June 3, 2005
Google’s Long Memory Stirs Privacy Concerns
When Google Inc.'s 19 million daily users look up a long-lost classmate, send e-mail or bounce around the Web more quickly with its new Web Accelerator, records of that activity don't go away.
In an era of increased government surveillance, privacy watchdogs worry that Google's vast archive of Internet activity could prove a tempting target for abuse.
Some privacy experts who otherwise give Google high marks say the company's records could become a handy data bank for government investigators who rely on business records to circumvent Watergate-era laws that limit their own ability to track U.S. residents.
At a time when libraries delete lending records as soon as a book is returned, Google should purge its records after a certain point to protect users, they say.
"What if someone comes up to them and says, 'We want to know whenever this key word comes up'? All the capability is there and it becomes a one-stop shopping center for all these kinds of things," said Lauren Weinstein, an engineer who co-founded People for Internet Responsibility, a forum for online issues.
Google officials say their extensive log files help them improve service, fight fraud and develop new products, and unlike many other online companies, it seems willing to pay for the enormous storage capacity needed to save the data.
"If it's useful, we'll hold on to it," said Nicole Wong, a Google associate general counsel.
Google complies with law-enforcement investigations, Wong said. She declined to comment on the frequency or scope of those requests.
From the ground up, Google designs its offerings to minimally impact user privacy, Wong said. Google doesn't share the information it collects from visitors with outside marketers. Employees must get executive approval before they examine traffic data, she said.
Google logs the numerical IP address of each computer that visits many of its sites, and deposits small bits of code known as "cookies" on users' machines to automatically remember preferences like which language they use, she said. Users can reject cookies if they wish, but some services like Gmail, Google's e-mail, will not work without them.
It's difficult to tie cookies and IP addresses to a particular person, Wong said. The IP address of a computer can change every time it signs on to the Internet, and different services use different cookies so the company doesn't know, for example, that a particular Gmail user has visited the Web site of an abortion providers.
Policies Could Change
But absent regulation, there's nothing to prevent Google from linking together those cookies in the future, said Chris Hoofnagle, who heads the West Coast office of the Electronic Privacy Information Center.
"Events can change corporate culture, and those who use the Google service may experience a shift in the definition of 'evil,"' Hoofnagle said, referring to the company's "Don't be evil" motto.
Rivals like Yahoo Inc. and Internet service providers such as Time Warner Inc.'s America Online also track user activity. But ISPs generally don't hold onto such information for more than a month because storage costs and privacy concerns can mount quickly, said Stewart Baker, a Washington lawyer who has represented ISPs in law-enforcement matters.
"If you don't have a reason to keep a bunch of data around, it's probably prudent to get rid of it," he said.
Yahoo declined to say how long it holds on to its log files.
Google's generous mail service creates risks as well. While AOL purges customer e-mail from its servers after 28 days unless users specify otherwise, Gmail encourages users to hold onto their messages indefinitely.
Most people don't know that a 1986 law gives less protection from government searches to messages more than six months old, said Ari Schwartz, an associate director at the Center for Democracy and Technology.
"That doesn't mean that Google needs to change its technology, but they do need to do some consumer education," he said.
Some don't see Google's long memory as a bad thing.
On the Net: