Marissa's Internet Law Blog

I thought it would be useful to see how Google stacks up against its competitors in regard to privacy, so here is a rundown of several major search engines’ privacy policies:

Google.com

Privacy policy: http://www.google.com/intl/en/privacy.html

What information do they gather when you search?

IP address, time and data of search, search terms, browser type, operating system, unique cookie ID, and what search results or ads you click on.

How long do they keep data?

Google has agreed to delete IP addresses from its server logs after 18 months, but the records of search terms may remain indefinitely.

How do they use cookies?

Cookies are used to identify each user with a string of numbers, enabling Google to track each user’s search history and customize aspects of the site. The cookies expire after two years.

What information do they share with third parties?

Google shares personal information with affiliated companies that process data for them and requires these companies to comply with Google’s privacy policy. They may also share personal information if they “have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.” Finally, Google can freely share aggregated, non-personal information.

Can you opt out?

Only by disabling cookies, which prevents you from using some of Google’s services.

How hard is it to find the privacy policy?

Privacy policy highlights ares two clicks from the home page – click on “About Google” and then “Privacy Policy” at the bottom of the page. Once you get to the privacy highlights, you must click on one more link to reach the full privacy policy.

 

Ask.com

Privacy policy: http://about.ask.com/en/docs/about/privacy.shtml

What information do they gather when you search?

IP address, URL of the last website you visited, browser type, operating system, unique cookie ID, and search term(s).

How long do they keep data?

They will remove any association of your search terms with your IP address after 18 months, but they may keep a record of the search terms indefinitely.

How do they use cookies?

Ask gives each user a unique cookie ID to track his or her search history, target ads, and customize some aspects of the site. The cookie expires after two years.

What information do they share with third parties?

They may share all the information described in the first question with affiliated companies that provide sponsored listings, news, or other content to them. They also may share personal and non-personal information if they “believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, as necessary to render or conduct a legitimate business activity related to a service we provide, or to comply with legal or regulatory obligations.”

Can you opt out?

Yes. AskEraser, which can be enabled with a simple click of the mouse, creates a cookie that tells Ask to delete any information collected about you within hours. Searching works just as well with AskEraser turned on, but some services do not. Third-party sites described above may not delete your data even if you enable AskEraser. Also, if you violate Ask’s terms of service or Ask receives a request from law enforcement, they might keep and share data about you even if AskEraser is enabled.

How hard it is to find the privacy policy?

The policy is three clicks away from the home page. Click on “About,” then “Site Policies,” and then “Privacy Policy.”

 

Yahoo.com

Privacy policy: http://info.yahoo.com/privacy/us/yahoo/

What information do they gather when you search?

IP address, browser type, operating system, and search terms.

How long do they keep data?

The policy doesn’t say.

How do they use cookies?

Cookies uniquely identify each user so that Yahoo can customize ads to them and conduct research on its users. Also, third-party sites that serve ads on Yahoo set cookies in people’s browsers when they visit Yahoo.

What information do they share with third parties?

Yahoo shares information with affiliated companies and companies that serve ads on Yahoo. They also share information if they “believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Yahoo!’s terms of use, or as otherwise required by law.”

Can you opt out?

You can opt out of having ads targeted to you, but not out of having your data collected.

How hard is it to find the privacy policy?

There is a link to the privacy policy at the bottom of the home page.

 

Ixquick.com

Privacy policy: http://us.ixquick.com/eng/privacy-policy.html

What information do they gather when you search?

URL of the last site you visited, IP address, browser type, operating system, date and time of search, search terms, and what links you click on.

How long do they keep data?

IP addresses are deleted within 48 hours.

How do they use cookies?

They use cookies to track how people use their site, but the cookies do not track users individually.

What information do they share with third parties?

They only share personal information with third parties if they “have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) detect, prevent, or otherwise address fraud, abuse, security or technical issues, or (c) protect against imminent harm to the rights, property or safety of Ixquick, its users or the public as required or permitted by law.”

How hard it is to find the privacy policy?

A link to privacy information is displayed prominently on the home page, and a link on the privacy page leads to the full privacy policy.

 So, in conclusion,  Google’s and Yahoo’s policies seem very similar, although Yahoo may be slightly worse than Google because it allows third parties to set ads when people visit its site. Ask is significantly more respectful of privacy because it offers the AskEraser. Ixquick advertises itself as being privacy-friendly and, for the most part, lives up to its expectations. It does collect similar data to the other search engines (but not unique cookie IDs) and uses the data to make sure no one is abusing or monopolizing its site. However, it does not use data to customize content for users and automatically deletes IP addresses from log files after 48 hours.

