Since Google first started growing in stature, people have wondered if (or
when) they might start passing along private information to governments or
misusing it for their own gain. The company has faced hyperactive attention in
this space, while others, as I have
largely got a free ride from criticism. Moreover, the privacy freakout about
Google was based on lots of "might dos" or "could dos" rather than "has done."
Yesterday was a historic moment in answering some of those doubts. What might
Google do, if faced with an unreasonable demand from a government agency? Google
will push back. And what might its competitors do, who have faced nowhere near
the same amount of criticism? Comply.
Let’s not get all starry eyed. Google pushed back in this case, but it may
have complied with other governmental requests. Indeed, one of the
in John Battelle’s book "The Search" was the section focusing on the US Patriot
Act and how Google (or other search engines) might not even be able to say if it
has given out information.
Let’s also not get foolish. I personally think that search engines should be
following laws and especially helping authorities, even if that means handing
over private information. But that has to be done when the proper procedures
have been followed, when the right safeguards are in place and a real pressing
need for the information is demonstrated.
None of that was the case with the information the Department Of Justice has
requested. I don’t have time to do a long deconstruction of how the information
the DOJ wants will NOT allow the government to do what they claim. But I’ll take
a short look, especially at this
literally made my jaw drop:
Reviewing URLs available through search engines will help us understand what
sites users can find using search engines, to estimate the prevalence of
harmful-to-minors (HTM) materials among such sites, to characterize those sites,
and to measure the effectiveness of content filters in screening HTM materials
from those sites.
Reviewing user queries to search engines will help us understand the search
behavior of current web users, to estimate how often web users encounter HTM
materials through searches, and to measure the effectiveness of filters in
screening those materials
Ah, HTM, the new WMD. HTM is "harmful to minor" material, porn that children
might encounter accidentally. The Department Of Justice seems to think that if
it has a list of queries, plus a sample of URLs indexed, it will magically
demonstrate how often you might hit porn. Not at all. Not in the least.
Anecdotally, search engines will tell you that most of the content they index
never makes it into the first page of search results. And content not in the
first page of search results is effectively invisible and not seen, since most
people don’t drill deep. So sure, they could hand over a list of 1 million URLs.
But you have no idea from that list how often any of those URLs actually rank
for anything or receive clicks. It is non-data, useless.
Secondly, the list of search queries HAS NO RANKING DATA associated with it.
So let’s say the DOJ sees a query for "lindsay lohan." They don’t know from that
data what exactly showed up on Google or another search engines for that query,
not from what they’ve asked for. Since they don’t know what was listed, they
further can’t detect any HTMs that might show up.
In short, gathering this data is worse than a fishing expedition. It’s a
futile exercise that will proof absolutely nothing about the presence of HTMs in
search results. All it proves so far is that the DOJ lawyers (and apparently
their experts) haven’t a clue about how search engines work. An actual search
expert will tear apart whatever "proof" they think they can concoct from the
data gathered so far.
As I said yesterday, a far better way to measure HTMs in SERPs (that stands
for search engine results pages. I don’t like the acronym, rarely use it, but
let’s play dueling acronyms today) to do this is to conduct some actual
searches. That’s what the US Government Accounting Office
did when it
wanted to measure porn in image search results.
Now let me bring this back to the bigger issue, that of trust. AOL, Microsoft
and Yahoo DID NOT VIOLATE THE PRIVACY of any user by handing over this
information. No private data was revealed. Nevertheless, by not pushing back
against such a bad request for data, it leaves open the real fear that they
might not push back if the US government decided to go on a real fishing
expedition in the future. Privacy may not have been lost but trust was.
Picture this scenario. The US government wants to pass a new law on
monitoring terrorists. In order to see the presence of searchers seeking out
TOMs (that’s Terrorist Oriented Materials) through search results, they ask each
search engine to hand over an entire week’s worth of search data completely with
cookie info, IP addresses and registration information.
The purpose? They need to study how many people are seeking TOMs to have
stats to support the law they want to pass. This is pretty much the same
argument they are using in the current case, by the way.
Why shouldn’t the search engines comply? Isn’t it supporting terrorism by not
No. There’s a difference in reacting to help the law, according to laws, and
being asked to participate in a police state. Consider this metaphor. Many
people take part in Neighborhood Watch programs, to help better ensure the
safety of their neighborhoods. It’s a good idea, by and large. I don’t recall
there being that much controversy over such programs.
Now let’s say the government decides that to better protect your
neighborhood, they’ll be placing cameras inside of everyone’s home. What’s the
problem? I mean, unless you’re doing something wrong, you don’t have anything to
The problem is — speaking as a US citizen here — that America was founded
the principle of liberty. Stay out of my life, unless I’m doing something
harmful to others. And if you think I’m doing something harmful, then use the
carefully constructed and regulated laws to stop me from doing harm. Don’t
suspect everyone, monitor everyone and assume everyone is guilty. That’s not how
the country is supposed to work.
One more metaphor, which may better bring it home. Terrorists use telephones.
Perhaps the government should go to the telephone companies and ask them to
forward a week’s worth of telephone calls, so they could determine how
terrorists use the phone system. Anyone have a problem with that?
Actually, many people do. It’s at the heart of the current controversy the
Bush Administration faces,
that it wiretapped — listened in — on phone calls without the legally
required search warrants. The US Congress is about to hold
hearings on the situation and whether it was illegal or not.
Search engines are like telephones, in some ways. We hold conversations with
them, trusted conversations. We tell search engines things about our private
lives we might not tell friends, doctors, partners and others. Is this a medical
condition I should worry about? How do I handle an infidelity crisis I’m having?
I need a new job — can you help me? Private matters, not mean to be exposed to
the world and certainly not meant to be swept up into a government net without
an exceptionally good reason having been shown
Again, yesterday’s news wasn’t about privacy. It was more about trust,
whether we can trust our major search engines for when privacy really is an
issue. So how did they do on the trust front? I thought I’d hand out trust
points to summarize, on a scale of one to 10, with 10 being best.
Google: 9 Points
Why isn’t Google at 10 points? After all, they are the ones who stood up
against the Department Of Justice. A couple of reasons for the one point loss:
- I’d be happier if they’d shared with the world that they’d been subpoenaed
back when it happened last year. That information could have been made public,
and it should have been.
- Google also looked to be negotiating on compliance. We don’t have enough
details to know why they ultimately didn’t give in, but some changes, and
perhaps they might have.
So, not a perfect score — but overall, high, high points.
Yahoo: 4 Points
Since they complied, I feel they have to be below the 5 point mark. OK, how
trustworthy were they then in the after-the-fact statement?
they tried to make it seem they didn’t comply by saying they gave no personal
information out. Since no personal information was asked for, that was a
non-answer. But almost
a revised statement fessed up.
AOL: 1 Points
"We did not — and would not — comply with such a subpoena." Except they
did. Like Yahoo, they ran for the cover of saying they gave out no personal
information. Instead, they just gave out some "search terms" — which is what
the subpoena asked for. That’s compliance in part, and a loss of trust points
for not being more forthright about what happened.
MSN: 1 Point
Like a loser in the Eurovision song contest, null points to MSN. They issued
a non-statement, neither confirming or denying anything. Instead, we get the
Department Of Justice
saying they complied. They should have just fessed up from the beginning.
That might have salvaged some trust out of the mess.
Postscript: In light of the most recent post on the MSN blog, I’ll
bring MSN Search up to match AOL. They took ages on the public relations side to
say they complied, but the blog is direct and more forthright about it. What a
difference it would have made if they’d been allowed to say that yesterday.
Ask Jeeves: Didn’t Get To Play
I can only imagine the situation at Ask Jeeves. They had to be relieved they
were never asked, so avoided the entire fracas. But not being asked means the US
government doesn’t think they count much as a search player — so they probably
also wish they had been involved!
What They Should Have Done
Just some tips for the search engine spinmeisters. Here’s what you should
have sent out:
AOLMSGooHoo did provide a list of URLs and search terms in response to the
subpoena. We reviewed the request and determined that we could cooperate without
any harm to the privacy of our users. We would have preferred not to have been
given a legal summons and have serious doubts if the information will help the
US government determine what it seeks. However, we felt our time was not best
spent fighting on this front. Rest assured that if personal information had been
at stake, we would have vigorously fought to defend the privacy of our users, to
the degree the law allows.
The better answer, of course, would have been to fought the request in the
In the end, one of the biggest ironies is that the other search engines
failed to capitalize on Google’s biggest weakness, that it might not be
back in 2002 about how Google was going to face a challenge of being seen as too
Microsoftish, too dominant a player.
Ironically, that put Microsoft itself in the enviable situation of
counter-balance to Google. Rather than being the evil player, it was the player
along with Yahoo that many hoped would restore some balance to the search space.
Had Microsoft said no, it would have scored major points for trust. But to
say yes — then not even admit to saying yes — just makes Google seem better
and better to many people.
Want to comment or discuss? Please visit our Search Engine Watch Forums
Administration Demands Search Records.