Friday, July 17, 2009

More Mistruths from Google on Privacy

When it comes to discussing the details of the company's privacy policies, Google is rarely forthcoming. Company statements, while technically truthful, are usually very deceptive to all but the expert reader. This allows Google to say one thing, while meaning another.

A fantastic example of this can be seen in statements made during a recent newspaper interview by Marissa Mayer, Google's vice president of search products and user experience:
"When you look at, for instance, search history, which is what personalised search is based on, you can actually see all of the information that Google has about you and you can understand how it's being deployed and you also can decide to opt out of the service entirely, or you can even delete various parts of the data that you don't like or you'd rather we didn't have. So there's a lot of transparency and control available to the user there, and we want to operate with a lot of transparency, because we want our users to be informed about what's going on."
The casual reader might see Mayer's comments, and wrongly believe that they can log in to the Web History page on Google's site, delete the information on their previous searches, causing the information to be deleted from Google's various log files, and thus protect their data from a subpoena submitted by a government investigator, the entertainment industry or divorce lawyer. Anyone believing this is, unfortunately, dead wrong.

Consider this snippet from the Frequently Asked Questions page for the Google Web History service:

You can choose to stop storing your web activity in Web History either temporarily or permanently, or remove items, as described in Web History Help. If you remove items, they will be removed from the service and will not be used to improve your search experience. As is common practice in the industry, Google also maintains a separate logs system for auditing purposes and to help us improve the quality of our services for users. For example, we use this information to audit our ads systems, understand which features are most popular to users, improve the quality of our search results, and help us combat vulnerabilities such as denial of service attacks.

As this page makes clear, Google does not promise to delete all copies of your old search records when you delete them using the Web History feature. No, the company will merely no longer show them to you, and will no longer use that information to provide customized search.

I'm sure this was an honest mistake on Mayer's part, right? As the company's vice president of search products and user experience, its not like she should actually be expected to understand the fine grained details of the company's policies for search and user privacy.

A pattern of deception

Unfortunately, Mayer's misstatement of the facts is not the first time that Google has given misleading statements to the press about its privacy policies.

Last September, Google announced to the world that:
Today, we're announcing a new logs retention policy: we'll anonymize IP addresses on our server logs after 9 months. We're significantly shortening our previous 18-month retention policy to address regulatory concerns and to take another step to improve privacy for our users.
The usually fantastic Ellen Nakashima at the Washington Post was the first to announce the news via an exclusive interview with Google Privacy Czar Jane Horvath. Unfortunately, Nakashima allowed her article to be used as a tool of the Google politburo.
[Horvath] said Google also would anonymize the IP addresses associated with search queries typed in by users into Google's standard search bar nine months after they have been collected. "This really just illustrates how seriously we do take data anonymization,"
Miguel Helft at the New York Times didn't do much better.

It wasn't until I took the initative to contact Google's PR team a few days later with a series of in-depth technical questions about the specifics of the policy that the the truth emerged

Writing at CNET, I revealed that:
Google announced on Monday that the company will be reducing the amount of time that it will keep sensitive, identifying log data on its search engine customers. To the naive reader, the announcement seems like a clear win for privacy. However, with a bit of careful analysis, it's possible to see that this is little more than snake oil, designed to look good for the newspapers, without delivering real benefits to end users....

Google has now revealed that it will change "some" of the bits of the IP address after 9 months, but less than the eight bits that it masks after the full 18 months. Thus, instead of Google's customers being able to hide among 254 other Internet users, perhaps they'll be able to hide among 64, or 127 other possible IP addresses .... this is a laughable level of anonymity.
Once I pointed out how useless Google's new privacy policy actually was, the tech press soon jumped onboard. The Register called it "Google Privacy Theatre", while ZDNet called it a "farce." Robert X. Cringley, wrote that "the announcement was designed to make headlines and appease regulators while doing nothing to release Google's stranglehold on your data."

Google and the Press

In this instance, Google was technically telling the truth. After all, at 9 months, the company does delete some information from their logs. It just happens that the act of deleting one or two bits of data does almost nothing to protect user privacy, and to describe it as "anonymity" is arguably false and deceptive advertising.

Unfortunately, most of the folks in the tech press are simply not up to the task of reading between the lines of Google's privacy doublespeak -- doing so usually requires the rare combination of expertise in the law as well as strong technical skills.

The true meaning of opt-outs

Don't worry though -- all is not lost. When government officials and regulators turn their gaze upon Google, they are often able to cut through the propaganda, and get to the truth. For some reason, Google seems far less able to lie to the Feds.

A fantastic example of this can be seen in the video clip embedded below, which is from the Behavioral Advertising hearing in the House of Representatives one month ago. Rep. Bobby Rush gets execs from both Google and Yahoo to admit that the companies do not allow consumers to opt out of the collection of data, but merely the use of that data. This is something that most firms are loathe to admit in public, and instead leave the consumer hopelessly trying to read between the lines of their multi-page privacy policies.

1 comment:

Anonymous said...

this is the kind of patriot that we need, some one that really fights for our privicy rights.
not some flag waving histronics