Privacy International issued a “study” over the weekend which analyzed the privacy risks, policies and culture of leading websites and singled out Google as the worst offender. Many people have already weighed in on this issue, notably Danny Sulivan with Maybe It’s Privacy International’s Report That Sucks and Matt Cutts with Privacy International Loses All Credibility. Today, Google responded to the EU working group on privacy. These posts generated hundreds of comments, including a couple by yours truly.
The issues surrounding privacy are both emotional and complicated. It is hard to imagine any scenario in the digital age that will put the genie back in the bottle Every purchase you make on a credit card is reported, recorded, parsed and resold by companies like http://www.acxiom.com/ as consumer profiles. Every opinion you ever post on a forum, blog or MySpace page is permanently cached somewhere. Every search, email, text message and IM has been entered in your permanent record.
Despite these facts, search is more personal and intimate than a purchase or a rant on a blog. Search reflects our innermost thoughts, dreams and fears and contains content as well as context. Search contains thoughts we would never put in an email or send in a message to our closest friends. While it is easy to associate our concerns about search privacy with the search engines and thus launch a highly public tirade at Google (or Yahoo, MSN and Ask), the problem of privacy and search goes well beyond the engines. As Matt Cutts and others have pointed out, the greatest threat to an individual’s privacy may be their ISP.
So, here is our modest proposal for the first step to the privacy issue:
We call upon all of the search engines to default to (or at least ALLOW) encryption for searchers via SSL to prevent third parties from intercepting our searches. A quick check showed that none of the major engines allow users to access their pages via https: Ask and MSN return a 404 and Google and Yahoo redirect to http.
Default to search in the secure mode (https) so at least the content of our query is protected from all of the intermediate players and the full responsibility for protecting them is on the engines. It isn’t a solution, but it is a good first step!