copyright 2005-07 1 and privacy roger clarke xamax consultancy pty ltd, canberra visiting professor,...
TRANSCRIPT
![Page 1: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/1.jpg)
Copyright2005-07
1
and Privacy
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, Department of Computer Science, A.N.U.and in Cyberspace Law & Policy, U.N.S.W.,
and in eCommerce at Uni. of Hong Kong
http://www.anu.edu.au/people/Roger.Clarke/…
…/DV/Googacy-070919 {.html, .ppt}
ANU DCS – 19 September 2007
![Page 2: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/2.jpg)
Copyright2005-07
2
Google and PrivacyAgenda
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
![Page 3: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/3.jpg)
Copyright2005-07
3
Privacythe interest that individuals have in
sustaining a 'personal space',free from interference
by other people and organisations
Privacy Protectiona process of finding appropriate balances
between privacy and multiple competing interests
![Page 4: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/4.jpg)
Copyright2005-07
4
Privacy cf. Data Protection• Dimensions of privacy interest:
• The Physical Person• Personal Behaviour• Personal Communications• Personal Data
• Motivations for protecting privacy:
• Psychological• Social• Economic• Political
![Page 5: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/5.jpg)
Copyright2005-07
5
‘Research Your Next Appointment’
• Their Site(s)/Blog(s)• Event Programs• Committee Minutes• Letters to the Editor• Postings
• email-lists• fora• blogs
• Logs (e.g. in court)• IAPs• ISPs• own machine
• Media Reports• as subject• as reporter• as commentator• as bystander
• 'Public Records'• Court Reports• ‘Little Black Books’• Commercial Databases• Dead Pages, from the
Wayback Machine• Specialist Sites, e.g.
Zoominfo.com, Spock.com
![Page 6: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/6.jpg)
Copyright2005-07
6
Privacy Threats from Open Information
Discoverability• Data• Associations• Location• Habits
Consolidation, e.g. for:• Profiling• Manipulation• Character Assassination
Data Quality Problems• Out-of-Date• Incomplete• Acontextual• Inaccurate• Scurrilous• Spurious
Second-Round Effects• More Data Retention• More Data Capture
![Page 7: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/7.jpg)
Copyright2005-07
7
SpiderCrawleror Robot
IndexerIndexor
Concordance
Phase 1 - Crawlingand Indexing
Phase 2 - UseCache TheInternet
SearchEngine
Operation
![Page 8: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/8.jpg)
Copyright2005-07
8
Google’s Business(es)1. Content Discovery Services
• The Largest Coverage (size of the Reference List)
• The Smartest Precedence Algorithm (the sorting part of the Results Formatter)
• The Fastest, Simplest, Best? Search-Service (a UI for normal people, not specialists)
• Multiple Constrained Searches (images, blogs, Froogle)
• Multiple Extension Services (Answers, Scholar)
froo·gle (fru'gal) n. Smart shopping through Google
![Page 9: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/9.jpg)
Copyright2005-07
9
Google’s Business(es)2. Content Services
• Google Earth• Google Base• Google Video /
YouTube• ...
• Google News • Google Library /
Print• ...
![Page 10: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/10.jpg)
Copyright2005-07
10
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
Google’s CEO NYT, 10 Feb
2005
Round 1• Search-Terms• IP-address(es)• Click-Trail• Click-Throughs
![Page 11: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/11.jpg)
Copyright2005-07
11
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
Google’s CEO NYT, 10 Feb
2005
Round 1• Search-Terms• IP-address(es)• Click-Trail• Click-Throughs
Round 2• Google Accounts:
• Email-Address as Username
• A Common Cookie
![Page 12: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/12.jpg)
Copyright2005-07
12
Email – Long-Term Risk Exposures
Both Parties’s IAPs:• IP-address(es) used, disclosing location, trail• Authorised / unauthorised disclosure,
with/without notification• Traffic data retention, message retentionMail-Recipient’s ISP:• Access to, and use of traffic• Access to, and use of content• Authorised / unauthorised disclosure,
with/without notification• Message retention after downloadISP Mail-Hosting / Webmail• Message retention, long-term
![Page 13: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/13.jpg)
Copyright2005-07
13
– Yet More Risk Exposures
Gmail Subscribers• Targeted Ads based on text from senders
=> consumer manipulation• Correlation with Data from Other
Services
![Page 14: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/14.jpg)
Copyright2005-07
14
– Yet More Risk Exposures
Senders to Gmail Addresses
• Examination of Text• Long-Term Retention• Consolidation
with Other Sources• Long-Term Unauthorised
Disclosure• No notification of
disclosures
Senders Generally• Postings to Lists
if even a single subscriber is a Gmail account
• Forwards to Gmail accounts
• Forwards to Listsif even a single subscriber is a Gmail account
![Page 15: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/15.jpg)
Copyright2005-07
15
![Page 16: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/16.jpg)
Copyright2005-07
16
EPIC on Gmail• No Non-Subscribers Consent
to content extraction• Unlimited Data Retention• Profiling across Google
product line• Harms expectation of
privacy• Insufficient privacy policy• No data protection on
sale of company or change of company policy
http://www.epic.org/privacy/…… gmail/faq.html, August 2004
• Gmail is a privacy disaster• Google is engaging in
indefinite data retention• Google has publicly
stated it will not discuss law enforcement requests for personal information
• We have no idea how Google responds to law enforcement, nor how many requests have been received
private email from EPIC, 8 Dec 2005
![Page 17: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/17.jpg)
Copyright2005-07
17
v. 1 – October 2004
Search Within Your Own Computer“A desktop search application that provides full text search over your email, files, music, photos, chats, Gmail, web pages that you've viewed, ...”(cf. Apple’s Sherlock 1998, later Spotlight, and many third-party products for Wintel)It allows people to scan their computers for information in the same way that they use Google to search the web
http://desktop.google.com/about.html
![Page 18: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/18.jpg)
Copyright2005-07
18
v. 3 – 9 Feb 2006
Search Across Your ComputersBUT“In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google”
cf. MS Passport data, centralised at Redmond WA
http://desktop.google.com/...features.html#searchremote
![Page 19: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/19.jpg)
Copyright2005-07
19
Would you trust this product ???Terms:
http://desktop.google.com.au/mac/install.html
Privacy Policy:Protecting users' privacy is very important to Google and the Third Parties. As a condition of downloading and using the Software, you agree to the terms of the Google Pack Privacy Policy ..., which may be updated from time to time and without notice.
No Read-Me File accompanies the download.There are no explanations as to how to de-install.It appears that the default may be set to
Promiscuous:http://desktop.google.com.au/en/mac/gettingstarted.html#prefs shows 'On'
![Page 20: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/20.jpg)
Copyright2005-07
20
– Google’s ‘Social Networking Service’
• Requires a Google Account …• Is linked to Gmail ...• Profiles of Members are:
• Self-Captured• Unauthenticated
• Profiles of People Nominated by Members:• Captured by Members, e.g.
by upload of their address-books• Unauthenticated• Without Consent
• Discloses Traffic• Discloses Social Networks of Members and Non-
Members
![Page 21: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/21.jpg)
Copyright2005-07
21
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
![Page 22: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/22.jpg)
Copyright2005-07
22
Google as Wireless Internet Access Provider
http://www.techworld.com/mobility/...features/index.cfm?featureid=1837
Acceptance of Google’s tender confirmed 5 April 2006
![Page 23: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/23.jpg)
Copyright2005-07
23
12 Months Later ...• WinterGreen Research, Inc. April 2007
Earthlink and San Francisco have finalised a Wi-Fi contract. The contract enables Earthlink to build a citywide wireless services network and Google to provide free Internet access
But, 4 Months After That ...• Blow as two ‘Muni WiFi’ schemes fail
Financial Times, 31 August 2007The San Francisco scheme … fell apart on Wednesday night after Earthlink, the [ISP], said it was pulling out of a contract to build the city’s WiFi network
![Page 24: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/24.jpg)
Copyright2005-07
24
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
![Page 25: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/25.jpg)
Copyright2005-07
25
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Google AdSense• Minor Page-Owners let ad-space to Google• Google gathers data about all traffic
to all sites that are ‘AdSense affiliates’
![Page 26: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/26.jpg)
Copyright2005-07
26
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Google AdSense• Minor Page-Owners let ad-space to Google• Google gathers data about all traffic
to all sites that are ‘AdSense affiliates’
On 13 Apr 2007, Google bought DoubleClick
![Page 27: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/27.jpg)
Copyright2005-07
27
New York Consumer Protection Boardhttp://www.consumer.state.ny.us/pressreleases/2007/may092007.htm
“the combination of DoubleClick's Internet surfing history generated through consumers' pattern of clicking on specific advertisements, coupled with Google's database of consumers' past searches, will result in the creation of ‘super-profiles’, which will make up the world's single largest repository of both personally and non-personally identifiable information”. [bigger than Acxiom?!]The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third parties, as well as public disclosure as evidence in litigation or through data breaches.
![Page 28: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/28.jpg)
Copyright2005-07
28
Current Regulatory Investigations
http://www.epic.org/privacy/ftc/google/
• US Federal Trade Commissionhttp://www.internetnews.com/bus-news/article.php/3680266
• EU Directorate on Competitionhttp://ec.europa.eu/comm/competition/index_en.html
• Aust Competition and Consumer Commissionhttp://www.accc.gov.au/content/index.phtml/itemId/788097
• EU Data Protection Commissionershttp://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_21_06_07_en.pdf
![Page 29: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/29.jpg)
Copyright2005-07
29
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
Round 4• Google as Wireless IAP
Gratis (i.e. ad-funded)• Ad Syndication (AdSense)• Consolidation of the
Consumer Profiles held by DoubleClick and Google
![Page 30: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/30.jpg)
Copyright2005-07
30
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
Round 4• Google as Wireless IAP
Gratis (i.e. ad-funded)• Ad Syndication
(AdSense)• Consolidation of the
Consumer Profiles held by DoubleClick and Google
Round 5• Psych profiles from
online gaming• Face Recognition
in Image Search• Street View• Facebook profiles• ...
![Page 31: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/31.jpg)
Copyright2005-07
31
Google and PrivacyAgenda
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
![Page 32: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/32.jpg)
Copyright2005-07
32
A Normative Template forTerms of Contract for Consumer
Transactionshttp://www.anu.edu.au/people/Roger.Clarke/EC/ICEC06.html#TN
T
• Information• Terms• Security• Choice• Consent• Recourse• Redress
![Page 33: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/33.jpg)
Copyright2005-07
33
The Normative Template forMarketer-Consumer
Communications
• Information• Terms• Security• Choice• Consent• Recourse• Redress
Recourse• Enquiry and Complaints Process
• accessibility• prompt acknowledgement• copy into the consumer's email-archive• responsiveness to enquiry or complaint
• acknowledgement• resolution
• Restitution• product quality shortfalls
• own products and services• third-party products and services
• fulfilment quality shortfalls• payment errors
• External Complaints Mechanisms• information provided about them• prompt and appropriate communications with
regulators
![Page 34: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/34.jpg)
Copyright2005-07
34
Google’s Challenges to Consumer Law
Consumer Benefits• Enormous• Gratis• But there is
consideration:acceptance of advertising, including intrusiveattention-grabbing devices (‘blink’, popups)
Terms:• Non-Negotiable• Non-Transparent• Changeable at whim• Not Version-Managed
Recourse• All-But Non-Existent
No sign of recovery of lostconsumer protectionsWSIS 2005, IGF are
vacuous
![Page 35: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/35.jpg)
Copyright2005-07
35
Information PrivacyThe interest an individual has in controlling,
or at least significantly influencing, the handling of data about themselves
• Regulation:Data Protection Law, enforced by a Regulator [EU, Others – ???]
• Co-Regulation:Privacy Policy Statements, enforced by a Regulatore.g. through Trade Practices Law [US – ??]
• Self-Regulation:Privacy Policy Statements without enforcement [US actual]
Achieved Through
![Page 36: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/36.jpg)
Copyright2005-07
36
28th International Data Protection and Privacy Commissioners' Conference
London, United Kingdom – 2 and 3 November 2006
Resolution on Privacy Protection and Search Engines
http://www.bfdi.bund.de/cln_029/nn_533554/SharedDocs/Publikationen/EN/InternationalDS/ConferenceOfInternationalDataProtectionCommissioners2006-
ResolutionSearchEngines,templateId=raw,property=publicationFile.pdf/ConferenceOfInternationalDataProtectionCommissioners2006-
ResolutionSearchEngines.pdf
“… providers of search engines … shall not record any information about the search that can be linked to users or about the search engine users themselves.“After the end of a search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data necessary to provide a service stored (e.g. for use in future searches)”
![Page 37: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/37.jpg)
Copyright2005-07
37
A Privacy Statement Templatehttp://www.anu.edu.au/people/Roger.Clarke/DV/PST-
051219.html
• Data Collection• Data Security• Data Use• Data Disclosure• Data Retention and Destruction• Access by You to Your Personal Data• Information about Data Handling Practices• Handling of Enquiries, General Concerns and
Complaints• Enforcement• Changes to These Privacy Undertakings
• Definitions
![Page 38: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/38.jpg)
Copyright2005-07
38
Google’s Privacy Statementhttp://www.anu.edu.au/people/Roger.Clarke/DV/PST-
Google.html
• Cookies not RFC2964-compliant• Cookies and Login (with Email-
Address as Username) enable the consolidation of a very substantial amount of identified personal data, without informed consent
• Purposes of Use and Disclosure vague but very extensive
• Storage in ‘Data Havens’ (such as the USA)
• Non-Consensual Use and Disclosure (presumption of consent, i.e. opt-out)
• Extraneous Disclosures not notified to the individual concerned
• No Information provided about Data-Handling Policies and Practices
• No Assurances whatsoever re:• Access by the Data Subject
[new WebHistory feature?]• Data Quality• Data Correction or Deletion• Data Relevance• Data Retention, Destruction
• No Consultation with Privacy Advocacy Organisations
• Deficient Complaint-Handling Procedures
• The Undertakings are Void in the event of merger, acquisition or sale of assets
• The Undertakings are Unenforced, and Probably Unenforceable
![Page 39: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/39.jpg)
Copyright2005-07
39
Paranoia
http://www.google-watch.org/
![Page 40: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/40.jpg)
Copyright2005-07
40
DIY Privacy-Protectionhttp://www.freenet.org.nz/misc/google-privacy.html
A simple HOWTO for stopping Google from logging your search history. In summary, the solution is to :
• clear all long-lasting cookies• set your browser to not keep cookies
between restarts• divert all google requests out
through an anonymous proxy
BUT ALSO !!!• Frequently re-start• Don’t register• Don’t use DeskTop, Gmail, …• Don’t send to Gmail accounts ...
![Page 41: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/41.jpg)
Copyright2005-07
41
Google Mythology: “Do No Evil”• Two variants are evident on the web-site:
(1) number 6 of 'Ten things Google has found to be true':"you can make money without doing evil".But that statement is descriptive, not normative
(2) "Our informal corporate motto is 'Don't be evil' " But that statement is part of a ‘Code of Conduct’ communicated to investors, not customers, and is in any case completely non-binding
• There is an relevant corollary:• "You can make money without doing evil;
but you can make more money by doing evil"• Given the legal obligations of corporations,
the epithet actually implies that evil should be done
![Page 42: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/42.jpg)
Copyright2005-07
42
Google Mythology:"Protecting users' privacy is very important
to Google" • World's-Worst Privacy Policy stance• "We will remove IP-addresses after 18 mths"
(They don't need them beyond 18 seconds)• "We will auto-delete cookies 2 yrs after last visit"
(Gobbledygook. They're remote from them …And there's no need for long-term cookies at all. It's better to block cookies, auto-delete cookies, delete cookies, and/or use a nymous proxy-server)
• Argues at UNESCO for standardisation on the world's weakest code. (The APEC code was designed by privacy-hostile USA with Australian help, using privacy-hostile Asia as the excuse)
![Page 43: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/43.jpg)
Copyright2005-07
43
Google and PrivacyRecapitulation
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
![Page 44: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/44.jpg)
Copyright2005-07
44
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
![Page 45: Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace](https://reader035.vdocument.in/reader035/viewer/2022062618/5514644d550346b0158b4a92/html5/thumbnails/45.jpg)
Copyright2005-07
45
and Privacy
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, Department of Computer Science, A.N.U.and in Cyberspace Law & Policy, U.N.S.W.,
and in eCommerce at Uni. of Hong Kong
http://www.anu.edu.au/people/Roger.Clarke/…
…/DV/Googacy-070919 {.html, .ppt}
ANU DCS – 19 September 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.