- Joined
- Oct 8, 2004
- Messages
- 1,292
http://www.stltoday.com/stltoday/bu...AA7C6B64012E164586257045001397E5?OpenDocument
NEW YORK - Google is at once a powerful search engine and a growing e-mail provider. It runs a blogging service, makes software to speed Web traffic and hopes to become a digital library. And it's developing a payment service.
Although many Internet users eagerly await each new technology from Google Inc., its rapid expansion is also prompting concerns that the company may know too much: what you read, where you surf and travel, whom you write.
"This is a lot of personal information" in one place, said Chris Hoofnagle, senior counsel at the Electronic Privacy Information Center. "Google is becoming one of the largest privacy risks on the Internet."
Hoofnagle doesn't suggest that Google has strayed from its mantra of making money "without doing evil." However, some privacy advocates worry about the potential: The data's existence - gathered conveniently under a single digital roof - makes Google a prime target for abuse by both overzealous law enforcers and criminals.
Through hacking or with the assistance of rogue employees, they say, criminals could steal data for blackmail or identity theft. Recent privacy breaches elsewhere underscore the vulnerability of even those systems where thoughtful security measures are taken.
Meanwhile, law enforcement could obtain information that later becomes public, in court filings or otherwise, about people who aren't targets of a particular investigation.
Though Google's privacy protection generally is comparable to, or better than, that at Microsoft Corp., Yahoo Inc., Amazon.com Inc. and many other Internet giants, "I don't think any of the others have the scope of personal information that Google does," Hoofnagle said.
In addition, Google's practices may influence rivals given its dominance in search and the fierce competition. "Google is perhaps the most noteworthy right now by the simple fact that they are the 800-pound gorilla," said Lauren Weinstein, a computer scientist and privacy advocate. "What they do tends to set a pattern and precedent."
The concerns reflect Google's growing heft. As startups get bigger and more powerful, scrutiny typically follows.
Google says it takes privacy seriously. "In general, as a company, we look at privacy from design all the way (through) launch," said Nicole Wong, an associate general counsel at Google.
That means product managers, engineers and executives - in addition to lawyers - consider the privacy implications as new technologies are developed and new services offered, Wong said.
She also said that Google regularly seeks feedback from civil liberties groups such as the Center for Democracy and Technology and the Electronic Frontier Foundation, which credit Google for listening even if it doesn't always agree.
Google's privacy statements specify that only some of its employees have access to personal data - on a need-to-know basis - and access is logged to deter abuse.
Eric Schmidt, Google's chief executive, says a tradeoff exists between privacy and functionality, and the company believes in making fully optional - and seeking permission beforehand - any services that require personally identifiable information.
"There are always options to not use that set of technology and remain anonymous," he said in May.
But what is meant by "personally identifiable information" is subject to debate.
Google automatically keeps records of what search terms people use and when, attaching the information to a user's numeric Internet address and a unique ID number stored in a Web browser "cookie" file that Google uploads to computers unless users reconfigure their browsers to reject them.
Like most Internet companies, Google says it doesn't consider the data personally identifiable. But Internet addresses can often be traced to a specific user.
Here's just some of the ways Google can collect data on its users:
One of Gmail's selling points is its ability to retain e-mail messages "forever."
Google's program for scanning library books sometimes requires user names to protect copyrights.
Google is testing software for making Web pages load more quickly; the application routes all Web requests through its servers.
Google offers driving directions, photo sharing and instant messaging, and is developing a payment service that critics say could add billing data to user profiles.
Because storage is cheap, data from these services can be retained practically forever, and Google won't specify how long it keeps such information.
Without elaborating, Google says it "may share" data across such services as e-mail and search. It also provides information to outside parties serving as Google's agents - though they must first agree to uphold Google's privacy policies.
Much of the concern, though, stems from a fear of the unknown.
"Everybody gets worried about what they (Google) could do, but what they have done to date has not seemed to violate any privacy that anyone has documented," said Danny Sullivan, editor of the online newsletter Search Engine Watch.
Eric Goldman, a cyberlaw professor at Marquette University, believes the focus ought to be on the underlying problem: access by hackers and law enforcement.
"We still need to have good technology to inhibit the hackers. We still need laws that make hacking criminal. We still need restraints on government surveillance," Goldman said. "Google's database doesn't change any of that."
Larry Ponemon, a privacy adviser, says research by his Ponemon Institute found Google consistently getting high marks for trust.
By contrast, Microsoft, whose software regularly gets violated by hackers, didn't fare as well despite what Ponemon and others acknowledge are improvements in its approach to privacy. "People confuse customer service with obligations to maintain privacy," Ponemon said. "Google has a product that seems to work. It gets almost like a free ride on privacy."
That's changing.
Google, a perennially secretive company, may share some of the blame. It goes out of its way to strip its privacy statements of legalese so they are easier to read. But the statements remain vague on how long the company keeps data.
In an interview, Wong said Google has no set time limits on data retention; such determinations are left to individual product teams. She said the information helps Google learn how well it is doing - for instance, are users getting the results they want in the first five, 10 or 100 hits?
"We keep data that's collected from our services for as long as we think it's useful," she said.
Google says it releases data when required by law, but its privacy statements offer few details.
Wong said Google doesn't surrender data without a subpoena, court order or warrant. But she wouldn't provide details on how many requests it gets, or how often, and federal law bars Google from disclosing requests related to national security.
For civil lawsuits, Wong said, Google warns users before it complies so they can file objections with a court - a fact the company doesn't publicize
NEW YORK - Google is at once a powerful search engine and a growing e-mail provider. It runs a blogging service, makes software to speed Web traffic and hopes to become a digital library. And it's developing a payment service.
Although many Internet users eagerly await each new technology from Google Inc., its rapid expansion is also prompting concerns that the company may know too much: what you read, where you surf and travel, whom you write.
"This is a lot of personal information" in one place, said Chris Hoofnagle, senior counsel at the Electronic Privacy Information Center. "Google is becoming one of the largest privacy risks on the Internet."
Hoofnagle doesn't suggest that Google has strayed from its mantra of making money "without doing evil." However, some privacy advocates worry about the potential: The data's existence - gathered conveniently under a single digital roof - makes Google a prime target for abuse by both overzealous law enforcers and criminals.
Through hacking or with the assistance of rogue employees, they say, criminals could steal data for blackmail or identity theft. Recent privacy breaches elsewhere underscore the vulnerability of even those systems where thoughtful security measures are taken.
Meanwhile, law enforcement could obtain information that later becomes public, in court filings or otherwise, about people who aren't targets of a particular investigation.
Though Google's privacy protection generally is comparable to, or better than, that at Microsoft Corp., Yahoo Inc., Amazon.com Inc. and many other Internet giants, "I don't think any of the others have the scope of personal information that Google does," Hoofnagle said.
In addition, Google's practices may influence rivals given its dominance in search and the fierce competition. "Google is perhaps the most noteworthy right now by the simple fact that they are the 800-pound gorilla," said Lauren Weinstein, a computer scientist and privacy advocate. "What they do tends to set a pattern and precedent."
The concerns reflect Google's growing heft. As startups get bigger and more powerful, scrutiny typically follows.
Google says it takes privacy seriously. "In general, as a company, we look at privacy from design all the way (through) launch," said Nicole Wong, an associate general counsel at Google.
That means product managers, engineers and executives - in addition to lawyers - consider the privacy implications as new technologies are developed and new services offered, Wong said.
She also said that Google regularly seeks feedback from civil liberties groups such as the Center for Democracy and Technology and the Electronic Frontier Foundation, which credit Google for listening even if it doesn't always agree.
Google's privacy statements specify that only some of its employees have access to personal data - on a need-to-know basis - and access is logged to deter abuse.
Eric Schmidt, Google's chief executive, says a tradeoff exists between privacy and functionality, and the company believes in making fully optional - and seeking permission beforehand - any services that require personally identifiable information.
"There are always options to not use that set of technology and remain anonymous," he said in May.
But what is meant by "personally identifiable information" is subject to debate.
Google automatically keeps records of what search terms people use and when, attaching the information to a user's numeric Internet address and a unique ID number stored in a Web browser "cookie" file that Google uploads to computers unless users reconfigure their browsers to reject them.
Like most Internet companies, Google says it doesn't consider the data personally identifiable. But Internet addresses can often be traced to a specific user.
Here's just some of the ways Google can collect data on its users:
One of Gmail's selling points is its ability to retain e-mail messages "forever."
Google's program for scanning library books sometimes requires user names to protect copyrights.
Google is testing software for making Web pages load more quickly; the application routes all Web requests through its servers.
Google offers driving directions, photo sharing and instant messaging, and is developing a payment service that critics say could add billing data to user profiles.
Because storage is cheap, data from these services can be retained practically forever, and Google won't specify how long it keeps such information.
Without elaborating, Google says it "may share" data across such services as e-mail and search. It also provides information to outside parties serving as Google's agents - though they must first agree to uphold Google's privacy policies.
Much of the concern, though, stems from a fear of the unknown.
"Everybody gets worried about what they (Google) could do, but what they have done to date has not seemed to violate any privacy that anyone has documented," said Danny Sullivan, editor of the online newsletter Search Engine Watch.
Eric Goldman, a cyberlaw professor at Marquette University, believes the focus ought to be on the underlying problem: access by hackers and law enforcement.
"We still need to have good technology to inhibit the hackers. We still need laws that make hacking criminal. We still need restraints on government surveillance," Goldman said. "Google's database doesn't change any of that."
Larry Ponemon, a privacy adviser, says research by his Ponemon Institute found Google consistently getting high marks for trust.
By contrast, Microsoft, whose software regularly gets violated by hackers, didn't fare as well despite what Ponemon and others acknowledge are improvements in its approach to privacy. "People confuse customer service with obligations to maintain privacy," Ponemon said. "Google has a product that seems to work. It gets almost like a free ride on privacy."
That's changing.
Google, a perennially secretive company, may share some of the blame. It goes out of its way to strip its privacy statements of legalese so they are easier to read. But the statements remain vague on how long the company keeps data.
In an interview, Wong said Google has no set time limits on data retention; such determinations are left to individual product teams. She said the information helps Google learn how well it is doing - for instance, are users getting the results they want in the first five, 10 or 100 hits?
"We keep data that's collected from our services for as long as we think it's useful," she said.
Google says it releases data when required by law, but its privacy statements offer few details.
Wong said Google doesn't surrender data without a subpoena, court order or warrant. But she wouldn't provide details on how many requests it gets, or how often, and federal law bars Google from disclosing requests related to national security.
For civil lawsuits, Wong said, Google warns users before it complies so they can file objections with a court - a fact the company doesn't publicize
