Q&A: Rotenberg fears Internet 'privacy meltdown' from Google-DoubleClick combo

Computerworld - The U.S. Federal Trade Commission said today that it won't try to block Google Inc.'s planned acquisition of online ad-serving vendor DoubleClick Inc., or seek to impose any privacy protection requirements in return for allowing the $3.1 billion deal to go through. The Electronic Privacy Information Center (EPIC) was one of three privacy groups that previously had filed a petition asking the FTC to put a stop to the acquisition unless Google made significant changes to its data privacy policy. In an interview with Computerworld that was conducted before the FTC announced its decision, Marc Rotenberg, executive director of Washington-based EPIC, contended that the combination of Google and DoubleClick would give the search engine giant "the deepest and broadest profile of Internet users of any company in the world" -- with virtually no legal limits on how it could use that data. Excerpts from the interview follow:

What red flags does Google's planned acquisition of DoubleClick raise from a privacy standpoint? EPIC has been involved in most of the major privacy campaigns in the United States going back to our founding, and I don't think there has been a campaign that we pursued since then that has been more significant than the effort to block this deal. It speaks directly to whether the Federal Trade Commission can meaningfully protect consumer privacy in the online world. I don't think there is any doubt that Google being the Internet giant search company that it is, and DoubleClick being the leading banner advertising company that it is, this is the single biggest privacy meltdown that the Internet is currently facing.

Can you illustrate the kind of privacy problems that you think the merger will lead to? That's a very fair question, and it turns out to be a hard question to answer -- in part because Google itself has actually been very quiet about what it plans to do with DoubleClick once it acquires it. They should be more open. For example, do they plan to combine [search engine data with] the data that DoubleClick currently has on Internet users who surf the Web? Which is information, by the way, that is not available to Google right now, and I'm sure [it's] a large part of the attraction of the deal.

If it is Google's intent to get access to that data, they will have the deepest and broadest profile of Internet users of any company in the world. And they are also under virtually no legal obligation to limit how they might use that data. So they might say today that they do primarily commercial advertising; tomorrow, perhaps they decide to do insurance evaluation or risk management, or border screening for the Department of Homeland Security. There are lots and lots of different ways that that data could be used. Google itself has been very secretive about its plans.

What kind of a profile do you think they could assemble on individual Web users? There are two key elements to a profile. Most people tend to focus on the Big Brother data collection side, and that's simply taking information about a person from different aspects of their private life: their medical records, their financial records, where they go online, what they put in e-mail, who they call -- all that kind of information that can be put together to create a detailed profile of an individual.