Thursday, March 22, 2007

Google tightens privacy measures

Company promised to wrap a cloak of anonymity around search requests


SAN FRANCISCO - Google Inc. is adopting new privacy measures to make it more difficult to connect online search requests with the people making them — a move it believes could prevent showdowns with the government over the often sensitive data.

Under revisions announced late Wednesday, Google promised to wrap a cloak of anonymity around the vast amounts of information that the Mountain View-based company regularly collects about its millions of users around the world.

Google believes it can provide more assurances of privacy by removing key pieces of identifying information from its system every 18 to 24 months. The timetable is designed to comply with a hodgepodge of laws around the world that dictate how long search engines are supposed to retain user information.

Authorities still could demand to review personal information before Google purges it or take legal action seeking to force the company to keep the data beyond the new time limits.

Nevertheless, Google's additional safeguards mark the first time that a major Internet search engine has spelled out precisely how long it will hold onto data that can reveal intimate details about a person's Web surfing habits.

While Google will still retain reams of information about its users, the changes are supposed to lessen the chances that the company, a government agency or another party will be able to identify the people behind specific search requests.

Privacy experts applauded Google's precautions as a major step in the right direction.

"This is an extremely positive development," said Ari Schwartz, deputy director of the Center for Democracy and Technology. "It's the type of thing we have been advocating for a number of years."

Google is tightening its privacy standards a year after it became embroiled in a high-profile battle over the control of the user information that it had been stockpiling.

While gathering evidence for a case involving online pornography, the U.S. Justice Department subpoenaed the major search engines for lists of search requests made by their users.

While Yahoo Inc., Microsoft Corp.'s MSN and AOL all complied with parts of the legal demand, Google fought the request to protect its users' privacy. A federal judge ordered Google to turn over a small sampling of Web addresses contained in its search index, but decided the company did not have to reveal the search requests sought by the government.

In another demonstration of the privacy risks posed by search engines, Time Warner Inc.'s AOL last summer released 19 million search requests on the Internet as part of a research project. Although only sets of numbers were attached to the requests, the information was used to identify some of the people behind the AOL searches.

AOL subsequently apologized for the lapse, which triggered the resignation of its chief technology officer and the firings of two other workers.

Google and its rivals all say they keep information about their users so they can learn more about them as they strive to deliver the most relevant responses.

By purging some of the personal information from its computers, Google warned it might not be as effective at improving some services as it has been in the past. "But we believe the additional privacy provided by the change outweighs the benefit of the data we are losing," Google said.

The privacy safeguard also could make more people feel more comfortable about relying on Google, an advantage that could help the company widen its already formidable lead in the lucrative search engine market.

Protecting the sanctity of search requests should be a search engine's top priority, said Kurt Opsahl, staff attorney for the Electronic Frontier Foundation, an online civil liberties group. "You are talking about a potential treasure trove of information," he said. "A person's searches reflect their dreams, hopes and fears."

Under its new standards, Google will wipe out eight bits of the Internet protocol, or IP, address that identifies the origin of specific search requests. After the IP addresses are altered, the information will be linked to clusters consisting of 256 computers instead of just one.

Google also will depersonalize computer "cookies" — hidden files that enable Web sites to track the online preferences and travels of their visitors.

As the owner of the Internet's largest search engine, Google has been under growing pressure to adopt greater privacy controls. Regulators in Europe have been particularly vocal about their concerns.

The new measures pleased Billy Hawkes, Ireland's data protection commissioner.

"It's a very welcome development," Hawkes said. "Personal information should be held on to no longer than it has to be."

Hawkes and other privacy advocates are hoping other search engines will follow Google's lead.

Yahoo, which runs the second largest search engine, was vague about how it might respond.

"Protecting our users' privacy and maintaining their trust is paramount to us, the Sunnyvale-based company said in a statement. "Data retention practices depend largely on the diverse nature of our data as well as the practical considerations of storage costs and processing system requirements."