US government demands Google hand over Internet search data

By Mike Ingram
21 January 2006

The US Department of Justice has asked a federal judge in San Jose, California, to compel Internet search giant Google to comply with a subpoena issued last year to turn over records that detail millions of Internet searches.

Google denied requests for the data, while rivals Yahoo, Microsoft and AOL have all handed over records to government lawyers, who claim they need the data to bolster claims that the Child Online Protection Act (COPA) does not violate the Constitution. The act was introduced by the Clinton administration in 1998 under the auspices of protecting children from online pornography. It established criminal penalties for any commercial distribution of material harmful to minors. The legislation was suspended a year later after a successful suit by the American Civil Liberties Union and others claiming the act violated the constitutional right to free speech.

Like all such legislation, its scope was far broader than its supposed target, making it an offense for web sites to post material deemed “harmful to minors,” which, as civil rights campaigners said at the time, could criminalize sites of some art galleries and book stores.

The request for search data is said to be part of an attempt to overturn the decision of the Supreme Court, which in 2004 upheld a lower-court injunction against enforcement of COPA. The Justice Department claims it needs the data in order to show that filtering software is no alternative to COPA, and therefore the suspension of the act should be lifted.

Even if this were the whole story, Google is absolutely correct in refusing to hand over the data, and there is no legal basis for compelling it to do so. As the San Jose Mercury News said in its editorial of January 20, “The request is not an appropriate use of subpoena power. The government wants Google’s data not as evidence in a case, but rather to conduct an experiment which it hopes will show that Internet porn filters are ineffective. In short, the government wants Google to help make its case, using the company as a research arm.”

But this is far from the whole story. The subpoena serves to highlight the extent of the Bush administration’s attacks upon privacy and democratic rights. The government’s demand for search data was first made in August last year. In the same month, the Bush administration issued an order for the extension of the Communications Assistance for Law Enforcement Act (CALEA) to cover broadband Internet access services and voice-over-IP telephony services. CALEA requires that companies make it possible for law enforcement agencies to intercept any conversation carried out over their networks and that communication records be made available. It also requires that the person being monitored not be told. This was only the latest in a string of antidemocratic legislation introduced in the aftermath of the terror attacks of September 2001, the most notorious of which are the multiple provisions of the USA Patriot Act.

Access to data held by Google and the other main search engines potentially goes much further in that it does not target named individuals but is essentially a fishing operation among random Internet users.

Assurances from the Justice Department that it is not interested in identifying individual users is of little comfort to those concerned about civil liberties, given recent revelations about illegal wiretaps and state spying on American citizens. It has been widely reported in recent weeks that the US government has gained access to vast databases of telephone records and e-mails provided to it by telecommunications companies. It will no doubt seek to do the same for Internet activity by working with service providers and search engines.

The subpoena dated August 25 requests, “All URL’s that are available to be located through a query on your company’s search engine as of July 31, 2005” and “All queries that have been entered on your company’s search engine between June 1, 2005 and July 31, 2005, inclusive.”

As a result of Google’s objections, the request was narrowed to 1 million URLs and one week of search data—still a massive amount of data. In a response dated October 10, 2005, Google objected to the request as “overbroad, unduly burdensome, vague, and intended to harass.” It added that “Google’s acceding to the request would suggest that it is willing to reveal information about those who use its services. This is not a perception that Google can accept. And one can envision scenarios where queries alone could reveal identifying information about a specific Google user, which is another outcome that Google cannot accept.”

Any possibility that specific users could be identified from the data requested is extremely troubling, given that the three largest search engines other than Google have all complied with government requests.

Yahoo spokesperson Mary Osako confirmed that the company complied with the Justice Department’s request, but added, “We are rigorous defenders of our users’ privacy. We did not provide any personal information in response to the Department of Justice’s subpoena. In our opinion, this is not a privacy issue,” she said according to Information Week.

A Microsoft statement said the company “did comply with their request for data in regards to helping protect children in a way that ensured we also protected the privacy of our customers. We were able to share aggregated query data (not search results) that did not include any personally identifiable information.”

Whatever the extent of the information passed to the government in this case, it sets a dangerous precedent for the future and raises fundamental questions about the amount of personal data that is kept by Internet sites such as Google. Through the use “cookies,” a small file placed on the user’s computer hard drive, Google keeps track of what searches are made by a user and what sites he or she chooses to visit.

In a statement published on its web site, the civil liberties group Electronic Freedom Frontier (EFF), while applauding Google for refusing to hand over the data, cited EFF Staff Attorney Kevin Bankston who said, “The only way Google can reasonably protect the privacy of its users from such legal demands now and in the future is to stop collecting so much information about its users, delete information that it does collect as soon as possible, and take real steps to minimize how much of the information it collects is traceable back to individual Google users.” Bankston added, “If Google continues to gather and keep so much information about its users, government and private attorneys will continue to try and get it.”

Google’s refusal to comply with the order does deserve some credit. Had it taken the same position as its rivals, it may never have come to light that such a request had been made. If the company were serious about protecting the privacy of its users, however, it would immediately destroy any data it currently holds on them. Such an action is extremely unlikely. The user data collected by Google is among its greatest assets due to the revenue it raises from targeted advertising and other services.