Is there a company anywhere within these United States with a better public image than Google’s? We love it. We need it. We use it — more than 200 million times a day, by some accounts. The unofficial slogan — “Don’t Be Evil” — epitomizes everything we want in a business relationship. And more often than not, Google lives up to those words.But there is another side to Google, and it’s one that the company would just as soon you not think about. It’s what happens each and every time you look up a piece of information. An old boyfriend. A political organization you heard mentioned on television the night before. A possible vacation spot. Or maybe you’re a student trying to track down a terrorist group’s website for a paper you’re writing. Or you’re seeking information on how to grow your own marijuana. Who knows?
Google knows. According to Lauren Weinstein, an Internet activist and privacy expert based in Southern California, Google keeps track of every search that’s made, as well as the Internet location of the computer from which the search is taking place — and then it stores that information for possible future use. Moreover, he says, it would not be terribly difficult to trace those searches to the person who made them. That’s you and me.
Such tracking is common on the Internet, of course. Amazon.com knows what kinds of books and music you like, and it puts those products in front of your eyeballs at every opportunity. Internet-service providers such as America Online and Microsoft’s MSN collect enormous amounts of data about their customers. Same with Yahoo!, which — with personalized services such as My Yahoo! — is also more zealous than Google about trying to get its customers to sign up and thus identify themselves.
For all anyone knows, Google is handling private information more responsibly than many other corporations are. So why single out the Internet company everyone loves? For two reasons: first, it’s so ubiquitous that it’s the only online service that virtually all of us use regularly — 10, 20, 50 times a day; and second, the famously sparse user interface exudes an aura of anonymity. You don’t have to register — you’re not even asked to register — for the basic Google services we use all the time. At Amazon, you know you’re being watched. But you might be surprised to learn that Google is watching, too.
“Google has some wonderful products. I use it all the time. I’m as dependent on it as anyone else is. But that doesn’t change anything,” says Weinstein. “The ‘Google is so neat’ kind of haze that surrounds this has blinded people into failing to think one step beyond.”
Weinstein, the motorcycle-riding co-founder of People for Internet Responsibility, first publicly questioned Google’s privacy practices last month with a post on his weblog (lauren.vortex.com) titled “The Dark Side of Google.” Among other things, he wrote, “Google has created a growing information repository of a sort that the CIA and NSA (and the old KGB) would probably envy and covet in no uncertain terms — and Google’s data is virtually without outside oversight or regulation.”
How can your internet actions be traced? Cookies. These are little bits of data stored within your browser that are automatically sent to websites that request them, providing all kinds of information about you : information that makes it extraordinarily easy to track you down. The reason Google uses cookies is perfectly benign : it’s how the service manages to tailor advertising to your interests, thus making money while you search for free. Leaving cookies turned on improves our web-surfing experience. Only a paranoid would turn them off, right? Well : maybe not. Even if you turn off your cookies, however, a Google search could be traced back to you if someone knew you were using a particular IP address at a particular time — information that Google doesn’t have, but that your Internet provider does. Someone armed with a subpoena — say, an FBI agent who’s curious about your interest in chemical warfare, or your soon-to-be-ex spouse’s divorce lawyer — could pay a visit to your Internet provider to find out who was using what IP address when. That is exactly how the music industry has busted illegal file-sharers.
Weinstein says that according to “a former highly placed Google person whom I have met with face to face,” Google is actually storing all this stuff so that it can go back and conduct, say, market research or develop new products. Or, you know, respond to that subpoena.
Now, it wouldn’t be fair to disparage Google on the basis of anonymous information once removed. But the thing is, the company doesn’t deny it. I sent an e-mail to Andrew McLaughlin, Google’s senior policy counsel and a person who had been described to me as the company’s privacy guru. But rather than respond, he forwarded my e-mail to the company’s public-relations staff. Company spokesman Steve Langdon sent me an e-mail that I quote in its entirety: “Privacy is an issue about which Google cares very much. In all the products we develop, we pay very close attention to how the products and their features relate to user privacy and we make design decisions and policies to protect privacy. Google also provides users with information about privacy in our privacy policies that are posted on our web site.”
That’s true. The most relevant part of that policy would appear to be this: “Google collects limited non-personally identifying information your browser makes available whenever you visit a website. This log information includes your Internet Protocol address, browser type, browser language, the date and time of your query and one or more cookies that may uniquely identify your browser. We use this information to operate, develop and improve our services.” But claiming that your IP address and cookies are “non-personally identifying information” is, at best, a gross underestimate about what a skilled investigator could do with it.
“When you amalgamate all the results of this sort of tracking . . . a remarkably clear picture of who you are and what you think and what you believe” can be assembled, says Steven Rambam, a private investigator in New York who uses online databases for much of his work.
Last July, for NPR’s On the Media program, Rambam demonstrated how easy it is. Within 10 minutes, he had found co-host Brooke Gladstone’s Social Security number, previous addresses, how much she’d paid for her current house, even the name of her sister. Rambam told me that he supports the idea of public information being publicly available. “Frankly, I think the average person has a right to see if their nanny used to be child molester, if their tenant stiffed the previous three landlords,” Rambam says. “There has to be an intelligent balance, and I think that’s where we’re at right now.”
By contrast, Rambam explains, the trouble with data collection by commercial services is that customers haven’t really consented to it. “My bugaboo,” he says, “is that it needs to be consensual and not sneaky.” (The Google privacy policy is not hard to find, but it’s long and doesn’t exactly make for gripping reading. Have you read it? Of course not.)
The simple fact is that people don’t want to be bothered to protect their identity. Life without privacy is seductive — first because you don’t necessarily realize how compromised your privacy has become, but second because it’s nice to visit Amazon.com and get those book recommendations tailored to your interests. It’s great to log on to AOL and see the weather forecast for your small part of the world. It’s helpful to be shown custom-delivered advertising when you search on Google.
“The dark side of Google is actually part of the light side,” says Kevin Bankston, an attorney with the Electronic Frontier Foundation in San Francisco. “All of these companies are trying to move toward trying to personalize your Internet experience and make it a better Internet experience. But that means collecting and studying an enormous amount of information about you. In many cases, consumers are willing to make that trade-off.”
In other words, Orwell was wrong. Huxley was right. We’re not losing our privacy because the forces of evil and oppression are taking it away from us. We’re losing it because we’re giving it away, whether we know it or not. What we’re getting in return is stuff, convenience, information, an easier way of life. And we like it.
Our vulnerability to being “watched” is getting worse, all in the name of more service and greater convenience. Late last year, Google announced a new project to digitize millions of books at academic and public libraries, including 40,000 volumes at Harvard. Older books whose copyright protections have expired will be available in their entirety; newer books will offer some highlights so you can see whether they’re what you’re looking for. How great is that? Yet, soon, the books you read can be added to the personal data about you that will be available online. Amazon is rolling out a service called A9.com that takes customized search to another level — but only if you register. For that matter, what about those discount cards you carry for the grocery store and the pharmacy? Sure, you save money. But there’s another kind of cost: your every purchase is tracked.
In such a world, the notorious Section 215 of the USA Patriot Act — which allows government agents investigating terrorism to conduct secret searches of records from libraries, bookstores, doctors’ offices, and the like — almost seems obsolete It won’t be too long before Google and Amazon will have amassed exactly what the feds are looking for. And if there is another major terrorist attack, you can be sure that investigators will want to know who’s been reading what books online — information that would be impossible to obtain, obviously, if it involved cash-paying customers in the non-virtual world. Now, granted, if there were, say, a ricin attack in the Washington subway system, it would be hard to argue that government agents shouldn’t have access to any records that might help them find the perpetrators. The point is that ever-improving technology is making such clashes between public safety and civil liberties all the more likely to take place.
Ari Schwartz is associate director of the Washington-based Center for Technology and Democracy, which advocates for a whole range of privacy protections. For example: under current law, Web-based e-mail services such as Gmail or Microsoft’s Hotmail, which store your mail on a remote server, are less protected from the prying eyes of the government than e-mail that you download to your own computer, as is generally the case if you’re using a program such as Microsoft Outlook, Entourage, or Eudora. Schwartz’s organization wants to eliminate those anomalies. But what’s essential, Schwartz says, is for Congress to take a more comprehensive approach to privacy. “At some point,” he says, “we need to create something that’s more general so that we don’t have to write a new privacy law for every new technology that comes along.”
How likely is that to happen in an era dominated by Republicans? Despite the party’s pro-business leanings, Schwartz is reasonably optimistic. For instance, the new chair of the House Committee on Energy and Commerce is Representative Joe Barton, a Texas Republican who, along with Massachusetts Democrat Ed Markey, is a co-chair of the Congressional Privacy Caucus. Barton’s predecessor on Energy and Commerce, former congressman Billy Tauzin, a Louisiana Republican, was hostile to privacy concerns, in Schwartz’s view. And Schwartz believes that Barton’s counterpart on the Senate side, Alaska Republican Ted Stevens, could prove to be a friend of privacy as well.
Markey shares Schwartz’s optimism, saying that polls show more than 80 percent of Americans are concerned about privacy, a finding that crosses partisan lines. He points to past accomplishments, such as an amendment to the Child Online Protection Act that prohibits the use of information gathered from children for marketing purposes, as a sign that Republicans and Democrats may be able to work together. Markey’s goal: legislation that would mandate greater disclosure of data-collection efforts, as well as the right to opt out. As for Google and companies with similar practices, Markey would like to see a law mandating that personal information be destroyed after a certain length of time, as is already the case with cable companies.
“I think there is a chance this year,” Markey told me. “The more people learn about any potential privacy invasion, the greater the likelihood that Congress, as a stimulus-response organism, will do something about it.”
Still, it would be wise not to hold your breath. Business interests, Markey says, do not want these protections. And neither the White House nor Republican congressional leaders are likely to stand up to them.
Google, like the Internet, has made our lives easier and arguably better. For many of us, it’s impossible to imagine having to return to a time when we couldn’t find almost any piece of information instantaneously. But we’re paying a price for that. We’re paying with our privacy, our identity. For someone determined to look, there are no secrets anymore.
It’s a chilling reality.
This article appears in Jan 26 – Feb 1, 2005.
