Decius wrote: Don't you agree with them? I don't think search engines should store usage data indefinately.
As the recent Taylor ruling on the NSA case made clear, one can agree with a decision but not its line of reasoning. Decius wrote: I'm not sure I folllow how your distinction between a common carrier and an enhanced service provider is relevent to this discussion. I would say that the phone numbers you dial have approximately the same privacy implications as search terms. Search terms are a bit worse, but it's the same ball park.
My chief complaint was that NYT was making an apples-oranges comparison; there are legal precedents regarding the caller's expectation of privacy with regard to a common carrier, but those precedents do not apply to enhanced services. The call detail records are a much better analogy, although the phone company has a (more) legitimate business need to retain the records (for a period of time) for billing purposes. Additionally, aggregated call records (perhaps at the level of digital-edge-to-digital-edge) play a role in long-term planning for network capacity. Since Internet search customers are not billed for service, these records do not serve that purpose. The AOL case complicates the fundamental issue, due to the fact that a time-series history was released. For legal purposes, one would prefer to have a separate ruling on the privacy expectations associated with a single search query (and any associated record of user click-throughs). On this basis, then, the court could proceed to evaluate the implications of long-term accumulation. Decius wrote: As time goes on from the search, the risks associated with holding on to that information far exceed the value of storing it.
Is that really true? Or is it the time-series compilation of queries that increases the risk? As an exercise, compare the damages associated with two cases in which 10 million search records are inadvertantly released. In the first case, the database consists of the last one thousand queries from each of 10,000 users. In the second case, the database consists of the last single query from each of 10 million users. Decius wrote: Unfortunately, all of the risk is borne by the searcher and all of the value is borne by the holder. This sort of imbalance is an area where it makes sense for the government to intervene.
The imbalance is real enough, but I'd be concerned that too much government intervention could stifle innovation. It is not enough to simply "empower" the customer with the authority to dictate a binary (yes or no) policy about data retention. Most customers are not in a position to make an informed judgment about this, and service providers are motivated to convince the customer of its necessity. Unless specifically prohibited, you are likely to see practices bordering on coercion ... where a web service is free if you accept the data retention policy, or $10/month if you do not. But such a development would not necessarily be bad, because it puts a valuation on the data. (One would be reliant on market pressure to make this reflect its true value.) Then legislation could set the minimum penalty for disclosure at N times accumulated value, for some N. RE: Enter Search Term Here, Forever |