> Is this really that different from police asking for security camera footage from a convenience store after a robbery.
The crux of the debate is whether Google is a quasi public place, like a convenience store, or something private, like your closet.
I think legally, Google is no different than any other business. Following the appropriate process, police can ask a convenience store to search their sales records to see who bought something on a particular date. They can ask a credit card company about someone's purchases on a particular date.
On the other hand, people disclose information to Google that they don't disclose to their convenience store clerk. That information is even more intimate than what people disclose to a credit card company. Someone's searches can reveal the deepest darkest things about them.
On the other other hand, Google as a service is not really one of trust. It's not like a bank that provides a safe deposit box and promises to not look inside (and is usually legally barred from doing so). Google rummages through your personal information for its own profit. Twenty years ago, if you had asked people: "If you had a service that data mined the information you gave it for advertising purposes, where potentially dozens of engineers and operators have access to that information--would you consider that a trusted and private system?" They would have said "no."
They are required to keep records that brick and mortar businesses do not.
They have a de-facto monopoly as the largest search provider for the general populace. They are a public resource that is a requirement for many of us to use in our day to day lives.
Google in this instance is more like a library card catalog that keeps records of all of the things people search for.
This is the same as asking a library for all people who looked for books on dogs.
Google not only has adults that search for things. They have grade school children in their datasets.
If you are OK with this request, are you OK with the subsequent request to facebook that says "give me the social network tree for all of the people within this dataset"? we're looking for a woman who knows one of the people that searched for Douglass on Google within the Edina area. And then the final query to AT&T, "we need the phone records for all of the households on this list of women who are within 3 links to people who searched for Douglass in the Edina area"?
This is an overly broad search with no particular limit and no logical connection to the crime. The police don't know for certain that the thief arrived at the image used via a google search, let alone a google search for someone's first name. They don't know for certain that the thief was in the Edina area. They don't know for certain that the thief was in the Edina area when searching.
The American Library Association guidelines provide disclosure of records in response to a valid court order. Also, since your Library hypothetical trades on the special position of libraries In our society, it should be noted that libraries don't profit by rummaging through the books you read to advertise to you.
> The American Library Association guidelines provide disclosure of records in response to a valid court order
You are overstating there by a long shot. The guidelines are more along the lines of "if you have completely failed at making the police go away in any of the previous 72 steps, then you must comply, but hopefully you read our other guidelines that tell you it's a good idea to not create any records and if you must, to dispose of them frequently."
Many have a policy of destroying records immediately after books are returned unless you request otherwise (eg to be able to see your borrowing history in your account.)
Good question, and I'd be curious to know...but I'm not really sure.
My sense of most libraries doing that is more anecdotal than quantitative. Mostly just what I've heard from librarians and my experiences signing up for library cards various places that had some sort of relevant T&C clause or opt-in process.
> it should be noted that libraries don't profit by rummaging through the books you read to advertise to you.
They do present/display/advertise their most popular books. They track and fine you if you keep a book too long. They determine how much a book has been checked out and track usage at an analytics level to determine if the book should be taken out of circulation.
Maybe search engines should have a special status like libraries enjoy, but it's worth noting the centuries it took for public libraries to become a municipal requirement.
> Legally Google is different...
They are required to keep records that brick and mortar businesses do not.
> They have a de-facto monopoly as the largest search provider for the general populace.
> They are a public resource that is a requirement for many of us to use in our day to day lives.
Wait, what? Has the "defacto monopoly" been legally established? They're a "public resource?" Please cite the legal meaning of "public resource" and where it was established through legislation or judicial action that Google is one?
Forgive me for quoting you. You started with "Legally Google is different" so I assumed you wanted to talk law or legislation.
Also, I don't recall comparing Google to smaller organizations.
I may be oversensitive, but when I hear terms like "They are a public resource" I assume you mean that they should therefore be regulated by the government and paid for with tax money.
Punting on arguing for or against Google being a monopoly or utility, I will say there are a large number of people who trust Google. There are many, many ways that trust can be violated. As my coworker might say, they have a rather large attack surface.
Once regulated by the government, there is an even larger attack surface, as we in the USA have learned over the years, most notably with the recent Wikileaks dump.
2. Google is a telecommunications services provider, is DuckDuckGo a telecommunications services provider?
Those are two major categories that require data logging and retention in the U.S., and there are a lot of countries that have their own data logging and retention laws. Google because of it's size has active business presence in more countries and would therefore ensure itself to be compliant with local laws with more vigor than a significantly smaller company, especially one that was more focused on search. Google has it's hands in a lot of different kinds of businesses, many of which have already been targeted for logging and retention laws somewhere in the world.
The fact that Google owns an ISP is irrelevant to its search business. Not only are they unrelated, they are legally isolated in different corporations.
This seems a bit different though, the police are asking Google for a list of people who searched for a specific term, they aren't asking for the entire search history of those people. In that way I think the potential for revealing personal secrets is much more limited than it appears in the headline.
In this case it seems entirely reasonable as you say.
However. Let me straw man a bit here.
In the case of, say, someone being murdered with "a 16 inch double ender" at a themed orgy... Well, let's just ask google for anyone who has searched for an appropriately inclusive set of terms in the past 3 months. It's logical that someone who gets flagged in this data set could be the culprit right?
Gosh I sure hope none of the data gets leaked or misused in any way by the fine upstanding people who get access to it.
Isn't this why judges look at search warrants? It seems like a judge concerned with privacy would look at the warrant to decide if it was reasonably minimal - to find the murderer without making too much collateral damage.
It's a case of balancing two rights - the right to privacy, and the right to life, to not be murdered. An absolutist stance on one would damage the other, and so we give judges the power to make decisions.
The whole point of having judges is to have upstanding and reasonable people we trust for this purpose, so we don't have to explicitly deliberate about every edge case before it happens.
That's not a logical assumption. Three months is a long time and you have applied no geographic limitation. Sure, if the situation was different it would be ...different. That's not much of an argument though. Also, you would really only be identifying orgy attendees.
And yeah, I don't trust the police with my data but I am reassured by the limited time and geography in their request.
Oh man you just reminded me of the Will Arnett skit from Human Giant. The one where Aziz Ansari "disguises" himself as Mary Kate Olsen to sneak into a party.
> People might think of it as a trusted, private service
I think the problem is a little worse. Most people don't think about it in the first place, so the reason this question becomes interesting is that for most people it's a question they never asked themselves.
The answer is clear and obvious already based on the current legal framework, but it's news- and ask-worthy because for many people it's the first exposure to it.
That rummaging, though, is extremely restricted from the perspective of traditional privacy concerns -- it's not like someone at Google gets to look up what John Q. Smith searched for on this day. The analogy would be more like, "would you consider it private if a robot could look at each safe deposit box and add a special flyer to the ones with gloves in them, and then only in special circumstances does anyone get to look at anonymized box/flyer pairings to see if the robot did it right?"
The team members, as part of their responsibilities for
troubleshooting technical issues related to the site and
Google’s products, have access to users’ accounts.
Apparently Barksdale exceeded this authorized access to
spy on a group of specific people he’d met.
Another former site reliability engineer told Gawker that
Google gives such engineers unfettered access and “does
not closely monitor SREs to detect improper access to
customers’ accounts, because SREs are generally considered
highly experienced engineers who can be trusted.”
> potentially dozens of engineers and operators have access to that information
For that you have to break Google's security. I (and other colleagues) actually felt safer about Google's stewardship of that information when we got to learn how it worked from inside, than before joining.
(I work for Google, but not on security, and don't speak for the company).
All but the most IP-sensitive code at Google is visible to all Googlers, yes. And being able to tell what code is being executed by what machines in production is required for ops and reliability reasons in any big company anyway. But most important of all, it doesn't make sense to make what's arguably the best private security team write your defenses, to then not use them.
Your google search history is more like a storage locker than a closet. You don't own it, but you can open it whenever you want and the managers assure you they will only open it under exceptional circumstances.
You still have to trust the managers, since they're the only party with another key. If you don't trust them, you're free to take any legal steps to anonymize yourself when accessing the storage locker.
The problem seems to be that any additional layer of privacy or anonymity is only available to those who opt into it or go out of their way to implement it.
I am well aware of that page but to use a more extreme analogy... that's like believing a black mailer actually deleted the evidence once you paid them. The best you can do is hope they are telling the truth.
There is no way of knowing that the information is actually deleted except trusting them.
When I used to work at Google, making sure things people deleted were completely removed was something people took very seriously. With caches and backups deletions wouldn't be immediately effective everywhere, but it was very important that things people had deleted were, within weeks, really fully gone.
No offense to you, but why should I trust you or Google that what you say is true? I can have my neighbors pinky swear that they won't break into my house, but I still choose to lock my door every day.
You lock your doors because you don't trust your _neighbors_? That's madness.
Companies often face legal requirements that your data is truly gone, e.g. see the European Union's Data Protection Directive. So it's not just a pinky swear -- there is some legal force behind it. (Which happens to be true for the neighbor situation as well, so you really don't need to get pinky swears from everyone.)
I don't lock my door because there's a lot of people around that I don't trust. My neighbors are some of them. I don't know half of them by name. Why should I trust them?
> Companies often face legal requirements that your data is truly gone, e.g. see the European Union's Data Protection Directive.
Maybe that's part of the difference. In the US you have to keep records of stuff. At my company, we have to keep records for ~7 years, IIRC.
Unfortunately in the US it is the opposite. The government often forces you (or at least tries to force you) to not delete it incase they want it later. Especially if you are an Internet Service Provider.
Are there cases of warrants being issued to search the contents of every locker of a storage facility looking for a single locker that might contain relevant evidence to a fairly low level attempted fraud?
1) Whoever does own the storage locker can consent to search (or be compelled to allow search through legal process), and you can't complain because you don't have a property interest in it.
2) Google is like a storage locker where the managers rifle through the contents and tell you what crap you might want to buy based on what you keep in your locker.
> Twenty years ago, if you had asked people: "If you had a service that data mined the information you gave it for advertising purposes, where potentially dozens of engineers and operators have access to that information--would you consider that a trusted and private system?" They would have said "no."
With the upside that every product is free and said service have never used such information malevolently? That's a resounding 'yes'.
I think this crux you explain is one of a search engine's biggest assets: Trust. If you can't trust a search engine to not be able to keep your searches private, you're not going to use them. Google will fight this one hard, I assure you.
I expect them to challenge court orders that likely will not be upheld if appealed.
Imagine a municipal court judge in west virginia demanded google hand over all data and source code they hold to a third party. They would, and should, fight this order in a higher court since this is massive overreach on the part of the judge.
But the OP explains why that's already a lost cause.
Google's entire business revolves around looking at people's searches, email, web browsing history, etc. and providing that information to advertisers. It's not private at all.
Facebook records everything you type, even if you never post it or send it as a message. People largely don't know [enough to|or] care. People care a lot when a sex toy app tracks app usage, even though every app does this.
The issue I see with this specific case is the dragnet nature of it -- they're tracking everything all the time, and now they're giving that info to anyone who asks. If you thought that the consequences of falsely condemning someone to the death penalty were dire, I see this as that but against everyone in the country.
The crux of the debate is whether Google is a quasi public place, like a convenience store, or something private, like your closet.
I think legally, Google is no different than any other business. Following the appropriate process, police can ask a convenience store to search their sales records to see who bought something on a particular date. They can ask a credit card company about someone's purchases on a particular date.
On the other hand, people disclose information to Google that they don't disclose to their convenience store clerk. That information is even more intimate than what people disclose to a credit card company. Someone's searches can reveal the deepest darkest things about them.
On the other other hand, Google as a service is not really one of trust. It's not like a bank that provides a safe deposit box and promises to not look inside (and is usually legally barred from doing so). Google rummages through your personal information for its own profit. Twenty years ago, if you had asked people: "If you had a service that data mined the information you gave it for advertising purposes, where potentially dozens of engineers and operators have access to that information--would you consider that a trusted and private system?" They would have said "no."