In the lobby of Google’s headquarters, computer screens display lists of the words being entered into the company’s search engine.
Although Google says the system is designed to filter out any scandalous or potentially compromising queries, the fact that even a fraction of searches can be seen by visitors to the world’s biggest search company is likely to come as a shock to internet users who think of web browsing as a private affair.
“People generally believe that using a search engine is the equivalent of talking to a priest or a rabbi,” says Larry Ponemon, head of the Ponemon Institute, a privacy think-tank. “The public in general doesn’t seem to fully understand how their privacy may be at risk.”
That may be changing. Over the past year, a series of privacy gaffes and government attempts to gain access to internet users’ online histories have, along with consolidation among online search and advertising groups, thrust the issue of internet privacy into the spotlight.
This presents a challenge to Google and other internet search companies, which have built a multi-billion dollar industry out of targeted advertising based on the information users reveal about themselves online. Indeed, this summer, under pressure from privacy groups and consumer watchdogs in the US and Europe, each of the top four internet search companies acted to tighten its privacy controls.
In July, Google said it would begin to delete information that could tie search requests to a specific computer or internet user after 18 months. It had previously stored such information indefinitely. Operators of other top search engines including Yahoo, Microsoft and Ask.com followed suit by announcing their own stricter controls. Ask.com went so far as to allow users to opt out of having search data recorded in the first place.
Privacy advocates, long critical of search companies’ policies on collecting and exploiting user information, welcomed the shift. “We are seeing companies starting to compete on privacy, suggesting that they have firmer privacy policies than the others,” says Ari Schwartz, deputy director of the Center for Democracy and Technology, a privacy group.
Google last week took its initiative a step further by calling for international online privacy rules, to be administered by the United Nations or another global body. In an article published in the Financial Times on Wednesday, Eric Schmidt, Google’s chief executive, admitted that “technological advances do sometimes make it feel as if our lives are now an open book”.
He added: “That is why Google believes it is important to develop new privacy rules to govern the increasingly transparent world that is emerging today.”
But the Electronic Privacy Information Center, a privacy group that has filed a complaint against Google with US regulators, dismisses Mr Schmidt’s call as an attempt to rewrite sound guidelines adopted in 1980 by the Organisation for Economic Co-operation and Development. Google’s approach “would allow global companies to post vague privacy policies (always subject to change) and leave it to individuals to sort out the complexities of new business practices,” writes Marc Rotenberg, Epic’s president, in a letter to the FT on Monday.
Microsoft has meanwhile been lobbying the US Congress for a comprehensive online privacy law. “For a long time, companies were against this broad approach,” says Christopher Kuner, a partner in the Brussels office of the law firm Hunton & Williams who works with internet companies on privacy compliance. “Now I think they generally see the benefit of having some privacy regulation. It builds consumer confidence.”
The companies have strong financial incentives to address the privacy issue, says Viktor Mayer-Schoenberger, an internet policy expert at Harvard’s Kennedy School of Government. “There are people in the market who will choose a search company based on privacy policies,” he says. “That’s the only reason these companies are doing this. It’s all market-driven.”
Search companies routinely record the queries internet users submit. They also log the date, time and identity of the computer used to make the request. Most also plant cookies – small bits of text used to track a user from website to website – in their customers’ computers. Taken together, these pieces of information constitute a detailed dossier of individual web users’ browsing and searching habits.
Web search is just one of many types of internet business that routinely collect potentially sensitive user data. The rise of social networking sites such as MySpace and Facebook has resulted in a flood of user- provided content online, much of it of a personal nature.
Internet service providers – the companies that provide internet connections to homes and businesses – have also begun to come under scrutiny for their privacy practices. Such companies have easy access to their users’ web browsing histories, including s ites visited and terms entered into search engines.
Nevertheless, because of the central role that search plays in helping people navigate the internet, it is the search companies that find themselves at the front of the privacy debate – and many consumers have come to view search engines as essential public services. “We expect search engines to be there and we expect them to be trustworthy,” says Prof Mayer-Schoenberger. “People see them as enablers of access to information rather than as commercial services.”
The personal nature of internet search requests was driven home last year after AOL, the internet portal, intentionally released the search queries of more than 600,000 of its users.
The data contained in the roughly 20m queries were meant to help researchers working on ways to improve the results of search engines. Although AOL said it had taken steps to assure that the queries were not tied to users’ real names, the company failed to take into account customers’ tendency to enter search terms that contained clues to their identity, such as addresses or family names.
When AOL became aware of its mistake, it pulled the data from its site and apologised. But by then it was too late. The information had leaked to the web, where a number of sites popped up that allowed anyone with an internet connection to mine the AOL search data. Overnight, news organisations were able to identify several AOL users based solely on what they had revealed about themselves while searching. The result was a public relations disaster.
The New York Times was able to track down and interview Thelma Arnold, a widow from rural Georgia, using only her search queries. In addition to her own identity, Ms Arnold’s queries revealed that she was looking for landscapers and that she was interested in the medical conditions of her friends.
The search terms entered by some other AOL users were not so innocuous. One user’s search terms included phrases such as “pictures of dead people” and “how to kill my wife”.
The AOL incident was a dramatic demonstration of the potential for collections of search terms to reveal sensitive information about internet users. Concerns that governments or companies could gain access to reams of such information have fuelled the recent interest in stronger online privacy safeguards.
Last year it emerged that the US justice department, in an attempt to demonstrate the effectiveness of an internet pornography law in a civil court, had issued subpoenas to several search companies demanding that they hand over two months’ worth of queries – a move that could have compromised millions of users. Google was the only search company to fight the request in court. Microsoft says it filtered its own data to remove potentially identifying personal information before handing it over to the government.
Kevin Bankston, a lawyer at the Electronic Frontier Foundation, an internet free speech and civil rights group, says that episode demonstrates the need for stronger legal safeguards against government intrusion into citizens’ online lives. “We in a fundamental way don’t know what legal protections our search queries have,” he says. “That is wholly unacceptable, considering our reliance on search engines in our daily lives.”
In theory, anti-wiretapping provisions set out in the Electronic Communications Privacy Act of 1986 protect US residents from unwarranted government intrusion into their computer communications. “In most cases, getting a hold of your e-mail requires a warrant,” says Mr Bankston. “Yet the government has argued that this does not apply to your search queries at all.”
The US government’s response to the September 11 2001 terrorist attacks means that such public moves to get a hold of search data may be only the tip of the iceberg. “There is a whole world of secret compliance with intelligence requests,” says Mr Bankston. “The consumer doesn’t know what is going on.”
For their part, companies say they are grasping for direction amid a confusing tangle of state, national and international privacy laws, all but a handful of which were drafted before the internet emerged as a key medium for communications and commerce – and well before technologies such as internet search were in widespread use.
The European Union’s 1995 data protection directive put strict limits on how internet groups can use the information they collect about their users. However, member states have some leeway in applying the provisions – which can lead to complications when a search term entered into a computer in one member state is stored in a database in another. “This is an unsettled area that needs more attention,” says Peter Fleischer, chief privacy counsel at Google.
In the US, most of the action on privacy has occurred at the state level, resulting in a patchwork of privacy laws. The focus of many of these laws is limited. Most require companies to report the theft or loss of specific types of personal information, such as the bank account and credit card numbers used to complete transactions online or medical histories stored by health providers.
At the federal level, some privacy lawsuits have been brought under the Federal Trade Commission Act of 1914, which prohibits companies from engaging in deceptive business practices such as selling a customer’s personal information without disclosing the practice. But winning such cases requires showing proof of harm – a standard that can be difficult to meet in privacy cases.
As for the rest of the world, three-quarters of countries have no consumer data protection laws at all, says Mr Fleischer.
Concerns extend beyond state spying. Fears exist that consumers could suffer an invasion of privacy from companies that serve them advertisements based on web browsing histories and search requests.
Google’s proposed purchase of DoubleClick, the world’s biggest online advertising network, has revived concerns about “behavioural targeting”. Some privacy advocates fear Google might some day attempt to engage in even more sophisticated targeting by combining its knowledge of users’ search histories with DoubleClick’s knowledge of their web browsing habits.
“They could possibly try to figure out what everyone is doing at an individual level,” says one lawyer who works with big internet companies on privacy issues.
US regulators seem to be waking up to the need to overhaul privacy rules to account for changes in internet technology. The Federal Trade Commission, the US trade regulator, is to hold a series of consultations about online advertising and privacy in Washington in early November.
The meetings will mark the first time the regulator has examined the issue of internet privacy in nearly a decade, according to Joel Winston, head of the FTC’s privacy and information security division. “We haven’t drawn any conclusions at this point.”
For all the attention online privacy has received in recent months, many web users appear to remain complacent when it comes to their personal privacy practices. A recent study by the Ponemon Institute showed that while 68 per cent of people in the US believe online privacy is important, only 8 per cent care enough about it to change their online behaviour.
Facebook says only about 20-25 per cent of its users take advantage of its privacy controls, such as who is allowed to see the photos, notes and contact information that users upload there.
“In their hearts I think people understand that they are giving away information that may be embarrassing or even dangerous in the wrong hands,” says Mr Ponemon. The most stringent privacy rules can only go so far, he adds. “At the end of the day what we really need are smarter consumers.”
‘It’s a total paradox ... an absolute treasure box’
By Richard Waters in San Francisco
It is one of the oddities of online behaviour. Internet users are growing more worried about threats to their privacy. Yet many are almost promiscuous with the personal information they broadcast.
Thanks to social networks, blog sites and photograph and video sharing communities, online culture has veered towards one of full disclosure.
“It’s a total paradox,” says Caroline Wiertz, a senior lecturer at the Cass Business School who studies online behaviour. “The amount of personal information put out there is perfect for marketers. It’s an absolute treasure box.”
How to interpret these shifting and often contradictory attitudes to online privacy and disclosure has become central to the success of a generation of internet companies. The clever use of personal data to tailor services and advertising has long been seen as a “silver bullet” to online commercial success. But deciding just how far to take this personalisation is tricky. “It’s a determination of the benefits versus the privacy concerns,” says Tim Mayer, a product manager for Yahoo’s search service.
Technical limitations and concerns about a potential backlash from consumers have limited how far most internet companies go. For most web users, personalisation still takes only a simple form and has changed little in recent years.
It was first used by internet portals and electronic commerce sites to tailor some basic information. After logging into a portal, for example, a user might see cinema times in their local area. Many e-commerce companies have tried to emulate Amazon.com’s success in recommending products based on earlier purchases.
While a lot of personal data is being collected, surprisingly little is being applied to shaping today’s internet services. The big search engines, for example, keep information about their users’ search histories but Yahoo and Microsoft say they do not use this to try to give someone better results in future searches. Trying to anticipate what a searcher wants to know by applying past searches is a bit like trying to read their minds, says Mr Mayer.
That has not stopped Google from experimenting in this area. Just by looking at the previous query, Google has achieved marked improvements in the relevance both of search results and the advertisements it feeds to users, Marissa Mayer, head of product management for its search products, told a conference last month. One in five Google search results now involves some element of personalisation, according to an estimate by Citigroup analysts.
While the dark arts of personalisation have been applied only sparingly in the delivery of internet services, their use in advertising is more developed. Planting “cookies”, or small programs, on users’ computers that track their online behaviour, then using that information to serve adverts that are likely to be more relevant, is standard practice – though one that some fear will eventually prove too invasive and provoke a consumer backlash.
Google is experimenting with new types of cookie that it hopes might lessen the concerns. Among ideas under consideration, it says, it may limit the types of information any one cookie can amass, to prevent too much personal data being aggregated in one place. However, Google also says it will make such changes only if advertisers go along with them: if limits on cookies lead to a less effective placement of adverts, the changes may never see the light of day.
The outcome of such decisions could pale into insignificance compared with issues raised by the rise of social networks. The “treasure box” of personal details that users themselves put on display is a powerful lure for advertisers. According to Peter Thiel, a director of Facebook, analysing that data will enable the company to display adverts to its users that are more personalised, and thus more effective, than anything else available on the internet.
Such ambitions could provoke a backlash reminiscent of the one unleashed by Google when it launched Gmail. Google’s software looks at the content of e-mails carried by the service and places adverts alongside linked to the content. Taking that idea and applying it to a user’s behaviour on a social networking site could prove commercially powerful but also explosive. Mark Zuckerberg, Facebook’s founder, plays down talk of personalised advertising, suggesting that it does not figure in early plans for commercialising his service.
New technologies make it easier for personal information collected by one service to be “exposed” to other applications. But asked how privacy will be preserved, internet groups all fall back on the same argument: if they are open about what they do with personal data, and if they put controls in the hands of users to restrict how information is used, the responsibility is not ultimately that of the companies.
Internet users will have to become more knowledgeable about online privacy, in the same way they have had to learn about online security, says Adam Sohn, marketing director for Microsoft’s online business.
For many, that lesson will no doubt come the hard way.
Return to internet news headlines
View Internet News Archive