Google and Viacom: a privacy “Exxon Valdez?”

Might the court order that Google hand over YouTube viewer records become, as Ed Felten and others termed a few years back, an “Exxon Valdez” of privacy that makes informational privacy a national priority?  Unfortunately, I suspect not.  If the parties reach an agreement to anonymize the data and keep it out of the direct hands of Viacom, then public anger may subside.

What would be enough to mobilize the public?  In 2006, Ed Felten suggested that a privacy Exxon Valdez “will have to be a leak of information so sensitive as to be life-shattering.”  But how sensitive is our viewing of, for example, Harry Potter Puppet Pals?  It’s creepy to think of lawyers having access to it, but is it life-shattering?  Nonetheless, it appears that the public, companies, and Congress are becoming more attuned to privacy matters.  Just last week, Google and Yahoo both recently endorsed the idea of privacy legislation before the Senate Commerce Committee.

In the meantime, what the the litigants doing?  The NYTimes BITS blog notes, “A week after Google and Viacom both said they hoped to agree to make YouTube viewing data anonymous before Google hands the information to Viacom, no agreement has been signed.”  (Emphasis added.)  The parties blame each another.  A Google lawyer says: “If Viacom refuses to allow us to anonymize viewing history, we will seek review by the court.”  A Viacom spokesperson counters:

Viacom suggested the initiative to anonymize the data, and we have been prepared to accept anonymous information since day one.  We hope that Google will turn its focus back to anonymizing the data they are required to deliver, and spend less time making statements about why they won’t get it done.

It’s not especially clear what the parties are doing or how things might be resolved.  As I blogged recently, an earlier Times article initially stated that the parties were “working to protect the anonymity of YouTube viewers.”  (Emphasis added.)  A few hours later, the Times article was edited to say that the parties were “hoping to come up with a way to protect the anonymity of YouTube viewers.”  (Emphasis added.)  Apparently the parties’ resolve was tempered from “work” to mere “hope.”  The parties need to do better, especially Google, which collected and retained all the information.

GAO report and pending bill on federal e-mail retention

The GAO has released a report entitled Federal Records: National Archives and Selected Agencies Need to Strengthen E-Mail Management. The report found that “[w]ithout periodic evaluations of recordkeeping practices or other controls to ensure that staff are trained and carry out their responsibilities, agencies have little assurance that e-mail records are properly identified, stored, and preserved.”  It also stated:

Although NARA [i.e., the National Archives and Records Administration] has responsibilities for oversight of agencies’ records and records management programs and practices, including conducting inspections or surveys, performing studies, and reporting results to the Congress and the Office of Management and Budget (OMB), in recent years NARA’s oversight activities have been primarily limited to performing studies. NARA has conducted no inspections of agency records management programs since 2000, because it uses inspections only to address cases of the highest risk, and no recent cases have met its criteria. In addition, NARA has not consistently reported details on records management problems or recommended practices that were discovered as a result of its studies. Without more comprehensive evaluations of agency records management, NARA has limited assurance that agencies are appropriately managing the records in their custody and that important records are not lost.

Meanwhile, the White House is threatening a veto of the Electronic Message Preservation Act.  According to the National Coalition for History, the bill “would direct the National Archives and Records Administration (NARA) to establish standards for the capture, management, preservation and retrieval of federal agency and presidential electronic messages that are records in an electronic format.”  (Further info on the bill here, and on issues concerning the White House’s e-mail retention practices here.)

Hat tip regarding the GAO report to David Mattison at the Ten-Thousand Year Blog.  Hat tip regarding the bill to BNA’s Privacy Law Watch.

BoingBoing “unpublishing” blog posts

When is it ok to delete a blog post?  Dan Solove wrote about this a few years back at Concurring Opinions, where he points to additional posts at Prawfsblawg (here, here, and here). More recently, BoingBoing faced public scrutiny when one of its authors removed posts related to blogger and sex columnist Violet Blue, although nobody noticed the removals for about a year.  A message board dedicated to the issue has generated over 1600 messages since July 1, some very heated.  The moderator for the board writes:

It’s our blog and so we made an editorial decision, like we do every single day. We didn’t attempt to silence Violet. We unpublished our own work. There’s a big difference between that and censorship.

We hope you’ll respect our choice to keep the reasons behind this private. We do understand the confusion this caused for some, especially since we fight hard for openness and transparency. We were trying to do the right thing quietly and respectfully, without embarrassing the parties involved.

Clearly, that didn’t work out. In attempting to defuse drama, we inadvertently ignited more. Mind you, we weren’t the ones splashing gasoline around; but we did make the fire possible. We’re sorry about that. In the meantime, Boing Boing’s past content is indexed on the Wayback Machine, a basic Internet resource; so the material should still be available for those who would like to read it.

Oddly, BoingBoing speaks in terms of “unpublishing” rather than deletion.   (Their policy page states “We reserve the right to unpublish or refuse to unpublish anything for any or no reason.”)  Sure, “unpublishing” sounds less big-brothery than deletion, but I don’t really see the difference.

Moreover, “unpublishing” isn’t quite accurate: BoingBoing doesn’t mean “unpublished” in the sense of a book (or blog posting) that has yet to be published.  They mean disabling public access to something that has already been posted, like in the DMCA 512(c) sense where material is removed or access to it is disabled.  (WordPress does have an “unpublishing” function, but that’s still a misnomer.)  A more accurate term might be deposting, depublishing, or good ‘ol deletion.

Nevertheless, it’s useful to explore a potential distinction between deletion and depublishing, and other questions raised when a blogger wants to remove posted materials:

  • As a starting point, what is the meaning of “publication” in an age where materials can be changed or removed?
  • Under what circumstances is depublication justified?
  • What practices are needed to distinguish “depublication” from “deletion?”  Is a reservation of rights declaring a right of depublication sufficient?  Should a notice be posted where the materials used to be (as Dan Markel suggests)?
  • BoingBoing notes that the removed materials remain on the Wayback Machine web archive.  Do web archives help to justify depublication?
  • Does depublication serve an important social function by severing the association between author and depublished content?

Hat tip to Noam Cohen.  And a disclaimer: I did make some edits to this post after posting.

Why does Google keep so much information?

Yesterday, I wrote about the “privacy paradox” and Google’s refusal to post a conspicuous link to its privacy policy on its homepage.   Today, the New York Times reports that the judge overseeing the Viacom/YouTube copyright lawsuit has ordered Google to turn over a database linking YouTube users to every video clip they have watched on the site:

The order raised concerns among users and privacy advocates that the online video viewing habits of hundreds tens of millions of people could be exposed.  But Google and Viacom said they were working to hoping to come up with a way to protect the anonymity of YouTube viewers., and

Viacom said that the information would be safeguarded by a protective order restricting access to the data to outside advisors, who will use it solely to press Viacom’s $1 billion copyright suit against Google.

It’s good that some steps are being taken to limit the use of the information.  But why is Google collecting and retaining so much information? Maybe there’s business value in keeping it, but there’s also business value in not angering hundreds tens of millions of users.  Google’s apparent taste for data retention risks a well-deserved loss of goodwill.  (Or considering people’s wayward attitudes towards privacy, perhaps not.)  I recognize that some information must be retained for a variety of reasons.  But the more unnecessary information you keep, the more likely somebody you didn’t envision — a wayward employee, a hacker, or even worse, an adverse litigant — will find a use for it you didn’t want.

The court’s order can be found here.

ADDENDUM: The Times has revised the text of the quoted portion of the article from when I viewed it earlier.  I’ve indicated appropriate changes above.

NOTE (JULY 13): See here for updates.