Last Wednesday, Google announced that it plans to begin erasing personally identifiable information about searchers within 18 to 24 months after it's gathered it. Potentially, this could be a real victory for the cause of online privacy. But I also wonder how much of the move is motivated by Google's PR concerns.
Let's start with the background information. Google plans to erase the last eight bits of searchers' IP addresses, after a maximum of 24 months of holding on to the information. That means that, 24 months after a search, it will no longer be possible to directly link a Google search to its originating IP number.
That won't be a complete elimination of user-identifiable information, as it will still be possible to narrow a search's origins down to one of 256 computers. One out of 256 is fairly imprecise, but it's still a pretty narrow group when you consider that it's 256 out of the total number of computers tapping into Google every day. Google is providing searchers more anonymity, but not total anonymity.
Meanwhile, even the most effusive praise for the move only goes so far as to call it a good first step. Ari Schwartz of the Center for Democracy and Technology, for instance, is quoted in The New York Times as commending Google's "first time" it's tried to "work out the conflict between... privacy and collecting all the world's information." At least as his quote appears within the Times piece, Schwartz seems to shy away from praising the initiative itself.
Rebecca Jeschke of the Electronic Freedom Frontier is similarly quoted in OnlineMediaDaily as saying that the Google step was helpful, but that "they can always go a little farther."
Of course, coming up short of privacy advocates' hopes doesn't necessarily mean that Google isn't serious about addressing privacy concerns. It merely shows that, when it's working through privacy issues, Google needs to go slow as it balances an extraordinary number of competing considerations. On the one hand, Google wants to protect users' privacy; at the same time, though, Google wants to create increasingly personalized search results -- and personalized results require utilizing personalized data.
There are also undoubtedly pressures from the government, which surely wants Google to hold on to its personal user information permanently, as Google's search data is a treasure trove for Homeland Security and the FBI. Indeed, Google's official reason for holding on to data as long as 18-24 months is that various countries in which Google operates require it to keep hold of its data for that long.
But one genuinely eyebrow-raising element of the Google announcement is its timing. Google, whose corporate mantra is "Don't Be Evil," now finds itself enmeshed in a billion-dollar lawsuit over alleged piracy violations. Suddenly, it's announced a new initiative to protect searchers' privacy. And the timing of the announcement is particularly interesting given that, according to the Google Blog, the actual initiative won't be rolled out until some later, undisclosed point "within a year's time." And so on the face of things, it certainly looks as if this is less a move to protect searcher rights, and more a move on Google's part to change the subject away from Viacom.
But is the Google privacy initiative really so disingenuous? Not necessarily. This is the same Google, after all, which stood down the U.S. government last January, refusing to hand over user information to the Department of Justice. It's also worth pointing to the theory posited by Eric Goldman, Director of the High Tech Law Institute at Santa ClaraUniversity. Goldman's view -- as quoted in the same OMD article as above -- is that Google is dumping data to make it an unattractive prospect for a subpoena or court order over that same information. If people know that Google doesn't have all the information they want, then they won't bother to ask Google for it.
If Goldman is right, then Google's real plan is to have its cake and eat it too. It holds on to data long enough to use it within personally targeted search results, like an even-further-enhanced Personalized Search. At the same time, it shelters its users from the eyes of court-ordered Big Brothers.
I think Goldman's theory makes a good deal of sense. I also think that, as it proved in its standoff with the Department of Justice, Google is genuinely serious about protecting its users' privacy. Which is why I really do believe that the privacy initiative is genuine on Google's part -- even if the announcement of the initiative was moved up for PR reasons.