Privacy backers push FTC to end AskEraser service
They say the Ask.com service doesn't protect privacy as billed
Computerworld - A group of privacy advocacy organizations has filed a complaint with the U.S. Federal Trade Commission (FTC) alleging that Ask.com's recently launched AskEraser service does not live up to its promise of deleting users' search histories.
In an 11-page brief filed with the FTC last week (download PDF), the group claimed that the search engine company is indulging in deceptive and unfair trade practices with AskEraser and should be forced to withdraw the service. The Electronic Privacy Information Center (EPIC), the Center for Digital Democracy, Consumer Action and the Fairfax County Privacy Council are among those that filed the complaint.
Officials from IAC Search & Media's Ask.com did not immediately respond to a request for comment on the compliant.
Ask.com's AskEraser service was unveiled on Dec. 11 and described at the time as a way for users to ask that their search activity data not to be retained on the company's servers.
Ask.com claimed that AskEraser, when enabled by the user, would completely delete search queries and associated cookie information from Ask.com servers -- including IP addresses, user IDs, session IDs and the text of queries made. The feature is available to users of the company's U.S. and U.K. search engines and is designed to give users more control over search data, the company said. In most cases, the deletion would take place within a few hours of the time a search is completed.
The reality, however, is quite different, said Marc Rotenberg, executive director of the Washington-based EPIC. He pointed to three problems.
"When it was announced, there as a lot of hoopla over it," Rotenberg said. "So we decided to take a closer look and were kind of surprised. Some of the things that AskEraser does we don't think are very privacy-friendly."
The first issue is that users who want to enable the service must accept and install an AskEraser opt-out cookie on their system. That approach is both counterintuitive and misleading, Rotenberg said. Users who are concerned about privacy typically tend to delete cookies. For such users, the privacy settings on Ask.com are meaningless because each time the cookie is deleted, the settings are lost -- and Ask.com will no longer honor the user's privacy choice. Similarly, Ask.com offered no explanation for its policy of allowing the opt-out cookies to expire after two years.
Another troubling fact is that Ask.com's AskEraser service can be turned off without notice to the user, Rotenberg said. According to Ask.com's policies on its Web site, the company can disable the AskEraser service at any time -- to comply with a court order, for instance. In such cases, the company will retain search data, even if the AskEraser service appears enabled to the user, Rotenberg said. Without user notice, such a practice would be tantamount to spying on a user's search activity.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Privacy White Papers | Webcasts