February 3, 2006 4:00 AM PST
Verbatim: Search firms surveyed on privacy
- Related Stories
-
Anti-China hypocrisy in Congress?
February 1, 2006 -
No booze or jokes for Googlers in China
January 26, 2006 -
FAQ: What does the Google subpoena mean?
January 20, 2006 -
Feds take porn fight to Google
January 19, 2006 -
Google balances privacy, reach
July 14, 2005 -
Search engines take the stand
May 13, 2004 -
Web privacy policies confuse Net surfers
June 24, 2003
(continued from previous page)
Adam Sohn, director of global marketing, sales and PR, Microsoft MSN
What information do you record about searches? Do you store IP addresses linked to search terms and types of searches (image vs. Web)?
Sohn: We record the query, the type of search (image, Web, local, etc.), the date and time that it was processed, the IP address from which the query came, and an anonymous, cookie-based unique ID. Storage of IP address information is common to many search engines. Microsoft maintains IP address to improve and protect the quality of our service, including for example the detection and diagnosis of fraudulent activity, security monitoring and intrusion detection and prevention, and the general operational health of the service. We use these records to look for anomalous patterns which indicate fraudulent activity. This helps use ensure that search results are not being manipulated
MSN does not currently maintain any other unique ID associated with an individual with MSN search queries.
Given a list of search terms, can you produce a list of people who searched for that term, identified by IP address and/or cookie value?
Sohn: We can provide a list of the IP addresses and cookie values for a given query, but this does not equate to a list of "people," only to a list of IP addresses and anonymous temporary ID numbers. We do not link search terms with personally identifiable information, and we have not designed our systems to enable that to be done. As a matter of standard business practice, we do not compile such lists. Mapping as described above would be done only for the purpose of responding to the legal request.
Have you ever been asked by an attorney in a civil suit to produce such a list of people? A prosecutor in a criminal case?
Sohn: While Microsoft normally does not comment on specific government inquiries, we can state that Microsoft has never received either criminal or civil requests to product such lists of people in conjunction with their MSN Search histories. It is our policy to respond to legal requests in a very responsive and timely manner in full compliance with applicable law. Microsoft is committed to maintaining user privacy, and any provision of data to law enforcement is driven by processes that help ensure that all legal requirements and privacy commitments have been met.
Given an IP address or cookie value, can you produce a list of the terms searched by the user of that IP address or cookie value?
Sohn: Yes. As a matter of standard business practice, we do not compile such lists. Mapping as described would be done only for the purpose of responding to the legal request.
Has you ever been asked by an attorney in a civil suit, or a prosecutor in a criminal case, to produce such a list of search terms?
Sohn: It is our policy to respond to legal requests in a very responsive and timely manner in full compliance with applicable law. The DOJ did contact us in the ACLU v. Gonzales case, but Microsoft has not received either criminal or civil requests related to MSN Search data before the subpoena in this case. We take the privacy of our customers very seriously. No personally identifiable information was requested, and none was supplied whatsoever. We shared some aggregated query data (not search results) and a small sample of pages in our index.
Do you ever purge these data, or set an expiration date of, for instance two years or five years?
Sohn: We do delete data today based on needs to run and maintain the services effectively; however we do not have details to share with regard to specific timeframes. We are reviewing our retention policies in light of European Union data retention regulations and will continue to work to set a reasonable time frame for purging data that balances privacy concerns with the need to meet important and legitimate business needs (such as fraud detection and prevention, as discussed above), along with the requirement to meet data retention laws.
Do you ever anticipate offering search engine users a way to delete that data?
Sohn: Some customers have expressed interest in MSN providing users more options regarding the types of data that MSN stores from their search sessions and the length of time that we store it. We are currently looking at ways that we might do that, but we do not yet have any firm plans.
Yahoo spokeswoman Mary Osako
Given a list of search terms, can you produce a list of people who searched for that term, identified by IP address and/or cookie value?
Yes, we can.
Have you ever been asked by an attorney in a civil suit to produce such a list of people? A prosecutor in a criminal case?
It's our company policy not to comment on legal matters.
Given an IP address or cookie value, can you produce a list of the terms searched by the user of that IP address or cookie value?
Yes, we can.
Have you ever been asked by an attorney in a civil suit to produce such a list of search terms? A prosecutor in a criminal case?
It's our company policy not to comment on legal matters.
Do you ever purge these data, or set an expiration date of, for instance, two years or five years?
We maintain data that will help us provide users with the best possible experience. Protecting our users' privacy and maintaining their trust is paramount to us.
Do you ever anticipate offering search engine users a way to delete that data?
We are always considering new ways to improve the user experience while preserving the high level of trust people have in us.
See more CNET content tagged:
cookie,
Verbatim,
America Online Inc.,
search,
IP address
So I type "B*sh sucks" and now google keeps that on my permenant record? And of course ISPs keep permenant records on every IP address you have ever had. So Now all the government needs to do is put two and two together and its has its potential terrorist list ready to go. Knock..Knock.. who's there? With all that is hapening tell me I'm wrong and it can't/won't happen?
How about this then. Hyper-global-healthcare.com "somehow" gets ahold Google's records(they apparantly don't delete anything) and then they figure out who has been searching for information on "lung cancer" and "how to quit smoking". Guess who gets kicked off their insurance plan?
There is no legitimate reason for Google to keep a record of what IP address searched for what. From this day forward I'm done with them, giving up my gmail account, and going to forward this article to everyone I can think of.