Calif. Initiative To Regulate Search Engines?

Lauren Weinstein writes to tell us about CIFIP, the California Initiative For Internet Privacy — his attempt to get search engines off the dime on questions such as how long they retain search data. The initiative aims to explore "cooperative and/or legislative approaches to dealing with search engine and other Internet privacy issues, including a possible California initiative for the 2008 ballot." There is a public discussion list.

Sounds good in theory.

[CosmeticLobotamy]

But it's government, so to get anything done, anything enforceable would have to pretty much say, "You can only keep records for 25 years, and then you have to delete them. Seriously, guys, okay?" I'm not saying don't bother. Good on ya, California. But don't get yours hopes up.

Re:

[jacquesm]

the government is at odds with itself over this, there is privacy protection and then there is the 'war on terror' bs that says that we will track everything everywhere all the time (carnivore and such).

I'm pretty sure that privacy protection (of which there is precious little in the US to begin with) is going to lose out on this one. The right thing for GOOG, AOL, MSN and so on to do would be of course to unilaterally stop keeping track of peoples searches in such a way that they can be attributed to a par

Re:

[LifesABeach]

How about an initiative that reduces the number of laws that are basically redundant? I think what we are looking at is the lazyness of criminal investigators to investigate. I think also we are looking government types that would rather make a law, than look for a reason to understand the other persons view point. As for the Islam issue, maybe Islam could review how Kuwait does it; Not to many Kuwaites in the news these days, there must be a reason for it.

"With all these damn laws being passed, it is lo

Head to Head

[LiquidCoooled]

Won't this come head to head with the data retention rules?

You can either keep the information on the grounds of security or you can remove them on the basis of privacy.

There is no middle ground.

If you are not a supermodel with stolen pictures then you are a terrorist.

Re:

[walnutmon]

I am not exactly sure what I think should be legal and illegal for companies to do with their data. There is definately some gray area and good arguments on both sides.

What I am sure of, is this. The government should not have the right to tell companies they need to save this data. That is absolutely wrong on a very basic and fundamental level.

Re:

[Anonymous Coward]

If you are not a supermodel with stolen pictures then you are a terrorist.

Can't I be both? [wikipedia.org]

The alternative

[BadAnalogyGuy]

The only alternative to having a law on the books is to have a court case define a precedent. Given that lawmakers are actually beholden to their constituencies and voting base, it makes more sense to have them define the rules than a judge who may only be able to see the issue through the particular case in front of him.

Ultimately, though, no one really cares about this type of issue because it doesn't hit home at all. Most people are still using ATMs and paying bills with checks. Technology is passing mos

Re:

[Secrity]

I don't mind people paying bills with paper checks, what I can't stand are the people in supermarket checkout lines that still write paper checks to pay for groceries. These paper check holdouts are the women who won't even open their purse to get out their checkbook until the order is totalled up, they write REAL slow, they wait until the check is OK'ed and they are handed their receipt before they write the purchase in their check register, and then they won't move along until they finish balancing their

Lets get Ted Stevens on this...

[tehSpork]

When you allow companies to save mass amounts of information, mass amounts of information, about the searches performed on the tubes, the tubes could get clogged with all this information. Therefore, instead of allowing this information to accumulate on the walls of the tubes, we are putting forth a mandate that all search engines clean their tubes on a yearly basis. To protect privacy. To protect the tubes. To save the internets!

Re:

[bky1701]

Or someone could call Roto-Rooter, I hear they know about pipes.

Re:

[aplusjimages]

Tubes and pipes are totally different especially when it comes to the internets. Do you think Osama is laughing at America right now? He sits back, while our own government finds a way to destroy America.




That's right, I said "internets" too.

I hope this doesn't go too far

[walnutmon]

Basically the most dangerous part of keeping this data is the fact that other people can match you to your queries.

I think the government should only get involved if there is a problem that cannot be solved by the people themselves. Unfortunately, the willingness of companies to offer easily accessable avenues for finding some of the risks of their services is not as good as it should be.

I think the first step here is not to make hard rules as to how long all search info can be held, instead, they should give rules as to what can be held indefinately, and what cannot.

In this case, I don't think there is anything wrong with queries being kept indefinately, but it should not be kept in relation to people. Make it so that they have to encrypt IPs to some other value, so that searches can be tracked, and even what the users search, but there will be no way to tie that information to actual people.

That way the information can be stored indefinately, and in the event other people want to see, they will have nothing that they can use maliciously against other people. They will see search trends, and even see what individual users search for in order to create correlation between searches, but will not have access to anyones personal business.

It would be difficult to argue against this because any business that wants to know specific peoples searches is obviously using information that the users did not intend anyone to have.

By doing this the search companies would have a much more trusting user base.

If only we had a media that brought up important stuff like this, the companies would do it on their own in order to generate good PR and more traffic.

Re:

[CosmeticLobotamy]

In this case, I don't think there is anything wrong with queries being kept indefinately, but it should not be kept in relation to people. Make it so that they have to encrypt IPs to some other value, so that searches can be tracked, and even what the users search, but there will be no way to tie that information to actual people.

Remember when AOL did exactly that and the humongous problems with it brought the issue to everyone's attention?

Re:

[jacquesm]

I'm working on a little contest, the prize will be 2500 euros for the first person to match up 100 real life identities with the search profiles, stay tuned.

(it took a while to get all the data correlated, but the main tables are all ready to go)

It is my firm belief that search engines should VOW not to keep search profiles on their users, nobody has yet seen an increase in quality from keeping person bound search records (even anonimized like aols were). Search records are 'radio active' in a sense because

Re:

[OmnipotentEntity]

Huh? I know I find it very useful when the entity in question allows you to search through your past searches. (*cough* Google *cough*)

And honestly, how would you know if search companies don't actually take your search history into account. Quality is a very subjective measurement, and you don't actually know what's going on behind the scenes.

I honestly would not mind my search history made public. It's nothing interesting, I don't look up loli porn. And the most incriminating thing I have on it

Re:

[jacquesm]

well, as an omnipotent entity you have little to fear :)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I hope this doesn't go too far

[jacquesm]

the main reason for keeping searches anonymous is that you have no idea where that data will end up. You've looked up something about aids recently ? Your insurance just went up.

Tried to find out how to make TNT ? Off to Guantamo bay with you.

Finding out about the origins and local chapter of the KKK ? Better buy a new set of windows.

and so on.

Search queries are a private thing because like calling the help hot line for being suicidal if you can not guarantee privacy you end up causing real life damage.

Marketeers wet dreams and bottom lines only go so far, it's perfectly possible to run a search engine without profiling and still make a buck.

Maybe not quite as many bucks, and maybe you'd have to work a little harder to 'monetize' but to unconditionally hold hostage an individuals entire search history for an indefinite amount of time is a serious breach of privacy.

It would be like the phone company keeping a record of all your CONVERSATIONS, not just the numbers that you have dialled.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[jacquesm]

spot on, but for technology people like you (and hopefully me) this is obvious. The problem is that the 'general public' is absolutely clueless about this and it will probably cause them great harm in the long run.

Just like credit bureaus started out collecting stuff just for the heck of it they are now causing a very large problem for a very large portion of the population. Europe has much stricter privacy laws and as far as I know there is no way for your insurance company, your employer or anybody else f

Re:

[nschubach]

My biggest problem with all this crap is as follows:

I feel my freedom of speech and information allows me to go out and read up on Nazi Germany if I want. It doesn't mean I'm going to go out and slaughter millions of Jews and try to invade Russia. I'm just interested in the war and I want to find out as much as I can about what happened. Now if this data is collected and I find that I have a police officer following me around town pulling me over every time I go 3 miles over the speed limit, or I go to

Re:

[1134]

Looks like California is getting uppity... trying to regulate the world. Sometime I'd like to see someone like google just say "Fine, we are boycotting your state." I am not specifically complaining about Calf, but the general principle of someone thinking they are big enough to extort others into doing what they mandate. It would be nice to see someone give these these bullies the proverbial finger.

Re:

[stuartrobinson]

Try running s/California/USA/g on your post. I wonder if you would still feel the same way.

Re:

[MasaMuneCyrus]

Perhaps search engines could keep the IPs, but replace ccc and ddd (aaa.bbb.ccc.ddd) with "xxx.xxx", thus deleting any identifiable information (aside from ISP and region), but keeping the valuable information that helps search engine makers improve their search resutls, based on region.

You volunteer this information.

[onion2k]

While search firms have a legitimate business interest in using this data in reasonable ways for both ongoing business and R&D purposes, it is difficult for reasonable observers to justify the retention of this data on an indefinite basis.

The information that you submit to a search engine, such as your search terms, your IP address, your user agent string, any cookie information, is all submitted voluntarily. You give up this data willingly. If you want to keep any of this information private then don't submit it. Of course, that means you won't be able to use the search engine, that's the cost of privacy. A price you should be willing to pay if your privacy is genuinuely important to you.

Too many people seem to expect that they should be able to live a private life despite handing over vast swaths of data on a daily basis. You can't. If you want your data to be private you need to keep it to yourself. Data retention issues are only applicable in situations where you don't have a choice about relinguishing your information (eg tax returns, vehicle licensing, etc).

Bottom line: If you choose to tell someone something voluntarily you cannot expect them to forget about it when you think they should.

Re:

[walnutmon]

You give up this data willingly.

To a certain extent.

My problem is this. It is not obvious to most users that this information is tracked to such a detailed degree. I spent four years in college for computer engineering, before that, I didn't know that entering text in a search engine was actually trackable to me. And I certainly didn't know that it was trackable, storeable, and searchable.

There is a reason people have their rights read to them when they are arrested. It is because not everyon

Re:

[RAMMS+EIN]

``It is not obvious to most users that this information is tracked to such a detailed degree.''

Maybe we should make it so that it isn't. Right now, most web browsers broadcast an enormous amount of information, whenever they send a request. Do all websites we contact really need that information? Does it have to be broadcast in the clear? What if we made a browser that submitted only the minimum amount of information necessary to get a response back, used an overlay network to make different requests appear

Re:

[maxume]

This post is a little bit fanboyish, but Google does pretty well, so let's give them due consideration.

Their terms of service are clear and fairly concise:

http://www.google.com/intl/en/terms_of_service.htm l [google.com]

They attempt to explain how your interactions with their services seperately from their actual privacy policy. The privacy highlights document is somewhat shorter than the actual policy, but neither is terribly long, and both are clearly written:

http://www.google.com/privacy.html [google.com]
http://www.google.com/pri [google.com]

It's not written in stone

[BadAnalogyGuy]

Though you may hand over this information, there's nothing forcing the government to force search engine companies hold on to the data. If the search engine decides it doesn't want to hold on to all these search stats, they can't do anything about it if their hands are tied by government regulation.

I don't care whether or not my privacy is protected by Google. I do care that the government cares enough that they see fit to codify it in a way that isn't leaning towards the privacy side.

I would rather they ju

Re:

[CrankyFool]

Look, we do the "you gave it to them, they can do what you want with it" dance here when it comes to search engines every once in a while, and we do the "you gave it to them and you can reasonably expect they'll safeguard it" dance here when it comes to financial institutions every once in a while. In the end, it's all about disclosure -- sure, you're giving your info to SEs, but you should be able to make that decision based on some information about what they'll do with it, and "whatever we damn well lik

Re:You volunteer this information.

[pubjames]

You give up this data willingly.

Within the context of applicable laws. The laws we define.

You can apply your argument to pretty much everything - when you send a parcel via UPS, when you make a telephone call, when you give your details to a company to purchase something. Laws apply which protect us from misuse of our personal information.

If you choose to tell someone something voluntarily you cannot expect them to forget about it when you think they should.

Rubbish. An organisation can use your personal information within the bounds set by applicable laws.

Re:

[RexRhino]

Rubbish. An organisation can use your personal information within the bounds set by applicable laws.

