American law has never taken an absolutist view of privacy rights. For example, even lawyer confidentiality has exceptions, as for example when a client tells you he is going to commit a future crime (that is not regarded as privileged and can be disclosed by the attorney to the authorities).
In the context of lawsuits and court orders, the key to protecting privacy is to abide by due process concerns. In other words, sometimes otherwise private information can become subject to discovery through legal processes such as third-party subpoenas. A holder of that information, such as Google, has no direct stake in the fight between the parties and will not disclose such information voluntarily. Nonetheless, court processes permit litigants to use lawful means to compel disclosure. Notice typically must be given to the adverse party, who in turn has a right to contest the litigant's right to obtain the information. A neutral judge will then consider whether the information ought to be protected when weighing the importance of disclosure in such a case against any rights of privacy that might be implicated (it is this process of notice, opportunity to contest, and neutral judicial evaluation that affords the due process protections). In most such cases, privacy rights do ultimately trump disclosure but not in all. Thus, when a court orders that disclosure be made, a litigant is forced to make it and, if a third party such as Google holds that information, it too is ordered to make it, though it has no stake in the fight.
Since American law is not absolutist on the privacy issues, and since Google must comply with lawful court orders, I don't think it can be faulted for doing so. Also, given the likely huge number of times it finds itself in this position, I don't think there is anything untoward about a number such as "9,000 times a year." This is perhaps why Mr. Schmidt made his comment in such an off-handed way. This is just a routine part of doing business.
I will grant there are policy arguments that could be made to the contrary but, legally, Google is on sound footing in its handling of privacy issues as described in the article.
I don't fault Google for following the law, rather for creating information about their users that can then be used against them.
I saw this quote on Hacker News a while back: "If you're not paying for it, you're not the customer, you're the product."
The customer of Google is the advertiser -- not the user. As part of Google's buisness of selling advertisements they are creating information about their users and turning it over to law enforcement ... presumably to be used against the users.
You left out: some innocents may be convicted for unpopular but innocent searches, some guilty may be exonerated for being smart enough to search at the library instead of at home, some of those FBI agents may hold onto that information long after it is relevant to use in personal attacks or blackmail, etc, etc, etc.
I don't think you can frame civil rights issues as strict utilitarian propositions. Or, if it is possible, it requires a more in depth analysis than you are giving it.
For example, restrictions on freedom of press are usually for the greater good, in the short term. 99 times out of 100, the people you are defending with civil rights issues are total crackpots. But 1/100 times, maybe they are Thomas Jefferson writing the declaration of independence. The rare case is so critical that it is worth our time to waste our time with the remaining 99.
respectfully, your post is misleading. it's not there there isn't an "absolutist view of privacy rights", it's that there is a very narrow "right to privacy." i put "right to privacy" in quotes because whether it exists at all is debatable (i take no view on the issue). i'm talking about privacy from a constitutional standpoint.
"private" documents/information are tangentially protected by various rules of procedure and statutes. for instance, a request for documents should have probative value outweighing the request's burden. however, i don't believe that there are privacy rights per se in very much or any of this.
the disclosure of a litigant's private information within the context and scope of litigation is the rule, not the exception. some people's favorite pastime is embarrassing their enemies through litigation. i have some sense of what that's like, having read thousands of litigants' personal emails.
No government's law takes an absolutist view of any right not belonging to the government.
The rhetorical purpose of pointing out that American law doesn't take an absolutist view of the right in question is to imply that someone disagreeing with the speaker is some sort of "absolutist" lunatic who's out of step with the law the speaker supports, which is of course sensible.
Confidentiality protections are not really intended to protect individual privacy rights. Several professions (legal, medical, etc.) rely on confidentiality in order to effectively provide critical services that benefit the greater good.
The slight fallacy in the article (and in general on this topic) is the thinking Google are especially unique in receiving these orders.
The truth is any large service provider is getting as many, it's just the modern version of forced disclosure.
A lot of the Google orders will be civil disclosure. That is mostly because in criminal cases there is more leeway for seizing the physical machines - which produces better results (from the perspective of court evidence).
But when you get to the ISP level they will be dealing with all manner of criminal/civil requests for IP log data.
Just some perspective (I won't comment my opinion on it)
I actually thought it was pretty high. That's like 25 times per day Google is sending search information to law enforcement. One thing I do hope is that they are requiring a judge to sign off on these like wiretaps. I'd worry about a jealous husband in law enforcement trying to find out what his ex-gf is up to.
What I find kind of surprising is I've heard of very few cases that have used this information. They certainly never use it on Law & Order.
And, yes, you would need a judge to sign off on these. Google (more than most companies) are particularly anal (and rightly so) about disclosures such as these.
I can't see a situation where I could be forced to keep quiet about something like that. And then there is wikileaks or some equivalent. For the record though, I have yet to get a court order about anything.
> A National Security Letter (NSL) is a form of administrative subpoena used by the United States Federal Bureau of Investigation and reportedly by other U.S. Government Agencies including the Central Intelligence Agency and the Department of Defense. It is a demand letter issued to a particular entity or organization to turn over various record and data pertaining to individuals. They require no probable cause or judicial oversight. They also contain a gag order, preventing the recipient of the letter from disclosing that the letter was ever issued.
The gag order was later deemed unconstitutional, but that didn't stop them from issuing 200,000 of them.
I like the "warrant canary" idea implemented by rsync.net, but I'm not sure if courts would see ceasing regular announcements as violating a gag order.
You will eventually. Just wait until a kiddie porn ring is busted and forensics reveal DDG was used to located images. Unfortunately, this kind of situation will happen any time you run a service for the masses.
granted Google is the big fish in the search engine pond ... does this imply that a court order to Google also means that Yahoo, Bing, Altavista, et al, are also getting a similar court order for the same user ?
"He added that Google "rewrites" your search history after a year and a half, so that it can no longer be tracked, even under a court mandate."
My search history on http://google.com/history goes back to January 2007, which is over three years.
Maybe he meant that history entries older than one and a half years will be "rewritten" if you manually went and asked Google to remove them (by using the "Remove Items" function in the history). I wonder how many people are aware of that function.
AOL apparently uses the semi-secret child porn hash database to proactively scan content traversing its systems and reports to the authorities when they get a hit.
I'm sure other large providers do this, and it wouldn't surprise me if Google was one of them.
Considering Google gets 140+ million unique visitors, that's less than 0.0064% of all users? Color me unimpressed. Now if you told me personal information was being offered WITHOUT a court order, then I'd be more concerned.
While I can certainly concede 140M might be low, I think we might also be talking about different things. I'm talking about unique people, not page hits or sessions or cookies, and 140 million was a good enough estimate to make my point: The number of subpoena requests is dwarfed by the immensity of Google's user base.
I think your math is off. The 140+ million unique visitors are world wide. Wouldn't these ~9,000 requests be coming from and directed to people in the US?
Why would that limitation exist? There are all sorts of reasons federal agencies would get court orders to look at international information held by a US company.
A lot can be done with such vast amounts of information. Don't you remember the AOL search data fiasco? Or how the Netflix ratings data can strongly correlate to one's lifestyle choices? Both of those data sets were "anonymized" before release -- just think of the damage data directly attached to a person could do to them.
It's common to see news stories about dumb criminals who were targeted for more thorough investigation, leading to their eventual conviction, due to their Internet search history (e.g. "How much antifreeze does it take to kill an adult" and "how to mask the taste of antifreeze in food")
I'm just going to have to google that now. I really hope that I won't have anybody die near me in the near future by drinking anti-freeze because I'll surely be in the docket defending myself.
I think it's important to note that these people weren't targeted as a result of their search history, they were already targeted, and the search history was just used as evidence for further action.
So me searching for "how much antifreeze..." wouldn't ever be noticed, unless i was _already_ under suspicion that met legal standards for a warrant, so that search data was requested.
Of course, but circumstantial evidence like search history is often used to narrow a field of suspects down to a single candidate for thorough investigation. At that point, they're going to investigate you as exhaustively as it takes to make the case. Without those circumstantial clues to focus the investigation, the authorities are at a significant disadvantage.
In the context of lawsuits and court orders, the key to protecting privacy is to abide by due process concerns. In other words, sometimes otherwise private information can become subject to discovery through legal processes such as third-party subpoenas. A holder of that information, such as Google, has no direct stake in the fight between the parties and will not disclose such information voluntarily. Nonetheless, court processes permit litigants to use lawful means to compel disclosure. Notice typically must be given to the adverse party, who in turn has a right to contest the litigant's right to obtain the information. A neutral judge will then consider whether the information ought to be protected when weighing the importance of disclosure in such a case against any rights of privacy that might be implicated (it is this process of notice, opportunity to contest, and neutral judicial evaluation that affords the due process protections). In most such cases, privacy rights do ultimately trump disclosure but not in all. Thus, when a court orders that disclosure be made, a litigant is forced to make it and, if a third party such as Google holds that information, it too is ordered to make it, though it has no stake in the fight.
Since American law is not absolutist on the privacy issues, and since Google must comply with lawful court orders, I don't think it can be faulted for doing so. Also, given the likely huge number of times it finds itself in this position, I don't think there is anything untoward about a number such as "9,000 times a year." This is perhaps why Mr. Schmidt made his comment in such an off-handed way. This is just a routine part of doing business.
I will grant there are policy arguments that could be made to the contrary but, legally, Google is on sound footing in its handling of privacy issues as described in the article.