query (and any associated record of user click-throughs). On this basis, then, the court could proceed to evaluate the implications of long-term accumulation.

Decius wrote:

As time goes on from the search, the risks associated with holding on to that information far exceed the value of storing it.

Is that really true? Or is it the time-series compilation of queries that increases the risk?

As an exercise, compare the damages associated with two cases in which 10 million search records are inadvertantly released. In the first case, the database consists of the last one thousand queries from each of 10,000 users. In the second case, the database consists of the last single query from each of 10 million users.

Decius wrote:

Unfortunately, all of the risk is borne by the searcher and all of the value is borne by the holder. This sort of imbalance is an area where it makes sense for the government to intervene.

The imbalance is real enough, but I'd be concerned that too much government intervention could stifle innovation. It is not enough to simply "empower" the customer with the authority to dictate a binary (yes or no) policy about data retention. Most customers are not in a position to make an informed judgment about this, and service providers are motivated to convince the customer of its necessity. Unless specifically prohibited, you are likely to see practices bordering on coercion ... where a web service is free if you accept the data retention policy, or $10/month if you do not. But such a development would not necessarily be bad, because it puts a valuation on the data. (One would be reliant on market pressure to make this reflect its true value.) Then legislation could set the minimum penalty for disclosure at N times accumulated value, for some N.

noteworthy wrote:
My chief complaint was that NYT was making an apples-oranges comparison; there are legal precedents regarding the caller's expectation of privacy with regard to a common carrier, but those precedents do not apply to enhanced services.

What precedents draw a distinction with regard to basic vs. enhanced services?

With respect to the 4th Amendment, in the beginning there was mail. You had an expectation of privacy for the contents of envelopes, but not for the things written on them, nor for the contents of post cards. The court extended this framework to telephone services by drawing the peculiar conclusion that dialed number information is not enveloped because the phone company must process it to route your call, but call content is enveloped. This is convenient, but somewhat disingenuous.

Unfortunately, Internet packets are a lot more like postcards than envelopes. As far as I know, no court has ever decided whether the 4th amendment applies to Internet communications. Chances are it probably doesn't. The reason its never come up is that Congress created a statutory framework for dealing with these things that few have challenged: The Electronic Communications Privacy Act. The ECPA is weaker then the 4th amendment would be. Its really concerned with protecting information in transit, but once that communication is received, and stored, it becomes very weakly protected. The routing information is, also, very weakly protected.

In the past, our most private articles were in our homes, where they were strongly protected by the 4th amendment. Increasingly, our most private articles are stored on website and ISP servers, where they are almost totally unprotected, or they are kept on our laptops, which we carry through international border checkpoints on a regular basis.

This is how the idea of personal privacy dies.... The court system is either unwilling or unable to adapt their protections as technology advances, holding on to an anachronistic idea of how privacy is defined that ignores the complexities of the modern world, and allowing Congress to insert statutes into the vaccum that are written by law enforcement and fueled by the fear of terrorism.

Cryptography will become the new 4th amendment, and ironically the only people who'll really be hurt by it in the long run are the Law Enforcement interests who claimed the need to access this information in the first place!

Decius wrote:

As time goes on from the search, the risks associated with holding on to that information far exceed the value of storing it.

Is that really true? Or is it the time-series compilation of queries that increases the risk?

Obviously the more data you have the greater the impact of a disclosure, but the longer you hold onto the data the more likely a disclosure is to occur, and the lower the value of the data in terms of system management, prediction of interests for marketing reasons, etc...

I'd be concerned that too much government intervention could stifle innovation.

Requirements that street worthy automobiles be a certain size and have certain safety characteristics also stifle innovation. There is a balance here as in all things. As the idea of personal privacy is a core tenent of our social contact I think it ought to weigh heavily in the innovation versus regulation question.