Privacy Paranoia Strikes Again
Two stories in the news today about supposed "privacy concerns."
Google Inc. is rebuffing the Bush administration's demand for a peek at what millions of people have been looking up on the Internet's leading search engine -- a request that underscores the potential for online databases to become tools for government surveillance.
The government wants a list all requests entered into Google's search engine during an unspecified single week -- a breakdown that could conceivably span tens of millions of queries. In addition, it seeks 1 million randomly selected Web addresses from various Google databases.
In court papers that the San Jose Mercury News reported on after seeing them Wednesday, the Bush administration depicts the information as vital in its effort to restore online child protection laws that have been struck down by the U.S. Supreme Court.
It goes on to say the government asked all the major search engines for a random sampling, in order to determine how often web searches return pornographic sites. Note that they're not asking for who did the searches, just the searches themselves. We continue:
Although the government says it isn't seeking any data that ties personal information to search requests, the subpoena still raises serious privacy concerns, experts said. Those worries have been magnified by recent revelations that the White House authorized eavesdropping on civilian communications after the Sept. 11 attacks without obtaining court approval.
(Side note: Another example of news cataloging, as discussed previously).
But aside for creating a chance to mention the eavesdropping case again, why are privacy experts concerned? We continue again:
The content of search request sometimes contain information about the person making the query.
For instance, it's not unusual for search requests to include names, medical profiles or Social Security information, said Pam Dixon, executive director for the World Privacy Forum.
"This is exactly the kind of thing we have been worrying about with search engines for some time," Dixon said.
OK, Pam - here's a news flash for you: the name in the search request is the name of the person the searcher is looking for, not the name of the searcher. If someone Googles "Brian Greenberg," it could be me (OK, yeah, I admit it, I check every so often. What, you don't???) But if someone Googles "Pamela Anderson," odds are pretty good it's not her. This sounds a whole lot like a concern in search of a problem, me thinks.
Moving on, we come to a company that usually stays out of the "ticking off consumers" fray: Apple:
The MiniStore, part of the latest version of the iTunes music store, displays a bottom pane that shows artists and music titles a person may be interested in buying, based on the songs they selected in their personal music library. According to a posting on the Boing Boing blog directory, the store transmitted to Apple information related to users' listening habits, as well as their unique Apple identifier that's tied to their credit card, mother's maiden name and other personal information.
The disclosure brought criticism from privacy advocates, who objected to Apple not making it clear to users that it was gathering personal data, and not asking permission first.
"Allowing users to upload information voluntarily and expressly with adequate privacy protections is pro-user; surreptitiously siphoning it into a remote database without any privacy guarantees is not. It's time for Apple to pick a side of the line and walk it," Electronic Frontier Foundation wrote on its Web site.
The quote from the EFF sounds ominous, but if you read more deeply into their article, you see this:
What Apple does with this information is unknown, although Apple has represented that they are not collecting data on its users -- yet. Nor has Apple disclosed the steps they take to prevent disclosure or leakage of the information to third parties.
Ironically, this news comes on the heels of the recent Sony BMG DRM fiasco, a part of which included an undisclosed "phone home" feature of its own. Is the Apple MiniStore a rootkit DRM? Not from what we can tell, but it is part of a dangerous trend EFF has been witnessing in the digital music space market.
(Another Side Note: See the news cataloging again? This has about as much in common with Sony's rootkit as chocolate does with brussel sprouts. No matter - we need to mention something that's already established as "serious" to add "serious points" to our current story. But I digress...again).
According to Apple, they're not storing the data - just using it to determine a recommendation and then throwing it away. Now, of course, they could be lying. Or they could be telling the truth, but have secret plans to start keeping the data one day. But as of now, the phrase "surreptitiously siphoning [user data] into a remote database without any privacy guarantees" seems a little, well, presumptuous, no?
In the end, Apple responded to the criticism by adding an opt-out feature to iTunes, which seems to have placated everybody. That's a good result, although it makes me wonder: if Apple's intent was to try and sell more music (as opposed to eventually blackmailing people who are still listening to Brittney Spears, for instance), then their modification to iTunes was done as a bow to political pressure in order to avoid a public relations nightmare, not as a way to preserve user privacy. With that kind of influence over a major retailer like iTunes, doesn't what the EFF did seem a little like blackmail itself?
posted by Brian at 1:26 AM