My blog so far has focused on the powers of private companies to collect data about people’s Internet activities, but I think it’s important to mention the possibility of the government gaining access to data from companies like Google. According to their privacy policy, Google doesn’t even need to be subpoenaed to give up data to a government agency. The policy says Google will only give up personal information to third parties if…

“We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.” (1)

So, if a lawsuit is filed against someone and Google is asked to turn over information, that person’s entire search history, as well as any personal information they voluntarily provided to Google, could be made public. If the court subpoenaed an ISP, then the person’s web history could easily be linked to their name. And this part of the policy applies only to personal information. Google seems to be even more willing to share non-personally-identifiable information:

“We may share with third parties certain pieces of aggregated, non-personal information, such as the number of users who searched for a particular term, for example, or how many users clicked on a particular advertisement. Such information does not identify you individually.” (1)

It is hard to tell if this category of data could include IP addresses and/or cookie IDs or is limited to data on the number of users that performed certain actions.

To Google’s credit, however, it fought a government subpoena in the case of Gonzalez v. Google, a major legal challenge to search engines’ right to keep data private. The U.S. Department of Justice, led by Attorney General Alberto Gonzalez, filed a motion in federal court on January 18, 2006 seeking a court order that would force Google to share with them “a multi-stage random sample of one million URL’s” that are reachable using Google’s search engine and “the text of each search string entered onto Google’s search engine over a one-week period (absent any information identifying the person who entered such query).” (2) The government wanted this information to help defend the constitutionality of the Children’s Online Protection Act –  a federal law that makes it illegal for websites to make “harmful” material available to minors. Gonzalez argued that studying a sample of Google’s data would enable the government to estimate how often people search for and find material that is harmful to minors, how widely this material is available online, and how effective filtering software is. (2)

Google, however, refused to comply with the subpoena, arguing that the information is irrelevant and redundant, as other search engines had already complied with the subpoena, that it would compromise privileged trade secrets, and that complying with the subpoena would personally identify Google’s users. The government argued that Google needed to turn over “only the text of the random sample of search strings, without any additional information that would identify the person who entered any individual search string.” (2) So it seems that the government was only asking for a list of search terms, without IP addresses, cookie IDs, or any other information.

On March 18, 2006 a judge ruled that Google must give up 50,000 random URLs (less than the government’s demand of a million) but did not have to share any search terms. It’s interesting that Google tracks its users’ searching habits so extensively but didn’t even want to give the government a list of search terms. It seems that the information the government was asking for falls under the category of “aggregated, non-personal information,” which Google says it may share with third parties without users’ consent and without even the belief that doing so is legally necessary. Perhaps Google is being cautious in its privacy policy by informing users of the worst-case scenario regarding their privacy. Maybe Google actually tries to be more conservative about user privacy than it lets on in the policy. Was Google truly acting out of concern for users’ privacy when it resisted the subpoena? Or was Google’s main motive an economic one, such as the desire to protect its trade secrets?

Sources: 

1. Google Privacy Policy. 30 Dec. 2007 <http://www.google.com/intl/en/privacypolicy.html>. 

2. Gonzalez v. Google, Inc. FindLaw. 30 Dec. 2007 <http://news.findlaw.com/hdocs/docs/google/gonzgoog11806m.html>.

In this post I will try to determine how the Google-DoubleClick merger will expand the companies’ data-gathering powers.

Both companies track users’ IP addresses, so they would be able to combine their sets of data about each individual user. By using DART cookies, DoubleClick’s servers track each user’s IP address (and therefore location), browser type, operating system, and what ads they click on each time the user visits a site that shows ads from DoubleClick. So, DoubleClick has a complete history of which client sites each individual user has visited and when, as well as which ads the user has clicked on. As long as the user has a static IP address, opting out of the DART cookies will not prevent this type of tracking, since the opt-out cookie still tracks the user’s IP address.

The information that Google records includes IP addresses, browser types, operating systems, dates and times of searches, and links and ads clicked on. So Google can compile a list of all the terms a particular user has searched for, as well as which results and ads the user has clicked on.

After the merger, Google-DoubleClick would be able to track, by IP address, all the terms each user has searched for, all the search results the user has clicked on, all the sites that are clients of DoubleClick that the user has visited, and all the DoubleClick and Google ads the user has clicked on. And if the user has a changing IP address, Google-DoubleClick could use cookies as a backup method and still be able to track all of these things by individual user. Although Google-DoubleClick would not be able to link IP addresses to names without help from ISPs, there is a significant danger that their records of information could be personally identifiable. For example, some people google their own names, the weather in their town, or directions from their address to various destinations. Would you be happy knowing that one company has such an extensive record of your online activities and may be able to link it to your name?

Allowing the Google-DoubleClick merger might lead to a slippery slope. I wonder if DoubleClick will still provide the ability to opt out of cookies, or if it will conform to Google’s policy of not allowing users to opt out of having their activities recorded. What if, at some point down the line, Google someday teamed up with an Internet service provider? Then it would be able to match IP addresses to names with no difficulty whatsoever, and Internet activity for the customers of that ISP would lose all anonymity and privacy.

In my next post I will briefly describe the legal protections against the government gaining access to Google’s and DoubleClick’s vast records of information…