Since Google first started growing in stature, people have wondered if (or when) they might start passing along private information to governments or misusing it for their own gain. The company has faced hyperactive attention in this space, while others, as I have written, largely got a free ride from criticism. Moreover, the privacy freakout about Google was based on lots of "might dos" or "could dos" rather than "has done."
Yesterday was a historic moment in answering some of those doubts. What might Google do, if faced with an unreasonable demand from a government agency? Google will push back. And what might its competitors do, who have faced nowhere near the same amount of criticism? Comply.
Let's not get all starry eyed. Google pushed back in this case, but it may have complied with other governmental requests. Indeed, one of the best points in John Battelle's book "The Search" was the section focusing on the US Patriot Act and how Google (or other search engines) might not even be able to say if it has given out information.
Let's also not get foolish. I personally think that search engines should be following laws and especially helping authorities, even if that means handing over private information. But that has to be done when the proper procedures have been followed, when the right safeguards are in place and a real pressing need for the information is demonstrated.
None of that was the case with the information the Department Of Justice has requested. I don't have time to do a long deconstruction of how the information the DOJ wants will NOT allow the government to do what they claim. But I'll take a short look, especially at this claim that literally made my jaw drop:
Reviewing URLs available through search engines will help us understand what sites users can find using search engines, to estimate the prevalence of harmful-to-minors (HTM) materials among such sites, to characterize those sites, and to measure the effectiveness of content filters in screening HTM materials from those sites.
Reviewing user queries to search engines will help us understand the search behavior of current web users, to estimate how often web users encounter HTM materials through searches, and to measure the effectiveness of filters in screening those materials
Ah, HTM, the new WMD. HTM is "harmful to minor" material, porn that children might encounter accidentally. The Department Of Justice seems to think that if it has a list of queries, plus a sample of URLs indexed, it will magically demonstrate how often you might hit porn. Not at all. Not in the least.
Anecdotally, search engines will tell you that most of the content they index never makes it into the first page of search results. And content not in the first page of search results is effectively invisible and not seen, since most people don't drill deep. So sure, they could hand over a list of 1 million URLs. But you have no idea from that list how often any of those URLs actually rank for anything or receive clicks. It is non-data, useless.
Secondly, the list of search queries HAS NO RANKING DATA associated with it. So let's say the DOJ sees a query for "lindsay lohan." They don't know from that data what exactly showed up on Google or another search engines for that query, not from what they've asked for. Since they don't know what was listed, they further can't detect any HTMs that might show up.
In short, gathering this data is worse than a fishing expedition. It's a futile exercise that will proof absolutely nothing about the presence of HTMs in search results. All it proves so far is that the DOJ lawyers (and apparently their experts) haven't a clue about how search engines work. An actual search expert will tear apart whatever "proof" they think they can concoct from the data gathered so far.
As I said yesterday, a far better way to measure HTMs in SERPs (that stands for search engine results pages. I don't like the acronym, rarely use it, but let's play dueling acronyms today) to do this is to conduct some actual searches. That's what the US Government Accounting Office did when it wanted to measure porn in image search results.
Now let me bring this back to the bigger issue, that of trust. AOL, Microsoft and Yahoo DID NOT VIOLATE THE PRIVACY of any user by handing over this information. No private data was revealed. Nevertheless, by not pushing back against such a bad request for data, it leaves open the real fear that they might not push back if the US government decided to go on a real fishing expedition in the future. Privacy may not have been lost but trust was.
Picture this scenario. The US government wants to pass a new law on monitoring terrorists. In order to see the presence of searchers seeking out TOMs (that's Terrorist Oriented Materials) through search results, they ask each search engine to hand over an entire week's worth of search data completely with cookie info, IP addresses and registration information.
The purpose? They need to study how many people are seeking TOMs to have stats to support the law they want to pass. This is pretty much the same argument they are using in the current case, by the way.
Why shouldn't the search engines comply? Isn't it supporting terrorism by not helping?
No. There's a difference in reacting to help the law, according to laws, and being asked to participate in a police state. Consider this metaphor. Many people take part in Neighborhood Watch programs, to help better ensure the safety of their neighborhoods. It's a good idea, by and large. I don't recall there being that much controversy over such programs.
Now let's say the government decides that to better protect your neighborhood, they'll be placing cameras inside of everyone's home. What's the problem? I mean, unless you're doing something wrong, you don't have anything to fear, right?
The problem is -- speaking as a US citizen here -- that America was founded the principle of liberty. Stay out of my life, unless I'm doing something harmful to others. And if you think I'm doing something harmful, then use the carefully constructed and regulated laws to stop me from doing harm. Don't suspect everyone, monitor everyone and assume everyone is guilty. That's not how the country is supposed to work.
One more metaphor, which may better bring it home. Terrorists use telephones. Perhaps the government should go to the telephone companies and ask them to forward a week's worth of telephone calls, so they could determine how terrorists use the phone system. Anyone have a problem with that?
Actually, many people do. It's at the heart of the current controversy the Bush Administration faces, that it wiretapped -- listened in -- on phone calls without the legally required search warrants. The US Congress is about to hold hearings on the situation and whether it was illegal or not.
Search engines are like telephones, in some ways. We hold conversations with them, trusted conversations. We tell search engines things about our private lives we might not tell friends, doctors, partners and others. Is this a medical condition I should worry about? How do I handle an infidelity crisis I'm having? I need a new job -- can you help me? Private matters, not mean to be exposed to the world and certainly not meant to be swept up into a government net without an exceptionally good reason having been shown
Again, yesterday's news wasn't about privacy. It was more about trust, whether we can trust our major search engines for when privacy really is an issue. So how did they do on the trust front? I thought I'd hand out trust points to summarize, on a scale of one to 10, with 10 being best.
Google: 9 Points
Why isn't Google at 10 points? After all, they are the ones who stood up against the Department Of Justice. A couple of reasons for the one point loss:
- I'd be happier if they'd shared with the world that they'd been subpoenaed
back when it happened last year. That information could have been made public,
and it should have been.
- Google also looked to be negotiating on compliance. We don't have enough details to know why they ultimately didn't give in, but some changes, and perhaps they might have.
So, not a perfect score -- but overall, high, high points.
Yahoo: 4 Points
Since they complied, I feel they have to be below the 5 point mark. OK, how trustworthy were they then in the after-the-fact statement? At first, they tried to make it seem they didn't comply by saying they gave no personal information out. Since no personal information was asked for, that was a non-answer. But almost immediately a revised statement fessed up.
AOL: 1 Points
"We did not -- and would not -- comply with such a subpoena." Except they did. Like Yahoo, they ran for the cover of saying they gave out no personal information. Instead, they just gave out some "search terms" -- which is what the subpoena asked for. That's compliance in part, and a loss of trust points for not being more forthright about what happened.
MSN: 1 Point
Like a loser in the Eurovision song contest, null points to MSN. They issued a non-statement, neither confirming or denying anything. Instead, we get the Department Of Justice saying they complied. They should have just fessed up from the beginning. That might have salvaged some trust out of the mess.
Postscript: In light of the most recent post on the MSN blog, I'll bring MSN Search up to match AOL. They took ages on the public relations side to say they complied, but the blog is direct and more forthright about it. What a difference it would have made if they'd been allowed to say that yesterday.
Ask Jeeves: Didn't Get To Play
I can only imagine the situation at Ask Jeeves. They had to be relieved they were never asked, so avoided the entire fracas. But not being asked means the US government doesn't think they count much as a search player -- so they probably also wish they had been involved!
What They Should Have Done
Just some tips for the search engine spinmeisters. Here's what you should have sent out:
AOLMSGooHoo did provide a list of URLs and search terms in response to the subpoena. We reviewed the request and determined that we could cooperate without any harm to the privacy of our users. We would have preferred not to have been given a legal summons and have serious doubts if the information will help the US government determine what it seeks. However, we felt our time was not best spent fighting on this front. Rest assured that if personal information had been at stake, we would have vigorously fought to defend the privacy of our users, to the degree the law allows.
The better answer, of course, would have been to fought the request in the first place.
In the end, one of the biggest ironies is that the other search engines failed to capitalize on Google's biggest weakness, that it might not be trustworthy. I wrote back in 2002 about how Google was going to face a challenge of being seen as too Microsoftish, too dominant a player.
Ironically, that put Microsoft itself in the enviable situation of counter-balance to Google. Rather than being the evil player, it was the player along with Yahoo that many hoped would restore some balance to the search space.
Had Microsoft said no, it would have scored major points for trust. But to say yes -- then not even admit to saying yes -- just makes Google seem better and better to many people.
Want to comment or discuss? Please visit our Search Engine Watch Forums thread, Bush Administration Demands Search Records.