Google and Viacom: a privacy “Exxon Valdez?”

Might the court order that Google hand over YouTube viewer records become, as Ed Felten and others termed a few years back, an “Exxon Valdez” of privacy that makes informational privacy a national priority?  Unfortunately, I suspect not.  If the parties reach an agreement to anonymize the data and keep it out of the direct hands of Viacom, then public anger may subside.

What would be enough to mobilize the public?  In 2006, Ed Felten suggested that a privacy Exxon Valdez “will have to be a leak of information so sensitive as to be life-shattering.”  But how sensitive is our viewing of, for example, Harry Potter Puppet Pals?  It’s creepy to think of lawyers having access to it, but is it life-shattering?  Nonetheless, it appears that the public, companies, and Congress are becoming more attuned to privacy matters.  Just last week, Google and Yahoo both recently endorsed the idea of privacy legislation before the Senate Commerce Committee.

In the meantime, what the the litigants doing?  The NYTimes BITS blog notes, “A week after Google and Viacom both said they hoped to agree to make YouTube viewing data anonymous before Google hands the information to Viacom, no agreement has been signed.”  (Emphasis added.)  The parties blame each another.  A Google lawyer says: “If Viacom refuses to allow us to anonymize viewing history, we will seek review by the court.”  A Viacom spokesperson counters:

Viacom suggested the initiative to anonymize the data, and we have been prepared to accept anonymous information since day one.  We hope that Google will turn its focus back to anonymizing the data they are required to deliver, and spend less time making statements about why they won’t get it done.

It’s not especially clear what the parties are doing or how things might be resolved.  As I blogged recently, an earlier Times article initially stated that the parties were “working to protect the anonymity of YouTube viewers.”  (Emphasis added.)  A few hours later, the Times article was edited to say that the parties were “hoping to come up with a way to protect the anonymity of YouTube viewers.”  (Emphasis added.)  Apparently the parties’ resolve was tempered from “work” to mere “hope.”  The parties need to do better, especially Google, which collected and retained all the information.

July 13, 2008 | Filed Under Data Retention, Privacy | Leave a Comment 

Another Civil Procedure limerick

I’ve written previously about judges using limericks in their opinions.  Here’s another.  The ABA Journal notes that U.S. District Judge Ronald B. Leighton found a plaintiff’s 465-page complaint to violate Federal Rule of Civil Procedure 8(a)’s requirement that a complaint contain “a short and plain statement” of the plaintiff’s claim.  Noting Lord Polonius’ line in Hamlet that brevity is the soul of wit,” Judge Leighton stated that “[b]revity is also the soul of a pleading.“  He concluded with a limerick:

Plaintiff has a great deal to say,
But it seems he skipped Rule 8(a),
His Complaint is too long,
Which renders it wrong,
Please re-write and re-file today.

Hat tip to my St. Thomas colleague Fred Light for sending this to me.

July 11, 2008 | Filed Under Courts, Language | Leave a Comment 

GAO report and pending bill on federal e-mail retention

The GAO has released a report entitled Federal Records: National Archives and Selected Agencies Need to Strengthen E-Mail Management. The report found that “[w]ithout periodic evaluations of recordkeeping practices or other controls to ensure that staff are trained and carry out their responsibilities, agencies have little assurance that e-mail records are properly identified, stored, and preserved.”  It also stated:

Although NARA [i.e., the National Archives and Records Administration] has responsibilities for oversight of agencies’ records and records management programs and practices, including conducting inspections or surveys, performing studies, and reporting results to the Congress and the Office of Management and Budget (OMB), in recent years NARA’s oversight activities have been primarily limited to performing studies. NARA has conducted no inspections of agency records management programs since 2000, because it uses inspections only to address cases of the highest risk, and no recent cases have met its criteria. In addition, NARA has not consistently reported details on records management problems or recommended practices that were discovered as a result of its studies. Without more comprehensive evaluations of agency records management, NARA has limited assurance that agencies are appropriately managing the records in their custody and that important records are not lost.

Meanwhile, the White House is threatening a veto of the Electronic Message Preservation Act.  According to the National Coalition for History, the bill “would direct the National Archives and Records Administration (NARA) to establish standards for the capture, management, preservation and retrieval of federal agency and presidential electronic messages that are records in an electronic format.”  (Further info on the bill here, and on issues concerning the White House’s e-mail retention practices here.)

Hat tip regarding the GAO report to David Mattison at the Ten-Thousand Year Blog.  Hat tip regarding the bill to BNA’s Privacy Law Watch.

July 9, 2008 | Filed Under Data Retention, Digital Preservation | Leave a Comment 

BoingBoing “unpublishing” blog posts

When is it ok to delete a blog post?  Dan Solove wrote about this a few years back at Concurring Opinions, where he points to additional posts at Prawfsblawg (here, here, and here). More recently, BoingBoing faced public scrutiny when one of its authors removed posts related to blogger and sex columnist Violet Blue, although nobody noticed the removals for about a year.  A message board dedicated to the issue has generated over 1600 messages since July 1, some very heated.  The moderator for the board writes:

It’s our blog and so we made an editorial decision, like we do every single day. We didn’t attempt to silence Violet. We unpublished our own work. There’s a big difference between that and censorship.

We hope you’ll respect our choice to keep the reasons behind this private. We do understand the confusion this caused for some, especially since we fight hard for openness and transparency. We were trying to do the right thing quietly and respectfully, without embarrassing the parties involved.

Clearly, that didn’t work out. In attempting to defuse drama, we inadvertently ignited more. Mind you, we weren’t the ones splashing gasoline around; but we did make the fire possible. We’re sorry about that. In the meantime, Boing Boing’s past content is indexed on the Wayback Machine, a basic Internet resource; so the material should still be available for those who would like to read it.

Oddly, BoingBoing speaks in terms of “unpublishing” rather than deletion.   (Their policy page states “We reserve the right to unpublish or refuse to unpublish anything for any or no reason.”)  Sure, “unpublishing” sounds less big-brothery than deletion, but I don’t really see the difference.

Moreover, “unpublishing” isn’t quite accurate: BoingBoing doesn’t mean “unpublished” in the sense of a book (or blog posting) that has yet to be published.  They mean disabling public access to something that has already been posted, like in the DMCA 512(c) sense where material is removed or access to it is disabled.  (Wordpress does have an “unpublishing” function, but that’s still a misnomer.)  A more accurate term might be deposting, depublishing, or good ‘ol deletion.

Nevertheless, it’s useful to explore a potential distinction between deletion and depublishing, and other questions raised when a blogger wants to remove posted materials:

Hat tip to Noam Cohen.  And a disclaimer: I did make some edits to this post after posting.

July 8, 2008 | Filed Under Blogging, Data Destruction, Data Retention, Digital Preservation, Internet Archive, Wayback Machine | Leave a Comment 

Google finally posts privacy link on homepage

Yesterday, Google finally posted a privacy link on its homepage, replacing the word “Google” in the footer with “Privacy.”  A step in the right direction, but the link is in the smallest text, below larger links for “Advertising Programs,” “Business Solutions,” and “About Google.”  See below:

google-privacy-link

Hmm.  I wonder if the timing of Google’s change-of-heart had anything to do with this week’s court order that Google produce records of millions of YouTube user’s viewing habits.

July 4, 2008 | Filed Under Privacy, Search Engines | Leave a Comment 

Archiving Independence Day

The National Archives and Records Administration maintains a great site called Charters of Freedom that maintains high-quality scans of key documents such as the Constitution and the Bill of Rights.  It also includes the Declaration of Independence.

By the way, the picture in the sidebar is the National Archives building being built way-back when.

Happy Independence Day!

ADDENDUM: Wired has posted a short, interesting piece on the early mistreatment of the document, and more recent efforts to preserve it.

United States Declaration of Independence

July 4, 2008 | Filed Under Digital Preservation | Leave a Comment 

Why does Google keep so much information?

Yesterday, I wrote about the “privacy paradox” and Google’s refusal to post a conspicuous link to its privacy policy on its homepage.   Today, the New York Times reports that the judge overseeing the Viacom/YouTube copyright lawsuit has ordered Google to turn over a database linking YouTube users to every video clip they have watched on the site:

The order raised concerns among users and privacy advocates that the online video viewing habits of hundreds tens of millions of people could be exposed.  But Google and Viacom said they were working to hoping to come up with a way to protect the anonymity of YouTube viewers., and

Viacom said that the information would be safeguarded by a protective order restricting access to the data to outside advisors, who will use it solely to press Viacom’s $1 billion copyright suit against Google.

It’s good that some steps are being taken to limit the use of the information.  But why is Google collecting and retaining so much information? Maybe there’s business value in keeping it, but there’s also business value in not angering hundreds tens of millions of users.  Google’s apparent taste for data retention risks a well-deserved loss of goodwill.  (Or considering people’s wayward attitudes towards privacy, perhaps not.)  I recognize that some information must be retained for a variety of reasons.  But the more unnecessary information you keep, the more likely somebody you didn’t envision — a wayward employee, a hacker, or even worse, an adverse litigant — will find a use for it you didn’t want.

The court’s order can be found here.

ADDENDUM: The Times has revised the text of the quoted portion of the article from when I viewed it earlier.  I’ve indicated appropriate changes above.

NOTE (JULY 13): See here for updates.

July 3, 2008 | Filed Under Copyright, Data Retention, Privacy | Leave a Comment 

The privacy paradox and Google

At the New York Times BITS blog, Brad Stone reports on a study about to be released by George Loewenstein and several other Carnegie Mellon researchers about people’s parodoxical attitudes towards privacy and personal information.  In one experiment, some people were given express assurances of privacy whereas others were given none.  Strangely, the people given no assurances of privacy were twice as likely to admit to copying someone else’s homework.

In one sense, that’s paradoxical because assurances of privacy are intended to foster open communications, as with the attorney-client privilege.  But in another sense, the behavior is not paradoxical at all.  Express assurances of privacy may serve the socially useful prophylactic purpose — albeit sometimes unintended — of reminding people of the risks of volunteering personal information.  Even if people don’t really read privacy policies, seeing a conspicuous “privacy policy” link may serve as a cold glass of water to the face, reminding people that they are volunteering personal information, and that they should look before they leap.

That brings to mind the scrutiny Google has recently garnered for its refusal to put a conspicuous link to its privacy policy on its homepage.  Is Google concerned that a link will remind people of the implications of continually using the myriad Google services?  C’mon.  How many times did you use Google today?  And when, if ever, did you think about how much information Google may have about you?  As noted by The Register,

The company still indexes your email.  It still stores your IP address alongside your search history for at least 18 to 24 months.  And if it does “anonymize” your IP address after 24 months - and that’s a big if - it still refuses to anonymize the whole thing.

So if conspicuous reminders of privacy concerns are important, why won’t Google put a simple link on its homepage?  According to another post at BITS, a Google competitor stated that Google co-founder Larry Page “didn’t want a privacy link ‘on that beautiful clean home page.’”

I rather doubt that Page’s concerns are fueled by aesthetics.  One more link won’t change the site’s minimalistic look.  But the starkness of the Google homepage may largely explain why Google doesn’t want that link.  On most e-commerce sites, the visual clutter — think Yahoo — makes it unlikely that a privacy policy link will stand out.  But on Google’s “beautiful clean home page,” such a link would be significantly more conspicuous.

And paradoxically, perhaps more likely to serve its purpose.

July 2, 2008 | Filed Under Privacy, Search Engines | Leave a Comment 

← Previous PageNext Page →