Critics to Google: Privacy, please

Times Staff Writers

Google Inc.’s memory is getting a little shorter. Just not short enough for some.

The company adjusted its policies Wednesday to answer complaints that it never forgets what users have looked for.

Google said it would continue to collect and maintain a vast internal database of search-engine queries -- as diverse as “digital camera” and “bomb making instructions” -- tied to the unique addresses of the computers on which they were entered. But it will “anonymize” the data by stripping addresses from the records after 18 to 24 months. That’s enough time, according to Google, to keep law enforcement officials happy and satisfy its quality control needs.


“We think this change will strike the right balance,” Google Deputy General Counsel Nicole Wong said.

Some privacy advocates wonder why search records should be kept for even 18 days. Microsoft Corp. and AOL, which run smaller search engines than industry leader Google, say they dump them almost immediately in the U.S.

“There is more that could be done,” Kurt Opsahl, staff attorney with privacy group Electronic Frontier Foundation, said about Google’s new policy. “It would be nice to see the window narrowed to a shorter time frame. The shorter the better.”

The search-records issue hit the public consciousness last year when Google was locked in a legal battle with the Bush administration. A federal judge denied Justice Department officials access to most of the millions of search queries they had demanded, contending that handing over the records would violate people’s privacy.

On Wednesday, Mountain View, Calif.-based Google said it had good reason to keep records of who searched for what: It can help the company better understand what people are seeking, how quickly they’re finding it and what ads they’re clicking on.

Search records also help Google recommend related search terms based on the country or region where the user is.


And in Europe, the law mandates that such records be preserved. Last year, the European Union ordered phone and Internet companies to retain traffic data tied to individual computer addresses for six to 24 months to help police investigate crimes. The EU left the exact time frame to each member nation to decide.

“At the same time,” Google spokeswoman Victoria Grand said, “we wanted to implement a policy to show our users that we’re concerned about their privacy by creating more transparencies and certainties about our data retention practices.”

Chris Hoofnagle, a privacy law professor at UC Berkeley’s Center for Law and Technology, said Google shouldn’t treat users in different countries the same. In the U.S., where there’s no requirement like Europe’s, he said, Google should keep the records only long enough to provide more targeted results and track clicks on ads.

It would be “easier than ever” for Google to sort searches by country and keep only the minimum amount of data required by law, he said.

Ari Schwartz, deputy director of the Center for Democracy and Technology, an advocacy group, said Google appeared to be trying to reconcile several of its corporate missions that “sometimes run into each other.”

“How do you search the world’s information, not do evil and protect privacy?” he said. “To do all that, they’re going to have to make some hard decisions.”

Yahoo Inc., the most-visited website and No. 2 search engine, requires users to provide information when they sign up, including e-mail address, birth date, gender and ZIP Code. The company said it used that data to conduct research and deliver more relevant ads and services. When a law enforcement agency gets a subpoena for Yahoo customers’ data, the company tells them so they can appeal, spokeswoman Kathryn Kelly said.

AOL, the No. 4 search engine, said it didn’t link computer addresses to stored search results. Microsoft said it took a similar approach and faulted Google for not doing the same.

“Today’s announcement suggests that within the 24-month retention period, Google is not taking similar measures to protect a person’s privacy by disassociating their search data from personal information,” Microsoft spokeswoman Whitney Burk said.

AOL faced its own firestorm in August, when an employee posted online the search results of more than 650,000 users. The company had removed information it thought would identify the users, such as the computer’s Internet address. But when it became clear that a little sleuthing could easily reveal the identities of some users, AOL promptly removed the data and apologized.

The leak triggered outrage among privacy and consumer advocates, including the Electronic Frontier Foundation, which dubbed the incident a “Data Valdez.”

In a document posted on its corporate blog, Google acknowledged that uncoupling the computer address from the search queries wouldn’t provide complete anonymity if the data fell into the wrong hands, “but it does add another layer of privacy protection to our users’ data.”

Quinn reported from San Francisco, Pham from La Jolla.