[IP] more on Subpoena for 1 million random web searches
Begin forwarded message:
From: Jim McCoy <mccoy@xxxxxxxxxxxxxxxxx>
Date: January 20, 2006 4:24:24 PM EST
To: dave@xxxxxxxxxx
Cc: ip@xxxxxxxxxxxxxx
Subject: Re: [IP] more on Subpoena for 1 million random web searches
On Jan 20, 2006, Steven Hertzberg <stevenstevensteven@xxxxxxxxx> wrote:
I understand that the government requested random web search data
from four
companies, and that three have already provided the requested
information.
Did these other companies research the legal merits of the
government's
request before complying, or did they simply acquiesce?
The other companies mentioned do have corporate counsels, so it is a
rather bold insinuation to suggest that the others merely rolled over
when asked. A more likely possibility is that they examined the
request, found it to be a valid subpoena, asked around in the
engineering group to make sure they could comply without subverting
user privacy, and complied as they are legally required to do.
Are trade secrets really all they are trying to protect (the multi-
stage filtering suggested in the additional request detailed in
online copies of sworn statements made by the person doing the work
for the government suggests this is not the case) or are they unable
to comply with the request due to privacy issues. The google privacy
policy directly states that they will sell aggregated non-personal
information to third-parties, are they just trying to get the
government to pay up like everyone else they sell info to? The
Google privacy policy also suggests that they will provide the
information (including detailed, privacy-compromising information it
seems) to "satisfy any applicable law, regulation, legal process or
enforceable governmental request" in addition to TOS violations,
security issues, and public safety. Is the subpoena not a legal
process or enforceable governement request? Perhaps the "trade
secret" that would be revealed is that Google doesn't disentangle the
private information from the aggregated user requests.
If the latter, then should we not also be discussing corporate
complicity and the merits of
continuing to utilize the services of these other three companies?
And if the former, perhaps what should be asked is why Google is
unable to provide this information without revealing personal data
about the users who sent in the requests.
Is their internal database unable to maintain any separation between
the request that hits the google servers and detailed information
about the user that sends the request? If they do not maintain a
separate "opaque" database that would enable them to easily fulfill
the warrant that was served then perhaps it is time to start asking
serious questions about internal data security at Google. How well
protected is this information? Is the next big "employee leaks
confidential user information" story going to detail how some low-
level employee shoulder-surfed his way to access he should not have
had and resold the google user database? How deeply does the internal
linking between request, transitory user info (ip address, time,
etc.), and permanent cookie and/or financial information extend?
Jim
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/