The gist of the announcement is two changes: The obscuration of some
IP address bits (currently it appears that this would involve the
least-significant octet of IP addresses recorded in the Google user
activity logs), and changes to provide for some form of cookie
Such an IP address change would allow for identification of any one
computer out of a group of 256, rather than the existing ability to
identify each computer individually. The actual impact of this
change from a privacy standpoint would vary greatly depending on the
type of addresses (dynamic vs. static) and the total range of those
IP addresses associated with any given organization. Cookie
anonymization effectiveness is more difficult to analyze until more
information regarding the algorithms to be used become available.
Both of these changes would be applied to data after an 18-24 month
period — during which time data would be retained intact — unless
future government data retention mandates require longer periods.
This is in contrast to Google’s policy up to this point of
maintaining all log data intact on an indefinite basis.
… while these changes can be reasonably
viewed as only a first step on the road to the kinds of data
retention privacy enhancements ultimately needed, taking that first
step at all can be reasonably viewed as an immensely positive sea
change to Google’s attitude toward this data.
Time will tell if the rest of that privacy road is traversed in due
course. It will be a challenging path indeed, especially in a
political environment where the pressure to retain data for extremely
broad retroactive investigatory purposes is growing at an alarming
rate. And as we’ve seen in the recent revelations regarding the
FBI’s violations of the PATRIOT Act,
the issues are all interrelated, and Google of course
must obey these laws….
This is a good example of the kind of tough issue that we need to get our minds around as we move into the Web 2.0 future. Obviously, Google has been reluctant to make this move because they see value in the non-anonymized data. I doubt they’ve been resisting this move “just because,” especially in the face of negative public opinion. My guess is that it helps them give users better search results, and that they have had a good, customer-focused reason for wanting to keep it.
But as Lauren points out, you have to take the long view, and especially in light of the tendencies of government to eventually want this kind of data to be kept, balancing the good vs. potential evils is essential.
This, by the way, is why the Long Now Foundation is important. Like Isaac Asimov’s Foundation, they take the long view of events, and try to foresee the consequences of our choices as they will play out over many years. It’s a worthwhile reminder. We should always study history, and think about what it means for the future.