Thursday, July 10, 2008

One Subpoena Is All It Takes to Reveal Your Online Life

This New York Times article was an especially good analysis of the recent Google/Youtube records case, and what it tells us about how our most private information can be accessed and shared...particularly when there's a subpoena involved.

Saul Hansell writes:

Whenever questions are raised about privacy, big online companies talk about how benign their plans are for using data about their customers: Much data is anonymous, they say, and even the information that is linked to individuals is only meant to offer users a more personal experience tailored to their interests. They never talk about subpoenas.

...

The issue came up again last week when Google was ordered by a court to turn over records of activity on YouTube, including the user names and Internet Protocol (IP) addresses of people who watched videos. A judge agreed with Viacom that the records could assist its case arguing that YouTube has infringed on its copyrights.

...

But Internet companies are different from other businesses that keep records about their customers. A person’s activity online represents an unusually broad picture of his or her interests, transactions and social relationships. Moreover, it is the nature of computers to keep records of all of the bits of data they process.

...

The way the Internet is set up now, an I.P. address, by itself, doesn’t identify an individual user. But an I.P. address can be traced to a specific Internet service provider, and with a subpoena, the Internet provider can be forced to identify which of their customers was assigned a particular I.P. address at a particular time. That is how the recording industry has been identifying and suing people who use file sharing programs.

Viacom says that it isn’t going to use the information from Google to sue individual YouTube users for copyright infringement, but there is nothing under the law to stop it from doing so.

...

All this raises questions that I think Internet companies, privacy regulators and Congress would be wise to take stock of:

How much data should be retained by Internet companies and for how long?

What should Internet users be told about what sort of information could be disclosed about them in response to a legal action or government request?

Should there be new laws that define more clearly what the standards are for disclosing online surfing and searching activity?

Click here to read the article in its entirety.

No comments: