Furor Over Google CEO’s Comments On Privacy

One of the big themes of the week is privacy. Facebook just did a major overhaul of its privacy settings to promote more public dissemination of user information and updates. There was an immediate outcry from some quarters as the site was a bit aggressive in setting users’ defaults to “everyone.”

In addition, Yahoo got called out for trying to suppress its surveillance menu for law enforcement. And Asa Dotzler of Firefox railed against Google and urged users to switch to Bing in response to comments from Google CEO Eric Schmidt that made the latter seem indifferent to consumer privacy.

So what exactly did Schmidt say about privacy?

He told CNBC Anchor Maria Bartiromo, on the cable network’s recent special “Inside the Mind of Google,” that people who have something to hide shouldn’t be doing things online that might potentially expose them if law enforcement seeks access to their search histories.

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” said Schmidt.

The Electronic Frontier Foundation and others have decried that position, especially as others within Google, such as Google VP Marissa Mayer, seek to assure consumers that their privacy is “protected” at Google.

In fairness to Schmidt he was saying that Google (and others) are subject to US law (the “patriot act”) and that law enforcement and government authorities can, as a practical matter, get access to search records because they’re retained “for some time.”

That then — the period of data retention — becomes the practical privacy battleground. Google’s new personalized approach to search results generally seeks to retain user data indefinitely, in cases where users don’t actively delete their histories. Danny explains how it works:

In Signed-Out Web History, Google knows that it has seen someone using a particular browser before. Behind the scenes, it has tracked all the searches that have been done by that browser. It also logs all the things people have clicked on from Google’s search results, when using that browser. There’s no way to see this information, but it is used to customize the results that are shown. It only remembers things for 180 days. Information older than that is forgotten. Google doesn’t know your name. If you use a different browser, Google doesn’t know your past history. In fact, you can’t even see your past history.

In Signed-In Web History, Google knows that a particular Google user is using Google. Behind the scenes, it has kept a record of all the things that person has done when signed-in, regardless of what computer or browser they’ve used. If they’re using the Google Toolbar with the page tracking feature enabled, then it has also kept a record of all the pages they’ve viewed over time. This information can be viewed by the user at any time, and the user can selectively delete info. They can also delete everything, if they want. If they don’t, then Google forgets nothing.

For those not signed in data is retained for 180 days and is associated with a particular browser. For those with a Google account who are signed in, data and web search history are, as mentioned, retained indefinitely until actively deleted.

The Google Chrome browser has a private “incognito” mode where no web history is captured. (Microsoft’s IE8 offers comparable functionality, called inPrivate browsing.) However if you’re signed in to a Google account while in incognito mode Google will still capture your search history:

if you sign into your Google Account while in incognito mode, your subsequent web searches are recorded in your Google Web History. In this case, to prevent your searches from being stored in your Google Account, you’ll need to pause your Google Web History tracking.

All this is not unlike the Facebook default “everyone” settings. Google will capture your search history and behavior unless you take affirmative action to prevent or block it.