Google and new, international privacy rules

by Maria on September 15, 2007

Google is staking a claim on the moral high ground of Internet privacy. The company has called for new international rules, ostensibly to protect privacy online. Little of Google’s search information is strictly ‘personal data’, i.e. data directly concerning named individuals. But search data, potentially tied to individuals’ IP numbers, is dynamite, something it’s taken Google a long time to face up to publicly. Google got its fingers badly burnt by the incredulous reaction to its ‘trust us, we’re the good guys’ privacy policy a couple of years back. They hired Peter Fleischer, a well-respected Microsoft lawyer and data protection expert, to put their case more seriously. And now Fleischer is showing Google’s global citizenship willing by suggesting to UNESCO that an international body create a new set of rules on Internet privacy. But would this improve individuals’ privacy?

Part of the argument for a new instrument – at least as summarized in reports on the speech – is that the existing ones are too old and were crafted before the Internet really took off. The OECD Guidelines date from 1980 and the EU data protection directive from 1995, so they’re said to be out of date. Fleischer is said to argue for new rules based on the APEC privacy framework, and says Google is in favour of individuals’ privacy. The trouble is the ‘past their sell by date’ argument doesn’t hold up, and the APEC principles are a weak model to anyone who cares about privacy.

The OECD guidelines might have been created in 1980, but they have been reviewed since then in the light of new communications technologies. Already in 1998, an OECD ministerial worked on applying the guidelines to an online environment, and the relevant OECD working party continues to work on the guidelines’ applicability to this day. The EU directive had its scheduled review in 2003, and was found to be coping quite well. It also had a follow-up review of its work programme this year that found the directive to be substantively appropriate and technoloically neutral. The main issue identified was that not all the member states had implemented it or had done so properly. A 1997 data protection directive for telecoms (97/66/EC) was revised and re-issued as a new directive in 2002 (2002/58/EC), and then supplemented by a mandatory traffic data retention measure in 2006. The 2002 directive is being reviewed again along with the telecoms package it was originally part of. The 2001 Council of Europe Convention on Cybercrime also has some relevant provisions on communications traffic data and law enforcement access to data. And then there are the APEC principles, created in 2004. So the issue is not that comparable legal instruments are out of date, nor is there a lack of them.

The APEC principles are a ‘framework’ for member countries to follow because APEC’s job is to produce non-binding instruments and let its members figure out what to do with them. The drive to create the privacy principles was not a serious desire to harmonise privacy practices in the Asia Pacific, but because Australia and the US wanted a countervailing force to the EU Directive. The development of the guidelines was dominated by intense lobbying by US and international business interests, many of whom owed their seat at the table to membership of government delegations. While the APEC principles are said to be ‘consistent’ with the OECD guidelines, they are widely accepted as having watered down key provisions such as having a defined purpose for data collection and use, and access by data subjects. And because they’re an APEC instrument, the principles come with no requirement for implementation nor any mechanism for review of their use. So while an appeal to APEC-like international privacy rules may sound impressive, in reality it’s an empty promise that smacks of a policy wonk’s branding exercise.

But Fleischer identifies a real problem. The nature of communications technologies means personal data travels through several countries in minutes. It is truly bewildering for companies acting in good faith to figure out which law they should apply and when. There are also many companies set up in one jurisdiction which market their services to consumers in another, unaware of or ignoring the privacy laws in the second country. The Internet severs the tie between individuals and their national laws, thrusting them out in to a no man’s land of contested jurisdiction and applicable law. But it also leaves global companies like Google vulnerable to being rapped by data protection authorities for running their business in ways that may or may not be wrong, depending on who owns the data flying around, where they came from, what rules applied when they were collected, and endless overlapping variables that make a lawyer’s head spin.

On the face of it, Fleischer’s call for a new international instrument on Internet privacy is consistent with business’ desire to simply know which rules to follow. Having worked for several years in the business lobby on data protection, I can tell you the clarion call of international businesses was always for more legal certainty. But the second part of the argument is the important one. Business wants certainty, but only as long as it means harmonization to the lowest possible level of privacy protection, and ideally none at all. Because, after all, businesses know best what their customers really want. And a competitive market will provide just that…

Any new international privacy instrument would be created by a process involving intense lobbying by international business interests to weaken privacy protections. The US could be expected to exert significant pressure to dilute privacy to homeopathic levels. So realistically, given the players’ incentives and their demonstrable history, we could expect that the new instrument to offer less privacy protection to individuals than any of the existing ones. Nobody with any experience in this area would expect anything else. And that’s just if you look at this from the business point of view.

