March 14, 2007

Comments on Google's Privacy Announcement

Greetings. Google has announced significant changes to their data retention policy. Since I'm already being asked for my opinion regarding their announcement, I'm sending this out now rather selfishly to avoid having to generate a large number of individual responses (though I'll be glad to discuss this in more depth upon request).

First, the "raw" material:

Google's Press Release

Google's PDF with more details

Michael Liedtke's AP piece

The gist of the announcement is two changes: The obscuration of some IP address bits (currently it appears that this would involve the least-significant octet of IP addresses recorded in the Google user activity logs), and changes to provide for some form of cookie anonymization.

Such an IP address change would allow for identification of any one computer out of a group of 256, rather than the existing ability to identify each computer individually. The actual impact of this change from a privacy standpoint would vary greatly depending on the type of addresses (dynamic vs. static) and the total range of those IP addresses associated with any given organization. Cookie anonymization effectiveness is more difficult to analyze until more information regarding the algorithms to be used becomes available.

Both of these changes would be applied to data after an 18-24 month period -- during which time data would be retained intact -- unless future government data retention mandates require longer periods. This is in contrast to Google's policy up to this point of maintaining all log data intact on an indefinite basis.

The AP piece referenced above notes that AOL apparently already goes farther than Google plans to go in terms of IP address anonymization and some other related issues. In light of that, my many public statements over time that have been critical of Google data retention policies, and my Open Letter to Google: Concepts for a Google Privacy Initiative from last year, what is my take right now on this move by Google?

It's much simpler than you might expect. I am not particularly concerned at this point about the details of the policy. I could (and at some point no doubt will) critique the various aspects of Google's changes in detail regarding both perceived strengths and shortcomings, but not today.

For now, let's view Google's announcement with the broadest possible scope -- not so much for what it says but for what it might portend for the future. While these changes can be reasonably viewed as only a first step on the road to the kinds of data retention privacy enhancements ultimately needed, taking that first step at all is an immensely positive sea change to Google's attitude toward this data.

Time will tell if the rest of that privacy road is traversed in due course. It will be a challenging path indeed, especially in a political environment where the pressure to retain data for extremely broad retroactive investigatory purposes is growing at an alarming rate. And as we've seen in the recent revelations regarding the FBI's violations of the PATRIOT Act, the issues are all interrelated, and Google of course must obey these laws.

But those are issues for another day. For now, I'll simply thank Google for listening, and express the hope that we can move forward together into a very uncertain future, where deeds will always speak more strongly than words, and where the decisions we make now about these matters are likely to have impacts for generations to come -- as we all ideally try to live by the "Don't be Evil" creed.

It won't be easy. But we have no honorable choice but to try.


Posted by Lauren at March 14, 2007 11:32 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein