Analysis: Search Engines' Trustworthiness Shaken By Government Data Gathering

When major search engines hand over anonymous search results to government officials, it makes one wonder: Can Internet businesses be trusted with people's private information?

Antone Gonsalves, Contributor

January 20, 2006

5 Min Read
InformationWeek logo in a gray background | InformationWeek

The attention that has been drawn to the major search engines that handed over anonymous search results subpoenaed by the U.S. Justice Department has brought into question whether the Internet businesses can be trusted with people's private information.

On Thursday, America Online Inc., Microsoft Corp.'s MSN, Yahoo Inc. and Google Inc. acknowledged that they received subpoenas from government prosecutors trying to revive the 1998 Child Online Protection Act that was struck down by the U.S. Supreme Court. AOL, Microsoft and Yahoo acknowledged handing over search data to the government; Google has refused and intends to fight, saying the Bush administration's requests are too broad.

Search terms plugged into Google and the rest can give lots of clues on people. For example the terms could indicate a person has a medical condition, an unfaithful spouse, concerns over sexual orientation, or many other issues that most people would prefer to keep private.

In addition, many people sign in with user name and password as a requirement to use other services, such as Web mail, instant messaging and blogging, creating an even tighter connection between a person and his use of a search engine's offerings.

The amount of data gathered by search engines already rankles some people. So the disclosure that three out of four major search engines would give up data without a fight, even though the information could not identify a person, is sure to intensify some people's feelings about data-gathering on the Web.

"My approach to sites asking for too much personal information is to simply lie," Ned of Oklahoma City, who asked that his last name be withheld, said in an email. "Even if I don't mind telling them things like my date of birth, I lie on the principle of it and to screw up their data."

In providing information, AOL, Yahoo and MSN did tarnish their trustworthiness, one expert believes.

"AOL, Microsoft and Yahoo did not violate the privacy of any user by handing over this information. No private data was revealed," Danny Sullivan, editor of Search Engine Watch said Friday in his blog. "Nevertheless, by not pushing back against such a bad request for data, it leaves open the real fear that they might not push back if the US government decided to go on a real fishing expedition in the future. Privacy may not have been lost but trust was."

A lack of trust is one reason behind the Electronic Freedom Foundation's recommendation that people use software that hides their computer's Internet address while surfing the Web or using search engines. As long as a person doesn't enter a site with a user name and password, then he can wander the Web almost anonymously. "We don't believe anybody should be keeping all this information," Rebecca Jeschke, spokeswoman for the privacy group, said of data gathering by search engines. "The government wouldn't be able to get this information, if it wasn't there."

The EFF is a plaintiff in the lawsuit challenging COPA, which was meant to shield minors from Web sites that offer sexually explicit content. The high court struck down provisions that required sites to offer such content only to registered users or people who sign-in first, saying that filtering software is sufficient to keep the content away from children.

In seeking the search data, government lawyers are hoping to show a federal court in Pennsylvania that sexually explicit material is easily accessible through search engines and is not adequately blocked by filters.

To Andrew B. Serwin, a partner in the San Diego law firm Foley & Lardner LLP and a consultant on privacy issues to Internet companies, trust and privacy are "two sides of the same coin."

"Whether you put it in terms of trust or privacy, the concern is that the government could use non-personal information as a basis for a warrant to get personal information," Serwin said.

Once government prosecutors get non-identifiable information, they could see patterns that they decide are suspicious, and then go back to subpoena specific data that could identify people whose searches fell within those patterns.

"It is not beyond the realm of possibility that the government would say, 'we know these searches occurred, so lets have more information,'" Serwin said.

There is no indication that the Justice Department is heading in that direction in the current case, but providing such large amounts of data could be the beginnings of a trend, the lawyer said.

The issues in the current case also have no implications for national security and fighting terrorism, Serwin said. Such issues are handled through the Patriot Act, which gives federal law enforcement the right to demand information in secrecy.

"We're not dealing with a Patriot Act request, in which case we wouldn't have heard about it," Serwin said. "This is not a national security issue."

The question of trust and Internet businesses has spread beyond U.S. borders to places with less political freedom. Microsoft this month was criticized for taking down from its blog-hosting service MSN Spaces, the blog of an outspoken Chinese journalist Zhao Jing. The company said it was complying with Chinese laws.

In September, Yahoo gave information about journalist Shi Tao's personal email account to Beijing, which later jailed him for 10 years on charges of divulging state secrets.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights