SF Bay Area Indymedia indymedia
About Contact Subscribe Calendar Publish Print Donate

South Bay | Animal Liberation | Indymedia

New privacy policy, cooperation with law enforcement & your data: An interview with Google
by mark
Wednesday Sep 10th, 2008 4:50 PM
Just as Google unveiled a new, "improved" privacy policy, a sworn affidavit entitled "Statement of Probable Cause" was released showing that the cooperation of Google and Sonic.net with UC Police led, in part, to last month's raid on the Long Haul Infoshop. We took this opportunity to ask Google some questions about its privacy policy and how much of its users' data is really anonymized.
Yesterday it was disclosed that data retained by Google and Sonic.net (a Santa Rosa, CA-based ISP) and divulged to University of California police under a court order led, in part, to last month's police raid of the Long Haul Infoshop in Berkeley, CA. In the course of the Aug. 27th raid -- apparently part of an investigation into hostile e-mails sent to UC Berkeley staff, according to an affidavit filed by Detective Bill Kasiske -- UC police, an FBI agent and a Sheriff's deputy seized computers, hard drives and memory cards from the Infoshop's public computer lab and from the Slingshot newspaper office in the same building.

The Google connection inspired us to ask the Silicon Valley behemoth some questions about its newly-minted privacy policy, which Google heralded on Sept. 8th as "Another step to protect user privacy," and about the company's policies on contesting -- or cooperating with -- court orders to assist with the surveillance of its users. We wondered how much of the typical Google user's data is really "protected". Apparently, the answer is, "very little", as recent improvements to Google's privacy policy cover only usage by "unauthenticated" users.

In other words, if you are logged in to Google while using a service such as Gmail or Google Talk, your data may be logged and accessible to third parties through a court order forever -- unless you explicitly ask Google to delete it. And even if you do, Google's privacy policy doesn't promise to delete your data, if honoring the request would require too much "effort." On the other hand, if you access Google "anonymously", that is, without being logged in, Google says it will "anonymize" its logs of your activity nine months later by removing your IP address.

Sonic.net management has not yet responded to questions about its own privacy policy.

Does Google's new privacy policy concerning the anonymization of IP addresses, after nine months, cover all Google servers, including e-mail, chat and other non-search services?
GOOGLE: Our data anonymization policy applies to unauthenticated server logs, not to the logs of services that require a Google Account, such as Gmail. With respect to those Services, the user has the ability to delete or retain his/her data, as described in the privacy policies of those services.
Does Google have any policy on if or when to inform a user that his/her data has been provided to a third party, due to a court order or other legal process?
GOOGLE: Like all law-abiding companies, we comply with U.S. laws and legal processes. We strive to be as cooperative in the investigation and prosecution of crimes as we possibly can, while being careful to balance the interests of our users. We typically do not share information about these requests publicly. When possible, we notify the user in order to give them the opportunity to object.
Does Google keep records on how data which it has retained and provided to authorities is used? For example, in this case the data was used to conduct a raid and seizure of a computer lab and newspaper. In other countries there could be other (worse) ramifications due to human rights problems. Of course in many cases Google's data and cooperation could aid the investigation of a crime, from financial fraud to stalking.
GOOGLE: As a matter of policy, we don't comment on the nature or the substance of law enforcement requests to Google.
Does Google have a policy on if or when to contest court orders requesting identifying information, through the legal system?
GOOGLE: Google does comply with valid legal process, such as court orders and subpoenas. At the same time we have a legal team whose job is to scrutinize these requests and make sure they meet not only the letter but the spirit of the law. We have a history of being an advocate for user privacy. In 2006, we went to court to resist a Department of Justice subpoena for millions of search queries on the grounds that it was excessive and invaded our users' privacy. The judge ultimately ruled in Google's favor, establishing an important precedent for user privacy. It's also important to note that our new policy of anonymizing IP addresses in our server logs after 9 months and cookies after 18 months will make it impossible, practically speaking, for us to associate search queries with IP addresses or cookies after those periods of time, which will, in turn, make it impossible for us to provide such data to law enforcement.
Do you know approximately how many times a year Google turns over personal data in response to a court order?
GOOGLE: As a matter of policy, we don't provide that information publicly.

Comments  (Hide Comments)

by Questioner
Wednesday Sep 10th, 2008 8:47 PM
While internet privacy is important, the affidavit contained the content of the emails sent. They threaten physical violence using vitriolic and hateful language. Is this considered free speech? It looks more like criminal behavior.

It could be that Long Haul may have to try harder to ensure its computers are only used for stuff that is more likely to viewed as free speech than the emails that were sent.

The content of those emails is indefensible to all but the most rabid and violent anti-animal research folks. It doesn't help the cause of either the humane treatment of animals or free speech to defend that stuff.
by Craig Stehr
( craigstehr [at] hushmail.com ) Wednesday Sep 10th, 2008 9:39 PM
Let's all face this like grownups, okay? Many years ago when I went to see my friend Mary Carlton, and asked her to ask Dale Becknell of the Northern California Land Trust, which owned the Long Haul Infoshop building, to extend the Long Haul lease (in spite of the Infoshop being constantly behind in its money obligation), Mary agreed that there was indeed historical reason to give the Infoshop every possible chance. In fact, at the time, it was being considered to put up a new apartment building at that location; but considering that myself, Mary and Dale had been part of the Intercollective which met there in the late 1970's, and Mary and I put together the '85 West Coast Collectives Directory on a UNIX system, I argued that the current crop of participants deserved to have the space as we did. And so, a decision was made to wait on the apartment building, and invest the money elsewhere. Since then, the Infoshop has devolved into a clique dominated clubhouse of punk-crusty transients, anarchists-of-the-moment, and retrowitches. Consensus decision making is a complete joke there nowadays, which has allowed the illegitimate banning of myself, and many others. Zachary Running Wolf once scheduled a fundraiser at the Infoshop, when he was campaigning for Berkeley mayor, but since the anti-government "anarchists" had banned him from entering, he attended his own fundraiser on the sidewalk outside! Maybe it's time for the building owner to consider the section 8 apartment scheme anew. Now that would be a serious revolutionary choice!
by whaaat?
Thursday Sep 11th, 2008 9:27 AM
To first commenter: You suggest Long Haul should be careful about what kind of content is emailed....
That is exactly the opposite of free speech and internet freedom.

So, internet content should be monitored because people look scruffy? You are going down a slippery slope with this one!
by suuki
Thursday Sep 11th, 2008 3:15 PM
"The most stringent protection of free speech would not protect a man falsely shouting fire in a theater and causing a panic." -Oliver Wendell Holmes, Jr.

Keep this in mind.
by Questioner
Thursday Sep 11th, 2008 5:41 PM
>To first commenter: You suggest Long Haul should be careful about what kind of content is emailed....
>That is exactly the opposite of free speech and internet freedom.

>So, internet content should be monitored because people look scruffy? You are going down a slippery slope with this one!

No, the point is that Long Haul is going to bear the troubles that come if its generous provision of access to the internet continues to be used for criminal purposes. I think the folks who sent those emails did a terrible disservice to Long Haul. They took advantage of a trusting and open organization to do something indefensible that allowed them to remain anonymous but brought the hassles down on Long Haul. Those folks really dumped a load of stink on the Long Haul, even though it is easier for some people to blame the cops. Free access is cool, but it looks like it got abused. My question was, yeah free speech I get, let's defend that, but do you really want to defend THOSE emails as free speech?? It looks dicey. It is the reason people are starting to use the term "animal rights terrorists". Those emails are terroristic in nature. Read them. They were meant to terrorize the recipients.

How Long Haul might more carefully monitor the use of its equipment was not something I addressed, nor do I have any good ideas about how to do it while preserving free speech or allowing anonymity for righteously framed but unpopular and non-vitriolic opinions. But if the system continues to be abused by anonymous folks who promote violence and threats, then I fear those folks will bring the generosity of the Long Haul to ruin on this issue. Otherwise Long Haul may just get their new computers taken as well in a couple of weeks. Who needs more of that??
by mark
Sunday Sep 14th, 2008 4:02 PM
I neglected to ask Google how their "anonymization" will work. Well Chris Soghoian did, and it turns out that Google will not even actually be anonymizing the unauthenticated server logs. They will simply be removing the last few bits of each IP address from their logs, which is similar to removing the last couple digits from a phone number or street address.
by Fuck You
Tuesday Sep 16th, 2008 2:11 AM
You should refrain from linking to a radical campaign which you wish to support, when you give such a bad impression of yourself. You'll give Rising Tide a bad name.