Spying Eyes:
America's Most Popular Search Engine Is Keeping Tabs On Us

by Dan Kennedy 02/15/2005

Appearing in the Boston Phoenix, Long Island Press, Portland Phoenix, etc.

Is there a company anywhere within these United States with a better public image than Google? We love it. We need it. We use it—more than 200 million times a day, by some accounts. The unofficial slogan—"Don't Be Evil"—epitomizes everything we want in a business relationship. And more often than not, Google lives up to those words.

But there is another side to Google, and it's one that the company would just as soon you not think about. It's what happens each and every time you look up a piece of information. An old boyfriend. A political organization you heard mentioned on television the night before. A possible vacation spot. Or maybe you're a student trying to track down a terrorist group's website for a paper you're writing. Or a church elder who likes to look at hardcore pornography. Or you're seeking information on how to grow your own marijuana. Who knows?

Google knows. According to Lauren Weinstein, an Internet activist and privacy expert based in Southern California, Google keeps track of every search that's made, as well as the Internet location of the computer from which the search is taking place—and then it stores that information for possible future use. Moreover, he says, it would not be terribly difficult to trace those searches to the person who made them. That's you and me.

Such tracking is common on the Internet, of course. Amazon.com knows what kinds of books and music you like, and it puts those products in front of your eyeballs at every opportunity. Internet-service providers such as America Online and Microsoft's MSN collect enormous amounts of data about their customers. Same with Yahoo!, which—with personalized services such as My Yahoo!—is also more zealous than Google about trying to get its customers to sign up and thus identify themselves.

For all anyone knows, Google is handling private information more responsibly than many other corporations are. So why single out the Internet company everyone loves? For two reasons: First, it's so ubiquitous that it's the only online service that virtually all of us use regularly—10, 20, 50 times a day; and second, the famously sparse user interface exudes an aura of anonymity. You don't have to register—you're not even asked to register—for the basic Google services we use all the time, such as searching for websites, news, and pictures. At Amazon, you know you're being watched. But you might be surprised to learn that Google is watching, too.

"Google has some wonderful products. I use it all the time. I'm as dependent on it as anyone else is. But that doesn't change anything," says Weinstein. "The 'Google is so neat' kind of haze that surrounds this has blinded people into failing to think one step beyond."

The Dark Side
Weinstein, the motorcycle-riding co-founder of People for Internet Responsibility, first publicly questioned Google's privacy practices last month with a post on his weblog (lauren.vortex.com) titled "The Dark Side of Google." Among other things, he wrote, "Google has created a growing information repository of a sort that CIA and NSA (and the old KGB) would probably envy and covet in no uncertain terms—and Google's data is virtually without outside oversight or regulation."

Here's how it works, according to Weinstein. Every computer attached to the Internet has something called an "Internet protocol" (or IP) address, which is a string of numbers separated by decimal points. At work, your IP address is likely that of your company's dedicated network; it never changes, and anyone who obtained that IP address would be able to trace it back to your workplace, if not necessarily to your desk. At home, if you're using an Internet-service provider such as AOL or EarthLink, you have what's known as a "dynamic" IP address—that is, your IP address changes on a fairly regular basis.

Still, a Google search could be traced back to you if someone knew you were using a particular IP address at a particular time—information that Google does not have, but that your Internet provider does. Someone armed with a subpoena—say, an FBI agent who's curious about your interest in chemical warfare, or your soon-to-be-ex spouse's divorce lawyer—could pay a visit to your Internet provider to find out who was using what IP address when. That is exactly how the music industry has busted illegal file-sharers: Investigators cruise services such as KaZaA and LimeWire looking for the IP addresses of computers on which copyrighted files are available for download. After they've got that information, they need only pay a visit to EarthLink or wherever to match the numbers with names.

And that's assuming you have your Web browser's cookies turned off. You don't, do you? Neither do I. Cookies, which are little bits of data stored within your browser that are automatically sent to websites that request them, provide all kinds of information about you—information that makes it extraordinarily easy to track you down. The reason Google uses cookies is perfectly benign—it's how the service manages to tailor advertising to your interests, thus making money while you search for free. Leaving cookies turned on improves our Web-surfing experience. Many services, including Google, warn users that their sites won't even work properly without cookies. Only a paranoid would turn them off, right? Well...maybe not.

Perhaps none of this is particularly surprising. But Weinstein offers an additional wrinkle that ought to give anyone reason to pause: He claims Google is actually storing all this stuff so that it can go back and conduct, market research or develop new products. Or, you know, respond to that subpoena. This struck me as truly innovative and troublesome, so I asked Weinstein how he knows this. His response: "My source on this is a former highly placed Google person whom I have met with face to face. To protect him, I have not publicly stated his name. But I am satisfied personally, having known him for many, many years. He certainly would have been in a position to know. That's as far as I can take that, unfortunately."

Now, it wouldn't be fair to disparage Google on the basis of anonymous information once removed. But the thing is, the company doesn't deny it. I sent an e-mail to Andrew McLaughlin, Google's senior policy counsel and a person who had been described to me as the company's privacy guru, someone who's enlightened about such issues. But rather than respond, he forwarded my e-mail to the company's public-relations staff. After several days of polite back-and-forth, company spokesman Steve Langdon sent me an e-mail statement that I quote in its entirety: "Privacy is an issue about which Google cares very much. In all the products we develop, we pay very close attention to how the products and their features relate to user privacy and we make design decisions and policies to protect privacy. Google also provides users with information about privacy in our privacy policies that are posted on our website."

Policy Shmolicy
That's true. The most relevant part of that policy would appear to be this: "Google collects limited non-personally identifying information your browser makes available whenever you visit a website. This log information includes your IP address, browser type, browser language, the date and time of your query and one or more cookies that may uniquely identify your browser. We use this information to operate, develop and improve our services." But claiming that your IP address and cookies are "non-personally identifying information" is, at best, a gross underestimate about what a skilled investigator could do with it.

"When you amalgamate all the results of this sort of tracking, especially if you've got a dedicated IP address where people can zero in on a specific household, a remarkably clear picture of who you are and what you think and what you believe" can be assembled, says Steven Rambam, a private investigator based in New York who uses online databases for much of his work. "Everything that you're interested in and everything that your daily life is focused on can be recorded and tracked back to a particular machine." (And, as we've seen, even a dynamic IP address is no protection if your Internet-service provider can be compelled to turn over its records.)

Last July, for NPR's On the Media program, Rambam demonstrated how easy it is. Within 10 minutes, he had found co-host Brooke Gladstone's Social Security number, previous addresses, how much she'd paid for her current house, even the name of her sister. Rambam told me that he supports the idea of public information being publicly available. (One fun fact he dug up last year: Liberal activist Michael Moore was registered to vote in two states, Michigan and New York. That information made its way to TheSmokingGun.com, a cornucopia of entertaining invasions of privacy.)

"Frankly, I think the average person has a right to see if their nanny used to be a child molester, if their tenant stiffed the previous three landlords," Rambam says. "There has to be an intelligent balance, and, frankly, I think that's where we're at right now."

By contrast, Rambam explains, the trouble with data collection by commercial services is that customers haven't really consented to it. "My bugaboo," he says, "is that it needs to be consensual and not sneaky." (The Google privacy policy is not hard to find, but it's long and doesn't exactly make for gripping reading. Have you read it? Of course you haven't. I have—but I hadn't until recently, and then only for the purposes of researching this article. Nor have I read the privacy policies of other services that I use.)

Gladstone, who was on the receiving end of Rambam's investigative efforts, told me that she felt "a kind of generalized queasiness, a kind of tightening in the pit of my stomach" to see how easy it was to dig up personal information about her. She adds, "I suppose you could go off the grid, but that's just not the way most of us want to live. I like my credit card, I like having a cell phone, I like participating in the financial institutions to the extent that I have a mortgage. I like to partake of the fruits of our democracy. But now it's all so easy. It isn't that a lot of these records weren't public before. It's just that it's instant and it's global."

And that's exactly it. You don't want to be bothered to protect your identity. Life without privacy is seductive—first because you don't necessarily realize how compromised your privacy has become, but second because it's nice to visit Amazon.com and get those book recommendations tailored to your interests. It's great to log on to AOL and see the weather forecast for your small part of the world. It's helpful to be shown custom-delivered advertising when you search on Google.

"The dark side of Google is actually part of the light side," says Kevin Bankston, an attorney with the Electronic Frontier Foundation, in San Francisco. "All of these companies are trying to move toward trying to personalize your Internet experience and make it a better Internet experience. But that means collecting and studying an enormous amount of information about you. In many cases, consumers are willing to make that trade-off."

In other words, Orwell was wrong. Huxley was right. We're not losing our privacy because the forces of evil and oppression are taking it away from us. We're losing it because we're giving it away, whether we know it or not. What we're getting in return is stuff, convenience, information, an easier way of life. And we like it.

Private Eyes
Several years ago, a computer-privacy expert named Latanya Sweeney tracked down confidential information about former Massachusetts governor William Weld's health from a database of state-employee insurance claims that was supposed to be anonymous. She knew he lived in Cambridge. With that as a starting point, she obtained publicly available voter-registration records, and then used those to make the match. Other electronic alchemy was involved, too, obviously, but the point is that she had no problem doing it. "Only six people had his birth date, only three were men, and he was the only one in his five-digit zip code," Sweeney told Newsweek in October 2000.

Sweeney, who is now director of the Laboratory for International Data Privacy, at Pittsburgh's Carnegie Mellon University, did not respond to e-mails or a phone call seeking comment. (However, she has posted some very cool photos of herself on her motorcycle at dataprivacylab.org/people/sweeney. What is it about privacy activists and motorcycles?) You'll find some pretty creepy things linked from her website, too. Like CameraWatch, a compilation of webcams at universities, cities, beaches, even jails. The other day I sat transfixed, manipulating a camera by long-distance as a student walked across one of the campus quads at George Washington University. Did she even have a clue that she was being watched?

According to Sweeney's website, there are an estimated 10,000 such cameras in public places across the US. Cameras are catching traffic violators—and, reportedly, occasionally causing accidents, with drivers slamming on the brakes so as to avoid a roboticket. And it's not all government and big business, not by any means. Spyware has invaded our computers, watching what we're doing and reporting back to sleazoids unknown, or surreptitiously turning our computers into untraceable propagation machines for e-mail spam and illegal file-sharing. Combined with the data-collection activities of Google, AOL, Amazon, Yahoo!, et al., it can seem as though we have already crossed the threshold into a perpetual state of surveillance.

And it's getting worse, all in the name of more service and greater convenience. Late last year, Google announced a new project to digitize millions of books at academic and public libraries, including 40,000 volumes at Harvard. Older books whose copyright protections have expired will be available in their entirety; newer books will offer some highlights so you can see whether they're what you're looking for. How great is that? Yet, soon, the books you read can be added to the personal data about you that will be available online. Take out a Google Gmail account or use Google to browse Usenet groups, and you'll become a registered member of Google— making it that much easier to tie you to your online activities. Amazon is rolling out a service called A9.com that takes customized search to another level—but only if you register. For that matter, what about those discount cards you carry for the grocery store and the pharmacy? Sure, you save money. But there's another kind of cost: Your every purchase is tracked.

In such a world, the notorious Section 215 of the USA Patriot Act almost seems obsolete—or, maybe, supercharged by initiatives being undertaken by private industry. Section 215, as you may recall, allows government agents investigating terrorism to conduct secret searches of records from libraries, bookstores, doctors' offices, and the like with minimal judicial oversight. It won't be too long before Google and Amazon will have amassed exactly what the feds are looking for. And if there is another major terrorist attack, you can be sure that investigators will want to know who's been reading what books online—information that would be impossible to obtain, obviously, if it involved cash-paying customers in the non-virtual world. Now, granted, if there were, say, a ricin attack in the Washington subway system, it would be hard to argue that government agents should not have access to any records that might help them find the perpetrators. The point is that ever-improving technology is making such clashes between public safety and civil liberties all the more likely to take place.

Ari Schwartz is associate director of the Washington-based Center for Technology and Democracy, which advocates for a whole range of privacy protections. For example: Under current law, Web-based e-mail services such as Gmail or Microsoft's Hotmail, which store your mail on a remote server, are less protected from the prying eyes of the government than e-mail that you download to your own computer, as is generally the case if you're using a program such as Microsoft Outlook, Entourage or Eudora. Schwartz's organization wants to eliminate those anomalies. But what's essential, Schwartz says, is for Congress to take a more comprehensive approach to privacy.

"At some point," he says, "we need to create something that's more general so that we don't have to write a new privacy law for every new technology that comes along."

How likely is that to happen in an era dominated by Republicans? Despite the party's pro-business leanings, Schwartz is reasonably optimistic. For instance, the new chair of the House Committee on Energy and Commerce is Representative Joe Barton, a Texas Republican who, along with Massachusetts Democrat Ed Markey, is a co-chair of the Congressional Privacy Caucus. Barton's predecessor on Energy and Commerce, former congressman Billy Tauzin, a Louisiana Republican, was hostile to privacy concerns, in Schwartz's view. And Schwartz believes that Barton's counterpart on the Senate side, Alaska Republican Ted Stevens, could prove to be a friend of privacy as well.

Markey shares Schwartz's optimism, saying that polls show more than 80 percent of Americans are concerned about privacy, a finding that crosses partisan lines. He points to past accomplishments, such as an amendment to the Child Online Protection Act that prohibits the use of information gathered from children for marketing purposes, as a sign that Republicans and Democrats may be able to work together. Markey's goal: legislation that would mandate greater disclosure of data-collection efforts, as well as the right to opt out. As for Google and companies with similar practices, Markey would like to see a law mandating that personal information be destroyed after a certain length of time, as is already the case with cable companies.

"I think there is a chance this year," Markey told me. "The more people learn about any potential privacy invasion, the greater the likelihood that Congress, as a stimulus-response organism, will do something about it."

Still, it would be wise not to hold your breath. Business interests, Markey says, do not want these protections. And neither the White House nor Republican congressional leaders are likely to stand up to them.

Easy At A Price
Poke around Google, and you'll run into an endless list of superlatives. As of this past Monday, the service boasted that it was searching 8,058,044,651 Web pages. There are encomiums to its founders, Sergey Brin and Larry Page, who thought up the math behind Google as Stanford graduate students in the mid 1990s. There is information for investors—a reminder that, last year, Google's IPO was the biggest Internet stock-market sensation since the dot-com crash of a few years ago. On Wednesday, Feb. 9, Google's stock opened at $200.25— quite a leap from its $100 opening in August.

Google, like the Internet, has made our lives easier and arguably better. For many of us, it's impossible to imagine having to return to a time when we couldn't find almost any piece of information instantaneously. But we're paying a price for that. We're paying with our privacy, our identity. For someone determined to look, there are no secrets anymore.

Sometime late tonight, someone, somewhere, will visit Google or Yahoo! or MSN or whatever and start searching for something he hopes no one will ever find out about. But he is being watched. Not by humans. Not in such a way that his search can be automatically traced back to him. Still, it's all being recorded, and the pieces are there, so that someday, someone with the necessary incentive, skill and legal authority can put them all together and figure out who this person is. Perhaps a life will be saved. Perhaps a life will be ruined —tragically, unnecessarily. But that's the nature of the new world in which we live.

It's a chilling reality.

Data Privacy Lab   |    [info@dataprivacylab.org]