Let CharlesWorks get you onto the web today! Click here and let us show you it IS affordable!
Check out this site to find out how to get involved in non-violent conflict resolution in New Hampshire!
Just a dollar a month! $1 a month for a private, personal email account. Click here to contact CharlesWorks for details!
Check out this site to find out how to get involved in non-violent conflict resolution in New Hampshire!
Advertise with CharlesWorks! Click here for details!
 

More Reasons to Avoid Using Google

Compliments of CharlesWorks website hosting

Feeling just plain lost at times? Let CharlesWorks help you find your way into website hosting on the Internet!

There are numerous search engines online. Microsoft's at http://search.MSN.com and Yahoo!'s at http://search.Yahoo.com provide excellent engines as alternatives to Google.

Below are some privacy concerns that have been publicly expressed which provide excellent reasons to NOT to use Google:


"Mr. Poindexter is pursuing a scheme he thought up right after 9/11 and then sold to the Bush administration. Total Information Awareness, or T.I.A., aims to use the vast networking powers of the computer to 'mine' huge amounts of information about people and thus help investigative agencies identify potential terrorists and anticipate terrorist activities. All the transactions of everyday life -- credit card purchases, travel and telephone records, even Internet traffic like e-mail -- would be grist for the electronic mill."     -- New York Times editorial, 18 November 2002



"Google currently does not allow outsiders to gain access to raw data because of privacy concerns. Searches are logged by time of day, originating I.P. address (information that can be used to link searches to a specific computer), and the sites on which the user clicked. People tell things to search engines that they would never talk about publicly -- Viagra, pregnancy scares, fraud, face lifts. What is interesting in the aggregate can seem an invasion of privacy if narrowed to an individual.

"So, does Google ever get subpoenas for its information? 'Google does not comment on the details of legal matters involving Google,' Mr. Brin responded."    -- New York Times, 28 November 2002




Question:  What would be the fastest, most efficient, and most revealing approach to data mining the Internet?

Answer:    Pay Google for a back-door feed on who's searching for what.

Question:  Has Google ever, in their entire existence, issued any sort of statement suggesting that their sense of public responsibility would preclude being used in this way, or that the information they collect would never be sold for a price?

Answer:    Not convincingly.*

Question:  If Google decided to sell out, could they be held liable for privacy violations? Would we even find out about it?

Answer:    No. The Homeland Security Act exempts companies from lawsuits or government prosecution after they turn over information to the new agency. Such information is exempt from the Freedom of Information Act. Officials who release this information can get up to six months in prison and a $5,000 fine.

Querying Google about privacy

March 21, 2002
Mr. David Krane
Director or Corporate Communications
Google, Inc.

Dear Mr. Krane:

I am preparing a web page that criticizes Google's use of cookies, and I'd like to give you an opportunity to justify this use in more detail. Your privacy policy at www.google.com/privacy.html is inadequate for a search engine of the reach and magnitude of Google.

Two days ago, a story was dispatched by the Associated Press that described my problem with the CIA's use of cookies. Fortunately, federal guidelines are in place that forced the CIA to acknowledge my concerns and take immediate action. This sort of accountability does not exist with respect to Google's use of cookies, but the issues are the same, and the dangers are potentially even greater with Google.

Here is a copy of the AP article, for your information. This email continues after the story.

CIA Removes Web Tracking Software

By DAVID HO (Associated Press Writer)
The Associated Press, March 19, 2002

WASHINGTON (AP) - The CIA got caught with a hand in the Internet cookie jar.

The agency removed tracking software known as a "cookie" from one of its Web sites this week after a private group discovered the banned practice, said Mike Stepp, who manages the CIA's public Web site.

"It was a mistake on our part. It was not intentional," Stepp said Tuesday. "The public does not need to be concerned that the CIA is tracking them. We're a bit busy to be doing that."

Cookies are small software files often placed on computers without a person's knowledge. The files can make Internet browsing more convenient by letting sites distinguish user preferences, but they have been criticized for violating privacy because they can track Web surfing.

The government issued strict rules for how federal agencies may use cookies in 2000 after it was discovered that the White House drug policy office had used the technology to track computer users viewing its online anti-drug advertising. The rules ban the use of "persistent" cookies, which track Web habits over years.

One of those long-lasting cookies was found Thursday on a CIA site by Daniel Brandt, president of Public Information Research, a private San Antonio-based group that preserves publications related to intelligence and business.

Brandt said he discovered the cookie, which keeps working until 2010, when he was looking at the Web site for the CIA's Electronic Reading Room, which provides access to previously released agency documents.

"They're not supposed to be doing this," Brandt said. He said he was particularly concerned because the reading room site allows users seeking documents to search for particular words.

"The keywords you put in reveal an incredible amount about what you're looking for and what your interests are," Brandt said. "It would be very, very tempting to track that kind of information."

A notice on the CIA Web site states: "The Central Intelligence Agency Web site does NOT use the 'cookies' that some Web sites use to gather and store information about your visits to their sites."

Brandt sent e-mail to the CIA with his concerns and the agency responded on Monday, removing the cookie and some other temporary cookies that were discovered.

Stepp said an outside company had redesigned the reading room Web site, which was posted to the Internet on Jan. 29.

"Unbeknownst to us, it was loaded with some software, commercial off-the-shelf software used for Web analysis," Stepp said. The software included a cookie that tracked repeat visitors to the site.

To make sure no improper information about site visitors had been recorded, Stepp said two sets of log files would be destroyed.

Congress issued a study last summer that found 300 cookies still on the Web sites of 23 agencies despite the government ban.


Please note the quotation in this story about the seriousness of tracking information from users, when such information consists of keyword search terms. For this reason, I feel that Google's use of cookies is particularly sensitive. The fact that your cookie expires in 2038 and you track everything from the user (IP number, time, and search terms) simply compounds the situation.

I am contemplating a study that compares Google's use of cookies with the use of cookies by other search engines. I have a feeling that Google's data collection practices will not compare well from a privacy standpoint.

The fact that Google has (at least until recently) tried to remain ad-free, suggests that your interest in tracking is not commercial. One might infer from this that your tracking policies are even more intimidating that those of portal-like sites that use cookies for ad-serving purposes.

Here are my objections to Google's use of cookies:

1) Google has inadequate justification for planting a cookie that expires in 2038 on every user, and also recording that user's search terms, IP number, and time-date. If Google needs cookie-tracking feedback for software design and improvement purposes, you could offer an incentive to accept a cookie for browser configuration convenience, and clearly explain the consequences of  "opting in" with such a cookie.

2) Even given an "opt in" situation for a cookie, there is no justification for an expiration date of 2038. Google could use session cookies, or if this is not satisfactory, it would be easy to constantly reset the cookie with a 30-day expiration date. That way, if a user didn't frequent Google at least once a month, their cookie would expire. There is no excuse for your near-immortal cookies. Mr. Jason Catlett of Junkbusters asked Larry Page about this 15 months ago, with respect to the toolbar, and he did not get a straight answer from Mr. Page about the reason for these cookies.

3) Your privacy policy claims that you do not collect identifiable information from the user. However, many users now have static IP numbers. New laws passed by Congress last year give authorities the right to obtain the information in Google's possession, apparently without a showing of probable cause, just as they now have the right to obtain logging information from Internet service providers. With the new Patriot Act, the use of the GET instead of the POST method for Google searching makes your case even weaker, as the authorities can claim that the search terms are part of the URL, and that they get logged with the URL in normal httpd logging. Therefore they may fall under the definition of "routing and addressing" information that is subject to "tap and trace device" scrutiny. Judges are required to approve orders for such scrutiny without a showing of probable cause.

The fact that you record unique cookie ID, plus IP number, plus date and time, makes much of your information "identifiable." Authorities can also do a "sneak and peek" search of a Google user's hard drive when he isn't home, retrieve a Google cookie ID, and then get a keyword search history from you for this ID.

In short, my position is that your privacy policy presents a rosy and unrealistic picture of the extent to which your policy protects the privacy of the Google user. And no mention is made of the expiration date of the cookie, which is extraordinary even by the standards of sites that use cookies heavily.

Finally, Google confesses that its policy is subject to change. If Google changed its policy, would the data previously collected fall under the previous policy, or would it fall under the new policy? And even if Google has the best of intentions, it should be recognized that Google is subject to a change in ownership or control, and that all privacy policies are inherently optimistic for that reason alone.

Sincerely,
Daniel Brandt
PIR president

And this is the only response Daniel got


From: "David Krane" <[deleted]@google.com>
To: [deleted]@satx.rr.com
Subject: Re: Criticism of your privacy policy
Date: Fri, 22 Mar 2002 12:10:23 -0800

Daniel, thank you for bringing your concerns to our attention. I have alerted several of my colleagues who work closely with our privacy policy and software development efforts. You'll hear back from one of us shortly.

Best regards,

David  :-)
---------------------------------
David Krane
Director, Corporate Communications
Google
+1.650.930.3596
[deleted]@google.com

Ye olde brush-off ?  :-)


* Sergey Brin was in a taped segment on "The News Hour With Jim Lehrer" (PBS), 29 November 2002, interviewed by Spencer Michels. Brin responded to concerns that Google is "keeping records of what individual computers search for, information that could be used to target advertising or to invade someone's privacy."

Brin said, "We have a privacy policy which explicitly prohibits us from ever, say, selling that information or something like that. And we also try to keep it under pretty strict lock and key."




Questions:   Why was Google the first engine to use "maximum" cookies that expire in 2038? Why generate unique cookie ID numbers at all? Why is it that the only data retention policy Google appears to have, is to collect everything that can be collected about the searcher, and store it indefinitely? How does this help Google improve its engine? How can anyone at Google guarantee the future of all this data? Wouldn't Google better serve the public interest by retaining only the data it needs, and only for as long as needed, and then purge it on a regular schedule?

 

 

 

2004 CharlesWorks
PO Box 128, Peterborough, New Hampshire 03458
Phone: 603-924-6759 in USA Mon-Fri 9-5 Eastern time

Website hosting by CharlesWorks
Updated Tuesday, June 22, 2004 at 11:57 am