Google balks at providing YouTube records of employees

CNet reports on what may be the stumbling block in Google and Viacom’s failure to reach an agreement regarding YouTube user data (which I’ve blogged on here and here):

Viacom wants to know which videos YouTube employees have watched and uploaded to the site, and Google is refusing to provide that information, CNET News has learned.

This dispute is the reason the two companies, and lawyers representing a group of other copyright holders suing Google, have failed to reach a final agreement on anonymizing personal information belonging to YouTube users, according to two sources close to the situation.

From a discovery standpoint, I’m not sure what Google’s rationale might be for refusing to hand over employee data.  If anything, as the CNet article points out, employee data might be highly relevant to Viacom’s claims and detrimental to Google’s DMCA safe harbor defense.  What did the employees do?  Did they upload infringing videos?  Did they have actual knowledge of infringement?

In any case, this underscores why it’s a bad idea to leave privacy protections to those who profit from gathering our data.  It also makes Google seem to be more protective of its employees than of the public.  As TechCrunch put it today:

Google’s self imposed code of conduct is “Don’t be evil.”  It doesn’t say “don’t be evil unless there’s important litigation at stake.”  Google’s reputation is on the line, and how they respond will show their true character.  They’ve shown they’ll go to bat for employees, now it’s time for them to show they’ll go to bat for their users.

Hat tip: Gigalaw.

Google and Viacom: a privacy “Exxon Valdez?”

Might the court order that Google hand over YouTube viewer records become, as Ed Felten and others termed a few years back, an “Exxon Valdez” of privacy that makes informational privacy a national priority?  Unfortunately, I suspect not.  If the parties reach an agreement to anonymize the data and keep it out of the direct hands of Viacom, then public anger may subside.

What would be enough to mobilize the public?  In 2006, Ed Felten suggested that a privacy Exxon Valdez “will have to be a leak of information so sensitive as to be life-shattering.”  But how sensitive is our viewing of, for example, Harry Potter Puppet Pals?  It’s creepy to think of lawyers having access to it, but is it life-shattering?  Nonetheless, it appears that the public, companies, and Congress are becoming more attuned to privacy matters.  Just last week, Google and Yahoo both recently endorsed the idea of privacy legislation before the Senate Commerce Committee.

In the meantime, what the the litigants doing?  The NYTimes BITS blog notes, “A week after Google and Viacom both said they hoped to agree to make YouTube viewing data anonymous before Google hands the information to Viacom, no agreement has been signed.”  (Emphasis added.)  The parties blame each another.  A Google lawyer says: “If Viacom refuses to allow us to anonymize viewing history, we will seek review by the court.”  A Viacom spokesperson counters:

Viacom suggested the initiative to anonymize the data, and we have been prepared to accept anonymous information since day one.  We hope that Google will turn its focus back to anonymizing the data they are required to deliver, and spend less time making statements about why they won’t get it done.

It’s not especially clear what the parties are doing or how things might be resolved.  As I blogged recently, an earlier Times article initially stated that the parties were “working to protect the anonymity of YouTube viewers.”  (Emphasis added.)  A few hours later, the Times article was edited to say that the parties were “hoping to come up with a way to protect the anonymity of YouTube viewers.”  (Emphasis added.)  Apparently the parties’ resolve was tempered from “work” to mere “hope.”  The parties need to do better, especially Google, which collected and retained all the information.

Google finally posts privacy link on homepage

Yesterday, Google finally posted a privacy link on its homepage, replacing the word “Google” in the footer with “Privacy.”  A step in the right direction, but the link is in the smallest text, below larger links for “Advertising Programs,” “Business Solutions,” and “About Google.”  See below:

google-privacy-link

Hmm.  I wonder if the timing of Google’s change-of-heart had anything to do with this week’s court order that Google produce records of millions of YouTube user’s viewing habits.

Why does Google keep so much information?

Yesterday, I wrote about the “privacy paradox” and Google’s refusal to post a conspicuous link to its privacy policy on its homepage.   Today, the New York Times reports that the judge overseeing the Viacom/YouTube copyright lawsuit has ordered Google to turn over a database linking YouTube users to every video clip they have watched on the site:

The order raised concerns among users and privacy advocates that the online video viewing habits of hundreds tens of millions of people could be exposed.  But Google and Viacom said they were working to hoping to come up with a way to protect the anonymity of YouTube viewers., and

Viacom said that the information would be safeguarded by a protective order restricting access to the data to outside advisors, who will use it solely to press Viacom’s $1 billion copyright suit against Google.

It’s good that some steps are being taken to limit the use of the information.  But why is Google collecting and retaining so much information? Maybe there’s business value in keeping it, but there’s also business value in not angering hundreds tens of millions of users.  Google’s apparent taste for data retention risks a well-deserved loss of goodwill.  (Or considering people’s wayward attitudes towards privacy, perhaps not.)  I recognize that some information must be retained for a variety of reasons.  But the more unnecessary information you keep, the more likely somebody you didn’t envision — a wayward employee, a hacker, or even worse, an adverse litigant — will find a use for it you didn’t want.

The court’s order can be found here.

ADDENDUM: The Times has revised the text of the quoted portion of the article from when I viewed it earlier.  I’ve indicated appropriate changes above.

NOTE (JULY 13): See here for updates.

The privacy paradox and Google

At the New York Times BITS blog, Brad Stone reports on a study about to be released by George Loewenstein and several other Carnegie Mellon researchers about people’s parodoxical attitudes towards privacy and personal information.  In one experiment, some people were given express assurances of privacy whereas others were given none.  Strangely, the people given no assurances of privacy were twice as likely to admit to copying someone else’s homework.

In one sense, that’s paradoxical because assurances of privacy are intended to foster open communications, as with the attorney-client privilege.  But in another sense, the behavior is not paradoxical at all.  Express assurances of privacy may serve the socially useful prophylactic purpose — albeit sometimes unintended — of reminding people of the risks of volunteering personal information.  Even if people don’t really read privacy policies, seeing a conspicuous “privacy policy” link may serve as a cold glass of water to the face, reminding people that they are volunteering personal information, and that they should look before they leap.

That brings to mind the scrutiny Google has recently garnered for its refusal to put a conspicuous link to its privacy policy on its homepage.  Is Google concerned that a link will remind people of the implications of continually using the myriad Google services?  C’mon.  How many times did you use Google today?  And when, if ever, did you think about how much information Google may have about you?  As noted by The Register,

The company still indexes your email.  It still stores your IP address alongside your search history for at least 18 to 24 months.  And if it does “anonymize” your IP address after 24 months – and that’s a big if – it still refuses to anonymize the whole thing.

So if conspicuous reminders of privacy concerns are important, why won’t Google put a simple link on its homepage?  According to another post at BITS, a Google competitor stated that Google co-founder Larry Page “didn’t want a privacy link ‘on that beautiful clean home page.'”

I rather doubt that Page’s concerns are fueled by aesthetics.  One more link won’t change the site’s minimalistic look.  But the starkness of the Google homepage may largely explain why Google doesn’t want that link.  On most e-commerce sites, the visual clutter — think Yahoo — makes it unlikely that a privacy policy link will stand out.  But on Google’s “beautiful clean home page,” such a link would be significantly more conspicuous.

And paradoxically, perhaps more likely to serve its purpose.