Since when did the government start legislating WHAT WE ARE ALLOWED TO DO, instead of what we ARE NOT ALLOWED TO DO? The last time I checked, in a free society, we do whatever we want by default, unless the government explicitly and specificly bans a certain behavior.

Perhaps I am misinterpreting what you are saying (in which case I apologize), but it sounds like you are saying that an organization can only us

Re:

[FleaPlus]

> Within the context of applicable laws. The laws we define.

Sure, and you can produce any speech you want, worship any religion you want, or peacably assembly to protest what you want... within the context of applicable laws. The point is that there (at least should be) limits to what laws control.

Re:

[caudron]

I'm calling bullshit on this one.

I want to agree. I really do, but this isn't the 1800's. You can't just go off into the mountains to stay out of society's way. To live in this Brave New World you must---not can or ought, but must---participate in the global information infrastructure. In doing so, you will leave a trail. In other words, we've crafted a world wherein a person, to live as normal, must give up that privacy that was expectable in generations past. You must do these things to compete with

This may come as news to these folks, but...

[voice_of_all_reason]

If the search engine doesn't have an office in CA (and it'd be easy to move for stuff like this), they have no reason to listen to your silly laws.

Re:This may come as news to these folks, but...

[jacquesm]

no, not really the traffic passes through points located in California.

Also, right now:

Registrant:
                Google Inc. (DOM-258879)
                Please contact contact-admin@google.com 1600 Amphitheatre Parkway
                Mountain View CA 94043
                US

they're pretty well represented there, and moving house is also not cheap (not to mention relocating all your employees) and all that just to avoid abiding by the law.

You might as well set up shop in Afghanistan if that's you attitude :)

Re:

[voice_of_all_reason]

They could see it as a way to offshore without all the negativity. "Sorry everyone, our hands our tied!". Though I didn't know they were talking about google.

And even if the traffic passes through hops in CA, what can they do about it? Maybe force all local ISPs to block the search engine, but there's still 49 other states that will be unaffected.

Re:

[jacquesm]

google was implied (at least for me), they're the no.1 search company by a long stretch, and California would be a bad state to lose for any hightech company.

Re:

[RexRhino]

You mean set up shop Somalia... Afghanistan is an American puppet nation, so I am not sure it is the place to go to escape U.S. regulations.

Re:

[IO ERROR]

Mod parent up... I love these CIFIP guys. They basically are saying: "We want you to run your business OUR way, and if you don't, we'll get the guys with guns (the state) to MAKE you run your business OUR way." They act as if they didn't have a CHOICE or the ABILITY to protect their own privacy, both of which they do in abundance. Maybe this will finally wake up Silicon Valley and they'll finally get the hell out of the People's Communist Democratic Republic of Kalifornia. There are much better places, e

Public discussion?

[blirp]

There is a public discussion list.

But is it searchable?

M.

It would be interesting ...

[LaughingCoder]

... if the search companies were required to tell *us* our *own* search history. Of course there is the non-trivial issue of identify verification which, if not done properly, could lead to much abuse.

Good job!

[numbski]

Way to chase those search engines off our shores and into places where they won't be bothered! :P

I want some answers too, but when it comes right down to it, can we really bully these private companies into giving out this kind of info?

Impress me

[symbolic]

This is a knee-jerk reaction to an unfortunate incident- it's only a symptom of a much larger problem that lawmakers refuse to address...companies that make their living pimping and prostituting the personal information of American citizens. There is also the complete lack of a comprehensive law governing the handling of sensitive data, and that protects citizens from people that essentially profit from the increased risk they pose to the security other peoples' information.

But then, in order to really addr

Government Contradiction...

[RexRhino]

So, very soon in California, it will both be illegal to retain data on search engine queries in order to protect people's privacy, and at the same time search engines will be legally required to retain data on searches for ciminal investigations! Brilliant!

archive.org, is that a "search engine"

[sdiz]

Will archive.org outlawed? What is "search engine", actually.

Dont use an SE without a proxy

[talledega500]

http://www.blackboxsearch.com/ [blackboxsearch.com]

unless you just crazy