Bush Administration Demands Search Data; Google Says No; AOL, MSN & Yahoo Said Yes

NOTE: We're continuing to update this news through postscripts below the original story.

Via John Battelle and Google Morning Silicon Valley, the San Jose Mercury News article "Feds want Google search records" covers the Bush administration demanding last year that Google and other search engines turn over aggregate search information to help revive a child protection law. Google has refused to comply with the subpoena. A motion has been filed this week by US Department Of Justice to force Google to hand over the data.

In particular, the Bush administration wanted one million random web addresses and records of all Google searches for a one week period. The government apparently wants to estimate how much pornography shows up in the searches that children do.

Here's a thought. If you want to measure how much porn is showing up in searches, try searching for it yourself rather than issuing privacy alarm sounding subpoenas. It would certainly be more accurate.

Getting a list of all searches in one week definitely would let US federal government dig deep into the long tail of porn searches. But then again, the sheer amount of data would be overwhelming. Do you know every variation of a term someone might use, that you're going to dig out of the hundreds of millions of searches you'd get? Oh, and be sure you filter out all the automated queries coming in from rank checking tools, while you're add it. They won't skew the data at all, nope.

Moreover, since the data is divorced from user info, you have no idea what searches are being done by children or not. In the end, you've asked for a lot of data that's not really going to help you estimate anything at all.

Far better would be to do some searches that you think children and teens are actually doing, such as by doing a survey of them. Then just go start searching on Google and the other search engines yourselves. See what actually comes up, especially when the filtering protection each service offers is enabled. That would give you plenty of data, plus it would be useful for everyone to have someone rigorously test the filtering systems that are offered. Serving subpoenas to get the data isn't necessary.

It's important to note that from what I read, the requests do not involve user data at all. Shutting off your cookies or purging your personalized search data wouldn't protect you with this request, because the request wasn't going after personal data. To stress again:

* According to the report, they wanted a list of one million web addresses. Not who went to the web pages and when, just a list of URLs picked randomly.

* They wanted searches for one week. I haven't seen the court documents, but I'm guessing Google could have handed over a list of searches that were entirely unassociated with IP addresses, times, cookies and registration information. Nothing suggests that they wanted to know who did the searches in any way.

Having said this, such a move absolutely should breed some paranoia. They didn't ask for data this time, but next time, they might. Of course, it bears reminding that this type of data is easily obtainable from ISPs. So even if the search engines refuse to comply, your own ISP could be giving up your data -- or selling it.

Overall, I say kudos to Google for declaring the request overreaching and refusing to comply. I'm checking with the other major search engines to see if they handed over data.

I've spoken and written a bit about the idea that the search engines need to consider creating a clear "Search Privacy Bill Of Rights," spelling out clearly what protections they'll pledge you'll always have with your data and exactly how it will be used, destroyed and so on. I want to move ahead with more explorations of this -- and perhaps we need a similar one enacted by governments to spell out what they will and will not do with our highly private search data.

Moving Past Google Privacy Fears & Toward An Industry Solution from me last year gives you a lot of background on search privacy issues from over the years. There's an extensive reading list at the bottom.

After I put that out, I also created a thread at our Search Engine Watch Forums, How Should Search Engines Protect Privacy?. Unfortunately, that thread -- while it got lots of discussion -- never generated as many concrete ideas and suggestions about what should go in a Search Privacy Bill Of Rights as I hoped for. So I'm trying again. Got thoughts, comments, suggestions? Please visit our new thread, A Search Privacy Bill Of Rights.

Can anyone say, "hegemony" ...?

Hegemony (n); the dominance of one group over other groups, with or without the threat of force, to the extent that, for instance, the dominant party can dictate the terms of trade to its advantage; or more broadly, that cultural perspectives become skewed to favor the dominant group. (from Wikipedia)

Please won't someone - anyone! - loan the Bush administration a few neurons, or perhaps put them through elementary school?

Pretty please?

I think it's more like Republican control of the US government, rather than the government per se, that's at fault here.

Matt Cutts, a software engineer at Google since January 2000, used to work for the National Security Agency.

Keyhole, the satellite imaging company that Google acquired in October 2004, was funded by the CIA.

"We are moving to a Google that knows more about you." — Google CEO Eric Schmidt, February 9, 2005

Google offers more storage for your email than other Internet service providers that we know about. The powerful searching encourages account holders to never delete anything. It's easier to just leave it in the inbox and let the powerful searching keep track of it. Google admits that deleted messages will remain on their system, and may be accessible internally at Google, for an indefinite period of time.

Google's relationships with government officials in all of the dozens of countries where they operate are a mystery, because Google never makes any statements about this. But here's a clue: Google uses the term "governmental request" three times on their terms-of-use page and once on their privacy page. Google's language means that all Gmail account holders have consented to allow Google to show any and all email in their Gmail accounts to any official from any government whatsoever, even when the request is informal or extralegal, at Google's sole discretion. Why should we send email to Gmail accounts under such draconian conditions?

If Google builds a database of keywords associated with email addresses, the potential for abuse is staggering. Google could grow a database that spits out the email addresses of those who used those keywords. How about words such as "box cutters" in the same email as "airline schedules"? Can you think of anyone who might be interested in obtaining a list of email addresses for that particular combination? Or how about "mp3" with "download"? Since the RIAA has sent subpoenas to Internet service providers and universities in an effort to identify copyright abusers, why should we expect Gmail to be off-limits?

Intelligence agencies would love to play with this information. Diagrams that show social networks of people who are inclined toward certain thoughts could be generated. This is one form of "data mining," which is very lucrative now for high-tech firms, such as Google, that contract with federal agencies. Email addresses tied to keywords would be perfect for this. The fact that Google offers so much storage turns Gmail into something that is uniquely dangerous and creepy.

Well I suppose if you built a private personal search engine, that would do lol. Though that much indexing would take months.

Also, simple masking measures work nicely, proxies can help, ip masking, gateways ect. I mean there are plenty of hackers who do naughty things and no one catches them. So rather, its not which search engine you search on, but how you search it.. ^.=

Please won't someone - anyone! - loan the Bush administration a few neurons, or perhaps put them through elementary school?

, it's a search engine which doesn't keep records of this information.