I spoke with Marketplace about Google's announcement that it will anonymize search data after 18 to 24 months (FAQ). I'd like to see more, but I think that's a good start toward building competition around privacy policies.
Google recognizes, as many of us did after AOL Research made available a batch of user search queries, that aggregated searches can contain sensitive information. Even if we trust Google with that information, we don't necessarily trust everyone who might get it from Google.
As Ben Adida cleverly puts it, is your privacy safe even "if you include a subpoena as part of the threat model?" Last year, the government tried to subpoena bulk search queries for a fishing expedition into the availability of sexually explicit material. We know this because Google opposed the subpoena, while MSN, AOL, and Yahoo did not. We don't know how many other subpoenas search engines respond to unopposed, without notifying the target of the information search. It seems to me only a matter of time before lawyers in civil and criminal matters start requesting this information as part of routine discovery efforts.
After recognizing that the public senses a threat, Google's announcement also shows it's moved beyond the privacy afterthought's of its GMail launch to see privacy as a strategic opportunity. That means there's something to balance against the default convenience of storing information forever.
I heard a similar strategic view of privacy from Microsoft Counsel Ira Rubinstein, at the Berkman Center to talk about Microsoft's Privacy Guidelines for Developing Software Products and Services, a detailed guide to the potential privacy impact of programming practices published last year. The Guidelines note, for example, that use of a pseudonymous GUID rather than a name reduces but doesn't eliminate privacy concerns, since the GUID might still be linked back to a name later.
Microsoft says "These guidelines have been engrained in our development process and are now incorporated into the Security Development Lifecycle," and the privacy review Rubinstein described could add time and expense to product development. Microsoft hopes those costs will be repaid in user trust for the company and the industry.
I've never thought a market solution was the answer to everything. Yet one of the particular barriers to a functioning market for privacy has been lack of information. Individuals don't think through all the consequences of data aggregation, perhaps don't even know all the possibilities for its use and misuse. Their failure to demand much privacy gives suppliers little incentive to offer it. By announcing more rigorous privacy practices, Google and Microsoft may be trying to prime the market for their own services and software, but they're also doing a service to the public in helping us understand the information privacy risks. If we're committed to market solutions, let's at least help them function better.