Google Provides A Bit More Privacy

Google announced earlier this week it will now retain users’ search requests for half the amount of time that it used to, promising to scrub its server logs for personally identifiable data after nine months, instead of 18. Google also announced that it would anonymize data from its Google Suggest service, which powers the Omnibox in Google Chrome, and Google Search utilities in Firefox and the iPhone, after 24 hours.

Back in March 2007, Google became the first leading search engine to announce a policy to anonymize their search server logs in the interests of privacy, a move that later forced several more search engines to follow suite.

Google has faced on going speculation over the need to retain logs at all with many groups asking the search giant why there is a need to track user data.

"Over the last two years, policymakers and regulators -- especially in Europe and the U.S. -- have continued to ask us (and others in the industry) to explain and justify this shortened logs retention policy. We responded by open letter to explain how we were trying to strike the right balance between sometimes conflicting factors like privacy, security, and innovation. Some in the community of EU data protection regulators continued to be skeptical of the legitimacy of logs retention and demanded detailed justifications for this retention. Many of these privacy leaders also highlighted the risks of litigants using court-ordered discovery to gain access to logs, as in the recent Viacom suit."

Google claims that the routine server log data they collect has always been a critical ingredient of their innovation. To back those claims they have published a series of blog posts explaining how they use logs data to make improvements to search quality, improve security, fight fraud and reduce spam.

The short of it Google says it retains search data in order to combat spam by logging spammers IP addresses they can have them removed or at least report them to their ISP, fight internet fraud, malicious web sites such as those with malicous code (Browser exploits, malware ect) , and to comply with “valid legal orders” from government agencies.

Several privacy groups however fear that Google’s far reaching spans with such a myriad of service could be turned against its users, as complete server logs – which contain, at the least, the user’s IP address and search terms – would allow one to build a comprehensive profile of almost any given user. Crosslinked with Gmail access logs, for example, Google could build a comprehensive e-mail/search profile of a given user. Take those same records and crosslink them with AdWords, and a nearly-complete web-surfing history comes into focus – accurate to a single IP address.

Frightening as though it may seem two years ago AOL company researchers released-and-then-retracted the private search histories for over 650,000 of its subscribers: using only that data, which consisted primarily of an anonymized user ID and search request, investigators were able to trace individual searches with an almost frightening precision – including one such user, whose name and search history eventually landed in the New York Times.