April 21, 2007

Search Engines and ISPs: The Law is the Law?

Greetings. As search engines, ISPs, and other Internet-connected enterprises collect and archive increasing amounts of data on our activities, it is inevitable that governments and other entities will come to view that data as ever more invaluable aids in accomplishing their particular agendas, for good or ill.

In most cases this data is kept voluntarily by the various services, though around the world moves toward government-mandated data retention are rapidly being pushed, mainly in the name of law enforcement.

Often people don't have a clue as to how much information is being kept regarding their search and browsing activities. Google's announcement of a new "Web History" feature -- allowing Google users to track not only their Google searches but also most of their other Web browsing activities, will likely have the positive benefit of clearly demonstrating to people just how much data really is being collected--bringing this out into the open, as it were.

A quick digression regarding Google Web History. I've received some alarmed queries about it, but in my view it doesn't actually change the level of information being collected by Google, rather it makes some of that data available to users for the first time.

Note that non-Google Web browsing data would only be sent to Google in the case of Google Toolbar users with the PageRank feature turned on. This has been a standard (documented by Google in their privacy statement) feature of Toolbar for quite some time -- the PageRank toolbar feature couldn't work without it.

Users who don't log in to Google accounts, who block Google cookies, and who don't use Google Toolbar shouldn't be tracked beyond normal Google search usage log entries (the subject of recent Google privacy policy changes aimed at taking an initial positive step toward anonymization of that data after a defined time period). Of more concern with Google Toolbar is whether or not most users ever bother reading the privacy policies so as to be informed about the data being collected, particularly users for whom the toolbar was pre-installed or installed by someone other than the user.

We're seeing ever more cases of various governments demanding access to the data collected by search engines and ISPs. DOJ vs. Google was one celebrated case, and while Google fought on various grounds, they ended up having to turn over considerable data. Google, Yahoo, and others have all been in the spotlight for providing foreign governments with data on particular users. In the last few days, Yahoo has been sued by the family of a Chinese man being imprisoned for years based on data turned over by Yahoo. The suit asserts that Yahoo is complicit in his arrest and claimed torture.

Ultimately, all of these organizations make a demonstrably true statement to explain their actions -- "We must obey the laws in the countries where we operate." Absolutely correct. No question about it. You want to play ball with somebody else's ball, you play by their rules.

But in the Yahoo case, an additional comment by their spokesman caught my attention. He noted that they simply hand over data when ordered, they don't know what it's used for, and usually never hear about it directly again. In other words, they simply obey orders.

That statement might have perhaps slid by if I hadn't recently been watching the fine old 1961 film "Judgment at Nuremberg" -- where characters on trial used almost the same words to describe their actions and rationalizations in a different context involving arrests, torture, and worse.

This is not to directly compare the current situation with corporate complicity in Nazi Germany, but only to point out that actions have consequences, and those consequences can result in suffering, pain, and even death in some parts of the world, a universe away from our glowing screens and merrily typing fingers.

Which leads us inevitably to The Questions. When do we cross the threshold beyond which it is ethically inappropriate to "play ball" in certain locales by rules that can have repugnant effects on individual lives, despite our services bringing very significant benefits to large populations in those areas? At what stage should "business as usual" take a back seat to these ethical concerns?

These are not simple questions; the calculus of ethics is not always straightforward in the modern world, as much as we'd like to think it was.

But I believe that we're rapidly reaching a point in the development of the Internet where such questions must be addressed, and it's inevitable that they will be -- either by the involved firms themselves, by government legislative and other actions, or both.

When it comes to collecting and turning over data that can result in real harm to real people, "We were just following orders" -- even as the admitted cost of doing business -- seems unlikely to be a tenable response for much longer.

I invite broad discussion and dialogue on these questions. Humanity -- and the continued flowering of the Internet and its wonders -- will depend on the answers.

--Lauren--

Posted by Lauren at April 21, 2007 11:25 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein