Is Google Using A Privacy Double Standard?

There is a much longer post to be written on Google’s privacy policies and its history of combatting or complying with government requests for information and those of third parties using the courts to get access to user data. But I’ll take two recent items to illustrate the complexity and potential contradictions here.

Google was just ordered to turn over the identity of some Gmail users pursuant to a defamation lawsuit between a Miami-based developer and a newspaper publication that tied the developer to government corruption in the Turks and Caicos Islands. According to an AP article:

Developer Cem Kinay of Miami accuses TCI Journal of causing “reputational damage and lost profits,” according to a civil complaint filed in California. A court order tells Google to turn over data that may help identify users of the newspaper’s account with Gmail, the Internet search company’s e-email service.

Google said in a statement to The Associated Press it is obligated to comply with “valid court orders,” but generally notifies users to give them time to challenge an order, as it did in this case.

This is legally identical to a recent case in which Google was ordered to reveal the identity of an anonymous blogger who was publicly insulting model Liskula Cohen. Ultimately the matter was dropped by Cohen. But it seems pretty clear that these sorts of defamation actions will continue and potentially even pick up steam. It’s also clear that Google will not get involved in defending against them or the idea of revealing user identities.

Stepping back, legal process often comes down to “reasonableness” and balancing competing interests. If someone is being defamed and it is causing damage the injured party does have the right to determine the identity of the person making defamatory claims and pursue an action. The process then determines whether the defendant is liable or not. The complicating factor is that judicial process is sometimes abused and sometimes “defamation” claims are used intimidate people and prevent speech or criticism; one could potentially put the first example above in that category (as the defendants claim).

Now I’ll turn to Google Books and Google’s recent statement about privacy and Books. On its public policy blog, Google says the following:

While Google Books has always been covered by the general Privacy Policy for all of Google’s services, we understand that the privacy of reading records is especially important to readers and libraries. We know that users want to understand how Google’s privacy practices apply to Books today, and what will happen after the settlement. To provide all users with a clear understanding of our practices, and in response to helpful comments about needing to be clearer about the Books product from the FTC and others, we wanted to highlight key provisions of the main Google Privacy Policy in the context of the Google Books service, as well as to describe privacy practices specific to the Google Books service. We’ve also described some privacy practices for services created by our proposed settlement agreement, which is currently awaiting court approval.

In its Google Books Privacy Policy Google says:

• We do not share your personal information with third parties, except in the narrow circumstances described in the Privacy Policy, such as emergencies or in response to valid legal process.
• When you use Google Books, we receive log information similar to what we receive in Web Search. This includes: the query term or page request (which may include specific pages within a book you are browsing), Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser . . .
• Special legal privacy protections for users may apply in cases where law enforcement or civil litigants ask Google for information about what books an individual user has looked at. Some jurisdictions have special “books laws” saying that this information is not available unless the person asking for it meets a special, high standard – such as proving to a court that there is a compelling need for the information, and that this need outweighs the reader’s interest in reading anonymously under the United States First Amendment or other applicable laws. Where these “books laws” exist and apply to Google Books, we will raise them. We will also continue our strong history of fighting for high standards to protect users, regardless of whether a particular “books law” applies. In addition, we are committed to notifying the affected user if we receive such a request that may lead to disclosure of their information; if we are permitted to do so by law and if we have an effective way to contact the user, we will seek to do so in time for the user to challenge the request.

Without getting into a an arcane legal discussion here, Google is saying that it must comply with court orders but that it will protect users’ privacy and fight against disclosure of reading lists and user search queries. Google did something analogous in early 2006 when it was the only major search company to fight a Justice Department subpoena seeking search records, justified on that grounds that it was part of the enforcement of the 1998 Child Online Protection Act.

One could imagine the US government or some overzealous government agency trying to get access to reading lists or records to see who might be reading about terrorism or bomb-making or “communism” (even). In that latter context, think about how valuable Google Book Search queries and reading lists would have been, if they had existed in 1950, to someone like Senator Joseph McCarthy in seeking to root out “spies in our midst.” This is hyperbole on my part to make the point that the government might want to get access to this type of information, as it did with query logs in 2006.

Google is steadfastly saying that it will resist such efforts. But is there a double standard?

Where individual identity is an issue it has indicated it will reveal that information if there is a court order. But where broader search query logs are implicated it has fought or indicated it will fight (although that has been championed under the banner of individual privacy). I’m not trying to be a cynic here but I’m seeking to find a way to reconcile these potentially contradictory positions on user privacy.

Google, what say you?