U.S. Obtains Internet Users’ Search Records

Published by Steve on

Yahoo and others reveal queries from millions of people; Google refuses. Identities aren’t included, but the data trove stirs privacy fears.

Source of this article – Los Angeles Times, January 20, 2006

By Joseph Menn and Chris Gaither
Times Staff Writers

(Webmaster’s Note: Usually only articles that deal with trails or the environment are put on this site, but this article concerns an issue of such fundamental importance that it deserves wide exposure to all Internet users.)
SAN FRANCISCO — Federal investigators have obtained potentially billions of Internet search requests made by users of major websites run by Yahoo Inc., Microsoft Corp. and America Online Inc., raising concerns about how the massive data trove will be used.

The information turned over to Justice Department lawyers reveals a week’s worth of online queries from millions of Americans — the Internet Age equivalent of eavesdropping on their inner monologues. The subpoenaed data could, for example, include how many times people searched online for “apple pie recipes,” “movie tickets 90012” or even “bomb instructions.”

The Internet companies said Thursday that the information did not violate their users’ privacy because the data did not include names or computer addresses. The disclosure nonetheless alarmed civil liberties advocates, who fear that the government could seek more detailed information later.

A Justice Department spokesman said the government was not interested in ferreting out names — only in search trends as part of its efforts to regulate online pornography. But the search-engine subpoenas come amid broader concerns over how much information the government collects and how the data are used.

Congress is debating an extension of the Patriot Act, which dramatically expanded the government’s ability to obtain private data. And congressional hearings are expected soon on the legality of a National Security Agency program to track communications by U.S. citizens without prior court approval.

Privacy advocates said the opportunity to peruse search queries provided an unprecedented glimpse into people’s private thoughts and habits. Virtually unknown a decade ago, search engines rapidly have become an integral part of daily life.

Search engines maintain “a massive database that reaches into the most intimate details of your life: what you search for, what you read, what worries you, what you enjoy,” said Kurt Opsahl, a staff attorney at the Electronic Frontier Foundation. “It’s critical to protect the privacy of this information so people feel free to use modern tools to find information without the fear of Big Brother looking over their shoulder.”

The issue came to light this week only when Google Inc., the most-used Internet search engine, fought its subpoena. AOL, Microsoft and Yahoo also had been subpoenaed. Government lawyers filed a brief in U.S. District Court in San Jose seeking to force Google to comply.

Google’s refusal was first reported by the San Jose Mercury News.

Search engines and e-mail providers are asked for information on specific people in hundreds of cases yearly, both by law enforcement and in civil lawsuits. They generally comply, and their privacy policies warn users that data can be turned over to authorities.

Under a section of the Patriot Act expanding the use of so-called national security letters, companies such as Google can be asked to turn over potentially useful data — even about people who aren’t suspected of wrongdoing — while being barred from disclosing those requests.

But no previous case is known to have involved such a wide range of data.

“Their demand for information overreaches,” said Nicole Wong, Google’s associate general counsel. “We had lengthy discussions with them to try to resolve this but were not able to, and we intend to resist their motion vigorously.”

The other search engines disclosed the information after narrowing the government’s original request for two months’ worth of searches to one week’s worth. The week was not specified.

“We are rigorous defenders of our users’ privacy,” Yahoo spokeswoman Mary Osako said. “We did not provide any personal information in response to the Department of Justice’s subpoena. In our opinion, this is not a privacy issue.”

A Microsoft spokeswoman said the company complied with the request “in a way that ensured we also protected the privacy of our customers. We were able to share aggregated query data … that did not include any personally identifiable information.”

AOL spokesman Andrew Weinstein said the Time Warner Inc. subsidiary initially rebuffed the Justice Department’s requests and eventually provided “an aggregated and anonymous list of search terms…. What we gave them was something that was extremely limited, didn’t have any privacy implications and is fairly common data.”

Beth Givens, director of the nonprofit Privacy Rights Clearinghouse in San Diego, said those companies should have fought.

“Google and the other search engines,” she said, “represent a very appealing honey pot for government investigators.”

In some ways, Google’s action echoes Verizon Communications Inc.’s fight against the record industry two years ago. The record labels used a provision of a digital copyright law to demand the names of subscribers to Verizon’s Internet service who were suspected of swapping music files illegally. Verizon resisted, and a federal appeals court eventually agreed that the labels would have to sue individuals before forcing Verizon to turn over information on them. The Supreme Court declined to intervene in the case.

Justice Department spokesman Charles Miller said the government wanted an overview of what people look for online as part of its effort to restore an anti-pornography law that was struck down by the Supreme Court.

The Child Online Protection Act was adopted in 1998 after a similar law, the Communications Decency Act, was struck down on constitutional grounds. The Child Online Protection Act establishes fines and jail terms for businesses that publish sexually oriented material on the Web that is obscene or offensive, unless they weed out minors by demanding a credit card or other proof of age.

In 2004, the Supreme Court upheld an injunction against the law but sent the case back to a lower court in Pennsylvania. A majority of the high court wrote that the government could save the measure if it showed that the rules were more effective than Internet content filters at balancing the need to keep pornography from children against the free-speech rights of website operators.

Philip Stark, a UC Berkeley statistics professor working for the government, wrote in the San Jose court filing that the queries, along with a list of available websites, would help show what users were looking for and how often they found material that the government deemed harmful to minors.

The Justice Department also asked the Internet companies for the addresses to every website in their search-engine indexes, a request that was negotiated down to 1 million randomly chosen addresses. Government lawyers said they wanted that information to gauge the prevalence of websites that were harmful to minors and to measure the effectiveness of filtering software on those sites.

“We’re not seeking any individual information regarding anybody who entered the query terms,” Miller said.

He did not respond to other questions, including whether the department would rule out seeking such information in the future and how the existing data would be used.

Google said, though, that the words in a single text query could lead the government to a searcher’s identity.

“One can envision scenarios where queries alone could reveal identifying information,” the company wrote in a letter objecting to the demand.

Users often search for information about themselves.

More broadly, the company wrote, “Google’s acceding to the request would suggest that it is willing to reveal information about those who use its services. This is not a perception that Google can accept.”

Google has tried to cast itself as an enlightened company, going so far as to tell investors that it planned to do business under a simple rule: “Don’t be evil.”

But as Google has collected increasing amounts of information about its users, some observers have expressed concern that the company could break that rule by letting the data fall into the wrong hands or simply by complying with government demands.

“Google could help protect its users … by limiting the information that is kept and how long it is stored,” said the Electronic Frontier Foundation’s Opsahl. “The easiest way to respond to a subpoena is by saying, “We don’t have it.’ “