Featured Photos

Baseball Hall of Fame - 8/23/11

Featured Video

Avery's QuEST Project - It's Healthy!

House Construction

The Completed Home Renovation

Home Renovation - Complete!

Our House Construction Photoblog

RSS Feed

« | Main | »

More Search Engine Privacy Mania

By Brian | January 25, 2006 | Share on Facebook

More noise about the major search engine companies turning over data to the government. It seems we’ve gone right past what has actually happened, paused only briefly at what could have happened, and proceeded directly to what could theoretically happen:

Once government prosecutors get non-identifiable information, they could see patterns that they decide are suspicious, and then go back to subpoena specific data that could identify people whose searches fell within those patterns.

“It is not beyond the realm of possibility that the government would say, ‘we know these searches occurred, so lets have more information,’” Serwin said.

There is no indication that the Justice Department is heading in that direction in the current case, but providing such large amounts of data could be the beginnings of a trend, the lawyer said.

Did everybody get that? There’s no indication that anything of the kind is happening, but what if it did? Wouldn’t the government be evil, evil, evil? And wouldn’t the search engine companies be evil, evil, evil by proxy? Federal government AND big business painted as evil-doers – a double score!

What seems to be missing among all the hysteria is a simple technical question: when a user is logged in to one of these services and performs a search, does the company store the name of the user that conducted the search? If not, then there is nothing to fear – even if the government came calling, the companies would have no data to give them.

Theorizing for a second, I’m tempted to say that the answer is no for two reasons:

1) None of these sites (to my knowledge, anyway) offer a list of recently performed searches for easy re-running (other than client side things like auto-complete or the dropdown in the Google toolbar). If they had history data on a per-user basis, this would seem an obvious, easy to build, and convenient thing to give users.

2) This from Google’s Zeitgeist page:

We should note that in compiling the Zeitgeist, no individual searcher’s information is available or accessible to us. What you see here is a cumulative snapshot of interesting queries people are asking – some over time, some within country domains, and some on Google.com – that perhaps reveal a bit of the human condition. We appreciate the contribution all Google users make to these fascinating bits of information.

It doesn’t say “we don’t use personal data,” it says “personal data isn’t available to us.” Now granted, that’s just Google. Microsoft and Yahoo may have different architectures with different functionality.

Does anyone know the answer to this question?

Topics: Political Rantings, Tech Talk | 3 Comments »

3 Responses to “More Search Engine Privacy Mania”

  1. Jeff Porten says at January 25th, 2006 at 6:53 pm :
    Please. You know the answer to this already.

    1) All web queries to *any* web server are logged with an IP address.

    2) That IP address, even if dynamic, can be associated one-to-one with the ISP.

    3) Most ISPs have a track record of handing over truckloads of data to the government, without warrant, upon request.

    And 4) once Google hands over a pile of data to the government, without warrant, upon request, and without any kind of resistance, it sets a precedent that will make future resistance that much more difficult.

    So, yes, Google is directly protecting anyone who personally did a search for web sites on AppleScript porn grabbers.

  2. Brian says at January 25th, 2006 at 11:03 pm :
    You’re answering a different question than the one I’m asking.

    I understand that if I do a Google search right now, and they want to know who did it, it’s technically possible to do. I’m asking if they store that information.

    The web server logs wouldn’t be enough. They would log the IP addresses that hit the server, but wouldn’t tie each hit to an individual search. That would require code, not to mention extra storage.

    If they’re going through the trouble right now, they a) aren’t doing anything with the information (even the easy stuff, like recent search lists), and b) are lying on their Zeitgeist page.

    As to #3, none of these companies are ISP’s. The ISP’s have the same problem I described above. All they can tell the feds is that I used Google at a specific date & time. They can’t tell them which of the thousands of searches that took place at that time were mine.

    And #4: precedent applies in court rooms, not in corporate board rooms. Google (or Microsoft or Yahoo) can comply with fifty government requests for data, and then refuse to comply with the fifty-first just as easily as the first. In court, they simply need to explain why this request was different than the others. I think any decent lawyer could make that argument on demand.

  3. Jeff Porten says at January 26th, 2006 at 1:50 pm :
    Note to self to show you some raw server logs sometime. When you submit a query through a standard web form, the data is stored as well as the submitting IP address. If your form post-processor doesn’t happen to store both simultaneously, it’s trivial to rebuild from your logs — the data you *return* from a form submit is also in your logs, so there’s a one-to-one correlation.

    I.e., you are uniquely identifiable for anything you search for via your IP address, since those all go through forms.

    2) Google is doing recent search lists, but you have to sign up for it. It doesn’t matter whether they’re lying or not — I actually do trust Google more than most companies. The question is what they’re capable of doing, and what the government is capable of doing with subpoenaed data.

    (And note that “capable” does not mean the universe of all possible things. It means that since we have a tendency to jail people without trial and spy on activist groups, yes, I’m concerned about the FBI taking an interest in my personal search history for very real purposes of self-preservation. Remember, I’ve associated with known terrorists by some definitions of the term.)

    3) The ISPs can actually tell you much more, *if* they’ve slapped a sniffer on your traffic. In that case, you’re basically tapped and they can see everything you do. That’s rare, though. But at the very least, they can tell you that is Jeff Porten, which is the last step in breaching your anonymity.

    4) It’s not a question of what arguments the lawyer can make, it’s a question of what arguments he’ll win. Companies and governments don’t go to court for the fun of it. This is the time to win that argument, if it’s going to be won. And in the meantime, yes, Google gets good press for trying, which is nice to have while other folks snipe at them over the China thing.


Comments will be sent to the moderation queue.