It’s Not That You Can’t Trust Google- You Can’t Trust the Law

In the Viacom vs Google lawsuit, a judge has ordered that Google turn over a set of information which borders on personally identifiable information.  Although Viacom and the lawyers are supposed to keep all this data private, there is obviously new opportunity for this information to be leaked, abused, or used for other purposes.  It is unclear yet  whether Viacom will get IP addresses in the log data.  If they do, some users will be personally identifiable.  Although Viacom isn’t supposed to use this data to identify end users, they will now know whether or not other lawsuits could bear fruit (a.k.a. make money) for them.  If you think they won’t be coming after individuals, you’re wrong.  It’s just a matter of the right lawyer with enough data to know what to subpoena.  And even if the US Courts don’t allow Viacom access to this data, what happens when French Courts (or any other country) order that Google hand over the records? 

It doesn’t matter if you trust Microsoft, Google, or Yahoo.  The fact is that you cannot trust every government and every lawyer across the planet.  At the same time you have to expect that any international company will obey the law in the countries in which they operate.  This means the companies are going to hand over the data – it’s the law.  Even if this means handing over personally identifiable information to China so that they can execute dissenters, you have to expect the companies to do this.  Do you really expect *them* to break the law?

There is only one way to play this game, which is to NOT retain records of any kind.  If records are not kept, they obviously cannot be subpoenaed.

Personally, I do trust Google, Yahoo, and Microsoft.  I just don’t trust every lawyer on the planet.  And it only takes one lawyer to make my life a mess.  For this reason, I urge Google, Yahoo, Microsoft and all other internet companies to not keep logs.  I know it helps their businesses, but retaining these records makes it downright scary for me to use their services.  Get rid of the data, get rid of the problem.

Of course, these views do not necessarily reflect those of my employer.

See also:  Internet Trust – Present and Future

7 thoughts on “It’s Not That You Can’t Trust Google- You Can’t Trust the Law

  • July 5, 2008 at 7:30 pm
    Permalink

    I agree that an initial stance of not retaining logs is the place to start. The problem is, a recent case has found information temporarily in RAM to be subject to discovery. So even if you weren’t recording these logs at the beginning of the lawsuit, the court can compel you to record them as a part of discovery starting now.

    But certainly not having the logs in the first place is a fantastic starting point.

    Heck, The big 3 could arrange it such that a networking device irretrievably loses the source IP as part of SNAT at the inbound load balancer. Now that would be an interesting product to produce. You would have to buy such a thing from a third party. If you built it yourself, again the court could compel you to add a logging mechanism. But it would be much harder to compel a disinterested third party company (in a completely different jurisdiction, hopefully) to do so.

    Reply
  • July 6, 2008 at 1:24 am
    Permalink

    Great ideas Jeff. I like the direction.

    Of course, lawyers being lawyers, if this were to actually happen (keep no records for privacy sake), lawyers would help pass laws to *require* logs in some cases. Of course, these types of regulations exist in many industries. How long is it until each country has its own laws which represent a Chinese menu (so to speak) of what must be logged and not logged in their country?

    Yikes. You know where this is going? It’s going to get more complicated than a daylight-savings-time algorithm.

    Reply
  • July 7, 2008 at 11:05 am
    Permalink

    Aren’t there legal retention requirements for online services, ruling out the option of not keeping logs? As I recall, there was recently debate trying extend the time that companies are required to keep server logs to two years.

    Reply
  • July 8, 2008 at 11:45 pm
    Permalink

    Hi everyone,

    I’d be surprised if Google got rid of the logs. Isn’t this information vital to knowing everything that goes on on YouTube? What would Google see in the log information? But I’m all for “Let’s get rid of all the logs on the Internet. NOW!”

    I’m of the view that Google will have to find a way to prevent copyright infringement. My understanding is that Viacom asked for videos to be removed. The videos were removed, either by YouTube or by the user. The problem is that the same videos reappeared and Viacom was not happy. I have no idea how YouTube will be able to check EVERY video that is posted on its website. But this is what this case is dealing with in New York.

    I’m also following the new law project in France that will create a High Authority for the Internet. France will invest 15 millions euros in this and it should be up and running by January 2009. Lots of details yet to come. But the buzz is that Internet Providers will be forced to police illegal downloading, and report these copyrightminfringements to the High Authority. The user will then get Notices from the Authority. After 3 notices, his Internet connection will be disconnected.

    Many interesting legal things going on with the web. You can read what I have to say about some of these things (in French – 😉 on my website at http://dianablue.com

    keep up the good work!

    Reply
  • Pingback:Mike’s Lookout » Blog Archive » Don’t Keep Logs - The Funded Rocks

  • Pingback:Mike’s Lookout » Blog Archive » Yahoo Reduces Log Retention to 90days

  • January 15, 2010 at 11:19 am
    Permalink

    So what options do we have and how would I get away from the search engines that do keep records? I sue a Mac.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *