Commentary

DOJ Wants Google To Share Search, Click, Device Info With Rivals

The Department of Justice last week officially proposed not only that Google divest the Chrome browser, but also that it share with rivals a broad array of search data -- including users' queries, clicks and information about users' devices and software.

The recommendation is driven by the idea that Google maintains a monopoly over search, at least in part, by drawing on users' data to refine its algorithms and improve the quality of its results. But even if data sharing would help competitors, it would all but inevitably come at the cost of privacy.

Google itself has repeatedly made this point, most recently last week, when it wrote that the proposal would “endanger the security and privacy of millions of Americans.”

On Monday, the tech industry funded group NetChoice chimed in, calling the data sharing proposal "beyond reckless."

“The privacy issues here are obvious,” NetChoice writes. “It is beyond reckless for the government to demand Google hand over data its consumers have entrusted to them to anyone who asks.”

While the Justice Department acknowledges the potential privacy pitfalls, it only gave a vague nod to the issue in its proposal, which says Google should safeguard “personal privacy and security,” but doesn't explain how the company could do so.

That vagueness is itself a problem, according to John Davisson, senior counsel at the Electronic Privacy Information Center.

“It is important that whatever grows out of that proposed remedy be clarified in a way that actually protects privacy and security, and doesn't just treat them as an afterthought,” he tells MediaPost.

The proposed order is titled “initial proposed final judgment,” so it's possible the Justice Department plans to more fully flesh out its request in the future.

As a starting point, however, the Justice Department proposed that Google provide rivals with free access to “all data that can be obtained from users in the United States, directly through a search engine's interaction with the user's device, including software running on that device, by automated means.” (That definition encompasses not only users' searches, but also information like users' IP addresses and other data used for “device fingerprinting” -- a privacy-unfriendly means of tracking users by the characteristics of their devices.)

The Justice Department additionally seems to want to prohibit Google from using or retaining any data that can't be shared with competitors due to privacy concerns -- though that recommendation, like some of the others, doesn't appear to be fully fleshed out.

It's possible the government may seek a final order that would allow Google to maintain access to users' data as long as it provides rivals with anonymized information about search queries, clicks, IP addresses and other device identifiers. But even those terms would be problematic.

Consider that anonymization of search queries hasn't been successful in the past. Most famously, in 2006 an AOL employee posted three months' worth of supposedly anonymized search queries from 650,000 members. Despite the anonymization, some users were identified based on the patterns in their search queries. Most famously, within days of the July 2006 data release, The New York Times identified AOL user Thelma Arnold based on her queries.

Earlier this year, the advocacy group Consumer Reports flagged concerns about the possibility of forcing Google to share users' search histories.

“Providing detailed access to individual users’ click and query data raises privacy and data protections issues,” that group wrote in February.

“While anonymization techniques may have gotten better since 2006, so have the computing power and tools to deanonymize data,” Consumer Reports added. “For example, advances in machine learning based on deep neural networks and algorithms to find patterns and relationships in unstructured data.”

The group added that aggregation could help protect privacy, but would also make the data less useful to Google's competitors.

“This trade-off between protecting privacy by aggregating data and the usefulness of these data for Google’s competitors is not a trivial problem to resolve in our view,” Consumer Reports wrote.

Next story loading loading..