Google to make search data anonymous
After 18 to 24 months, it's not about you anymore
Computerworld - In a bid to protect the privacy of its users, Google Inc. yesterday said it is taking steps to makes searches by its users anonymous after 18 to 24 months.
"When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details," according to a blog post from Peter Fleischer, privacy counsel-Europe, and Nicole Wong, deputy general counsel. "Previously, we kept this data for as long as it was useful. Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time."
The Mountain View, Calif.-based company said that when it implements the policy change within the next year, it will continue to keep server log data to improve Google's services and prevent security threats and other abuses.
Google said it would also build privacy protections into its products, including Google Talk's "off the record" feature, as well as Google Desktop's "pause" and "lock search" controls.
The company said it will also provide easy-to-understand privacy policies on its Web site for its users.
By making the decision to bolster its privacy policies, Google is responding to the concerns of privacy advocates and some government regulators in the U.S. and Europe that releasing the data could pose privacy risks for users.
"After talking with leading privacy stakeholders in Europe and the U.S., we're pleased to be taking this important step toward protecting your privacy," according to the statement. "By anonymizing our server logs after 18-24 months, we think we're striking the right balance between two goals: continuing to improve Google's services for you, while providing more transparency and certainty about our retention practices."
Two high-tech civil rights groups called the move a good first step but said more work needs to be done.
"This is a big step in the right direction," said Ari Schwartz, deputy director of the Center for Democracy and Technology, in a statement.
"Keeping the data around forever significantly compromises [Google's] users' privacy," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation in San Francisco. The U.S. government probably has subpoenaed search log data on individuals in criminal investigations, a move it wouldn't necessarily have to reveal, he said. Another danger is that an angry spouse or business partner could obtain the information in the course of a lawsuit, Bankston said.
"We'd love to see a shorter retention period and more complete anonymization," Bankston said. Google should also extend the policy to its other products, which include Gmail, Google Calendar, Google Maps and other Web-based tools.
Other major search providers, such as Yahoo Inc. and Microsoft Corp.'s MSN, haven't revealed as much as Google has about what they do with server logs, Bankston said.
Stephen Lawson of the IDG News Service contributed to this report.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!