More threads by David Baxter PhD

David Baxter PhD

Late Founder
Privacy options limited for Net services
Fri Oct 13, 2006
By ANICK JESDANUN, AP Internet Writer

NEW YORK - If you don't like what your favorite Internet search engine or e-commerce site does with information it collects about you, your options are limited to living with it or logging off.

Major search engines, for instance, all keep records of your searches for weeks, months or even years, often tied to your computer's Internet address or more. Retailers, meanwhile, generally presume the right to send marketing e-mails.

Although online companies have become better at disclosing data practices, privacy advocates say the services' stated policies generally don't give consumers real choice.

"None of them have gotten to the point of giving a lot of controls in users' hands," said Ari Schwartz, deputy director of the technology watchdog group Center for Democracy and Technology. Privacy policies "are about notice ... not about control."

Recent developments ? from companies losing laptops containing sensitive data to Time Warner Inc.'s AOL releasing customers' search terms ? have again turned the spotlight on Internet privacy.

But the push for stronger federal protections is countered by Attorney General Alberto Gonzales' desire to require Internet providers to preserve customer records to help prosecutors fight child pornography. Officials have released few details, though they say any proposal would keep the data in company hands until the government seeks a subpoena or other lawful process.

Federal law already limits how personal financial and health care data may be used, but U.S. privacy laws are generally considered weak compared with Europe and Canada.

Industry groups have stepped in with guidelines that go beyond legal requirements.

One group, Truste, requires member companies such as AOL and Yahoo Inc. (Nasdaq:YHOO - news) to give consumers a way to decline sharing personally identifiable information with outside parties. Companies also must disclose any use of tracking technology and specify personal information collected and how it is used.

"The fact that we don't license every person on the Internet gives consumers (the ability) to shop around," said John Tomaszewski, Truste's vice president for legal, policy and compliance. "We've got folks out there engaging in a higher standard than what is normally required."

Some companies go even further.

E-Loan Inc. customers worried about safeguards when data get outsourced to India can choose to have loan applications processed domestically, though loans in such cases would take two additional days to close.

Mark Lefanowicz, E-Loan's president, said about 80 percent of customers have agreed to outsourcing, and he said choice pre-empted any backlash.

"They have the right to deal with us under their terms," he said. "If we just disclosed we used an overseas provider, for a lot of customers it's irritating to them."

Comcast Corp., meanwhile, gives customers a range of options on how long its servers keep e-mail, while a small search engine called Ixquick promises to purge data within 48 hours.

In other cases, companies have responded to backlash from customers. When Facebook recently allowed easier tracking of changes their friends make to personal profile pages, users threatened boycotts and forced the company to apologize and offer more privacy controls.

But such cases are rare. Consumers generally haven't demanded better privacy options the way they shop around for better prices or ease of use, said Carl Malamud, senior fellow at Center for American Progress, a liberal think tank.

"As a consumer I don't choose based on practices for privacy," he said. "I choose based on functionality, and many consumers do the same."

So Google Inc. remains the leading search engine, even as it won't say how long it keeps data on what people search. Like other companies, Google says such information is helpful in improving services and fighting computer attacks and fraud.

Tom Lenard of the Progress and Freedom Foundation, a technology think tank that shuns government regulation, added that data retention lets credit card companies identify unusual activities and gives car dealers the ability to offer instant loans.

Limiting what companies can do would hurt consumers, Lenard said.

Many companies already restrict data sharing on their own but stop short of a total purge.

"There is such a mantra built around the information economy and how valuable the information is of the user that companies don't want to give that up," the CDT's Schwartz said.

Lauren Gelman, associate director of Stanford Law's Center for Internet and Society, said companies may not need all the data today, but they don't want to limit their future options, either.

She and others worry that keeping data longer than necessary could lead to abuse.

Already, many companies have acknowledged data breaches from Web site hacks or stolen laptops. And this summer, an AOL researcher released three months' of search terms on more than 650,000 subscribers without clearing it with superiors.

Jason Catlett, founder of the privacy group Junkbusters Corp., said individuals ought to have more opportunity to see, edit and delete records companies have on them. In many cases, he said, customers couldn't easily purge credit card numbers or their accounts entirely once they register with personal information, often a requirement just to make a single online purchase.

"There's still a lot of diversity in information practices," he said, "but there has been a convergence to what the average person would consider too low a standard."

Gelman said companies have little incentive to promise more.

"We're stuck where we have privacy policies that are basically written to the lowest common denominator," Gelman said. "Companies learn the only way they can get into trouble is to say they are doing something and then do something different. So they say they are allowed to do anything with the data to cover their butts."
Interesting article, I wasnt aware that search engines keep a list of your searches linked to your Ip address, I feel that is really an invasion of privacy, data like that shouldnt be kepted at all!!


I agree with you TTE it kind of does feel like an invasion of privacy but I guess like the first line of this article states:

your options are limited to living with it or logging off.


I feel that is really an invasion of privacy, data like that shouldnt be kepted at all!!
i think if we can look at something positive about this data keeping... such as the authorities being able to track paedophiles, child trafficking rings, drug rings etc... thelist goes on.. I think maybe tis a good thing in that respect. maybe one day there will be a way to track these ppl without needing to invade the privacy of Honest ppl.. unfortunately criminals don't wear any tags to identify who they are...etc until then i think i can live with my search parameters on a host data base somewhere in cyberland.
Replying is not possible. This forum is only available as an archive.