Of course the wider context of any negotiations on Internet privacy must include other actors; most importantly, the law enforcement community. Privacy has been on a losing streak since 2001; many people believe justifiably so. In Europe, Parliament lost its nerve on the communications data protection directive (2002/58 mentioned above) and weakened privacy protections in response to pressure from justice and home affairs interests. A couple of years ago, the chronically under-resourced data protection unit was removed from DG Internal Market – where its focus was on harmonization of laws antithetical to the internal market – and put in DG Justice Freedom and Security, on the premise that data protection is more akin to rights than to commercial data flows. DG InfoSo (Information Society) didn’t have enough clout to secure the unit to itself, which indicates that the future direction of data protection has very little to do with compatibility with Internet technologies, and everything to do with standard justice ministry concerns.

It can’t be controversial to infer from all this that in the current climate, any changes to data protection will focus more on accommodating business and law enforcement concerns than privacy ones. Opening up data protection negotiations anywhere – in the EU, at the OECD or at some UN forum to be imagined – can only have the effect of weakening existing protections. And of course if the UN were to get involved – there is a weak case for opening discussions under the auspices of the ICCPR – you can only imagine how the input of countries like China and Russia would shape privacy rules. And rules developed anywhere except the EU would almost certainly be non-binding to countries or companies. So any new rules would likely be damaging to privacy and unenforceable anyway. Which would seem to be a lot of work to create very little benefit.

So, interesting and all as Fleischer’s call for new international rules is, it can only result in a) no change, or b) less privacy for individuals and the same uncertainty for business. Is this just a political branding exercise by Google, or is there more to it? Without seeing the text of the speech, I can’t say. But the reports indicate more smoke than fire. If Eric Schmidt is to take up this cause, as some reports say he will, then I hope it has some real substance to it.

{ 1 trackback }

Blindside : Blog Archive » It’s Not Only Government Working Through Privacy Issues… (Google Version)
09.17.07 at 8:51 am

{ 19 comments }

1

Maria 09.15.07 at 10:54 am

I’ve just spotted a proper treatment of Peter Fleischer’s views on his blog, which is much more detailed than the newspaper reports of his speech and well worth a read.

2

Witt 09.15.07 at 5:03 pm

I think the link in your first comment is incorrect.

3

greensmile 09.15.07 at 5:28 pm

Perhaps the responsibility is now inherently the user’s?…a kind of “communicator beware” would be the prudent attitude of all that take advantage of amazing and amazingly cheap new capbabilities.

As to the contention that google is taking the high ground: I would not sell them any flood insurance for that 10 principles of privacy. And I suspect they are relieved to have no stricter guidance than that to have to follow.

4

tom s. 09.15.07 at 7:48 pm

Fascinating piece; thanks.

The Fleischer post is here.

5

abb1 09.15.07 at 8:28 pm

Tor. Everybody should use Tor and everyone should be a Tor server. No negotiations necessary, no government/international solutions necessary, case closed. Well, at least as far as the IP issue is concerned.

6

Cranky Observer 09.15.07 at 9:02 pm

Bit of a waste of time, really: I don’t think it takes much imagination to suspect that all of the social networking information that Google has developed by correlating searches with IP addresses (and more sophisticated techniques) has been turned over to both US spy agencies and respective local governments. The horse is gone, the door stolen, the barn burned down, the ashes are cold and scattered, and the farm has been sold to a housing developer. There is nothing left of individual privacy on the Internet.

Cranky

7

A Googler at Home 09.16.07 at 6:06 am

Maria, I’ve looked, but it seems to me that nowhere in your thoughtful post was there a discussion of the direct benefits for users of the internal use, by search engines, of search data that, as you say, is not “strictly personal data.”

You seem to imply that search engines don’t want strong privacy policies because strong policies would make search less profitable.

Google makes money by providing a great search service and by constantly improving it. Some privacy regulations that have been proposed would greatly restrict Google from improving its search. So yes, in that sense, Google’s profit might be threatened, because Google wouldn’t be able to improve its search as rapidly. But putting it primarily in terms of profit (or “benefit to the search engine”) is tiresome to the hundreds of us (just counting Google) whose jobs it is to use this data to make search better for you.

Cranky, do you think spy agencies would care much about search data, which is usually not tied to a particular person, when they have access to every check you’ve written, every credit card transaction, every phone call, every email, and for heaven’s sake which cellphone towers you’re near right now — all of which are actually tied to you as a person? And since they can tap the internets, why would they care what Google’s privacy policy is when they can see the data as you send it?

Meanwhile ISPs are actually selling personal information about their users. See http://arstechnica.com/news.ars/post/20070315-your-isp-may-be-selling-your-web-clicks.html among others. Your ISP knows all your web activity, all tied to your name. Google has never done this.

So there are some real problems: selling personal information or otherwise disclosing it without actual consent, and excessively easy Government access to personal information. But blanket prohibitions about what data can be kept in the first place or imposing short time limits on its retention — my personal fear about many proposed regulations — throw out baby with bathwater.

I and many others at Google support “throwing out the bathwater,” both because it’s the right thing to do and because it would decrease the pressure to throw out the baby too. But can we keep the baby, please? And can we have a discussion about what’s baby and what’s bathwater before we throw anything?

8

Roy Belmont 09.16.07 at 9:07 am

Cranky #6
There’s “nothing left of individual privacy on the Internet” available to you. It’s a little presumptuous and unimaginative to say there is no privacy available to anyone else.
Surely there’s more shielding technology available for your privacy than just abb1’s open-sourcish link there. If you know the right people and can throw down the appropriate secret handshakes.
If by privacy you mean the reasonable expectation that no one will know what you’re doing at any given moment online.
You seem to be lamenting the loss of that sense that no one does know what you’re doing; yet the sense that no one is having cognitive awareness of what you’re doing online at any given moment, or for most of the things you do online, ever, is probably still a conditional norm for most of us.
300 million CCTV cameras deployed throughout the US won’t mean that everyone’s on TV, it will mean they could be.
The problem isn’t so much privacy as who or what has access to the things we traditionally think of as being desirably kept private.
Plains indians, people that lived fairly harsh winters through in relatively spacious but still easily circumscribed tents, and most of our ancestors through most of our history in most environments lived close in and all together, and had no real privacy for months at a time, if at all, ever.
But they weren’t prey because of that lack of privacy to amoral and conscienceless creatures who would virtually metabolize the things they found within that intimacy, or whatever you want to call the lack of privacy when it’s shared with people you’d share your last food with, sacrifice for even die for if it came to that. They weren’t prey because of that intimacy unless you consider the parasitic infestation of lice and fleas to be a kind of predation.
It isn’t the lack of privacy that’s tragic here, it’s who has access, the means to violate our privacy, and use what they find for their own ends, their actions and intent having nothing to do with our well being.
I personally haven’t had a truly private moment online since the morning of September 11th, 2001, when the monitor drones were all glued to their own versions of what that was coming in, the sound and light of it distracting them at least for a few hours from whatever it is that fascinates them about what I, and people like me, do.
That’s my experience, I don’t expect that’s most everyone else’s, but I do think we need to have some kind of consensus running about what it is that’s not there when we’re all exposed this way.
The thing that can’t live without doing that, that can’t see its own survival without that melting away of human individuality, shouldn’t get all the votes, shouldn’t have all the power, but right now it does. That’s what bothers me about no privacy on the Internet.
The thing that uses that lack of privacy to advance itself is not something I’d ever willing sacrifice my freedom to benefit. The moral conundrum begins with a recognition that we’ve been shocked into thinking we need to live this way, that we have to surrender these freedoms because we can’t survive without giving them up. Eventually this will become true. Eventually the rebels are weeded out and the remaining are browbeaten and coerced into believing they have to cooperate.
That’s domestication, it’s what’s happening to us, what’s been happening to us for a while.
Loss of privacy’s a big thing, a bad thing, but it isn’t much up next to the loss of our humanity.

9

Maria 09.16.07 at 9:08 am

Thanks for the link, Tom.

10

fred lapides 09.16.07 at 3:28 pm

Tor has now been shown to be subject to the US govt spying…stuff gets encrypted and then at the spot where unencrypted at a volunteer server, some of those servers shown to be run by the govt! This documented and studied. There is NO place where the govt not able to get at emails or posts or whatever.

11

abb1 09.16.07 at 4:22 pm

…some of those servers shown to be run by the govt!

There are many problems with Tor, but I don’t think this particular one is serious, especially assuming that Tor network is going to grow. If you have millions and millions of nodes, a few dozen or even a few hundred bugged by the government won’t matter. Also, you can specify your own list of the exit nodes, and they can be in a place where the government (at least your own government) is not likely to spy on you.

12

bi 09.16.07 at 6:11 pm

fred lapides, abb1:

Yeah; the onion routing model is such that each node only gets to peel off one layer of the “onion”, so it only knows what’s the next node to send to (it won’t even know where the message initially came from, or where it’s ultimately headed). So, there’ll only be a problem if _all_ the machines on the path from entry to exit are government spy servers — which I’m guessing will be hard to bring about.

13

abb1 09.16.07 at 6:44 pm

Nevertheless the exit node is still a vulnerability.

Anyway, obviously this is going to be a constant struggle; attacks – counter-measures – different attacks, etc. This is just how the world works.

14

Daniel Brandt 09.16.07 at 7:51 pm

I’ve been running Scroogle, an ad-free Google scraper that also protects your privacy, for several years. It now handles about 100,000 searches a day, and survives entirely on modest tax-exempt donations.

It is not that expensive to run several dedicated servers if you do your own system administration and programming as I do. You have to be squeaky clean or folks won’t trust you, but this is hopefully solved by the fact that I’ve been an anti-CIA activist for the last 40 years, and was the first anti-Google activist.

One thing that would be helpful in the privacy debate, which I don’t see anyone commenting on so far, is to ask regulators to require that big engines such as Google offer a stripped-down version of their generic search results. I’m referring to a simplified, ad-free version that is stable, and easy to scrape. One of the constant uncertainties of any scraper operation is that a minor tweak of the original formatting can completely break the the scraper code. The API interfaces offered by Google and Yahoo are inefficient, and they include massive restrictions on the total traffic that is allowed per API account.

My scraping has always had to remain unauthorized, and is therefore always at risk. I doubt that Google has the guts to serve me with a Cease and Desist, or serve my providers with a DMCA take-down notice, but they could try to block my servers, or they could constantly modify their source code in subtle ways, and Scroogle would be impractical.

I’d like to see some guarantees so that recognized nonprofits who want to offer privacy-enhanced access to major search engines don’t have to worry about retaliation from these engines.

By the way, Tor is no match for Scroogle’s performance, assuming that you believe me when I say that no one but me has access to my logs, and that I delete my logs within 48 hours. Scroogle even offers SSL as an option. Google has no way to determine whether any two Scroogle searches are from the same person, since each search goes randomly to one of 250 Google IP addresses, and their logging is presumably not centralized. This is not the case when you use Google through Tor.

Moreover, Tor is painfully slow, while for 99 percent of Scroogle searches, the extra delay per search is around one or two seconds. I don’t see anyone using Tor for all of their searching needs; it is simply too frustrating.

15

aaron 09.17.07 at 4:19 pm

One thing to take into account is that google is providing you with a free service (web search), in exchange for “anonymous” data on your searches. No one is forcing you to use google.

In addition, cranky’s claim that google is turning data over to the government is, from what I’ve heard, inaccurate. In fact, I think Google may have been the first major company to resist the government’s attempts to acquire data about web users. Admittedly, I haven’t heard to much about this issue in recent months.

16

Seth Finkelstein 09.17.07 at 9:19 pm

Aaron / #16 – That “resist” is a myth created by Google PR. The real facts of the case are much more mundane. Google was almost entirely motivated by its own trade-secret reasons, but they spun it as user privacy, and the press lapped it up uncritically. Read my article:

Google Search Subpoena

http://blog.outer-court.com/archive/2006-01-26-n76.html

17

maria 09.18.07 at 3:53 pm

Hello, googler at home,

I’m simply making the point that Google fits in with the mainstream of large, international businesses who generally want weak, or preferably no, privacy protection. I’ve not seen anywhere a detailed description of why Google thinks it’s necessary (as opposed to desirable) to retain individuals’ search data for 30 years, as opposed to 18 months. Google itself seemed to accept a retention period of 18 months earlier this year. Do you know why retention periods of decades are ‘needed’?

Thanks for chipping in.

18

engels 09.19.07 at 3:01 pm

Am I right in thinking that Google’s current policy is to keep searches for 18 months and after that not to delete them but just remove the last four bits of the IP address? That is a remarkly crappy “privacy” policy, and one which makes Google a lot worse than its competitors iirc.

19

engels 09.19.07 at 3:03 pm

…last eight bits…

Comments on this entry are closed.