Google balances privacy, reach

The search giant has to make sure its vast data on customer behavior isn't used to violate privacy.

A correction was made to this story. Read below for details.
Google CEO Eric Schmidt doesn't reveal much about himself on his home page.

But spending 30 minutes on the Google search engine lets one discover that Schmidt, 50, was worth an estimated $1.5 billion last year. Earlier this year, he pulled in almost $90 million from sales of Google stock and made at least another $50 million selling shares in the past two months as the stock leaped to more than $300 a share.

He and his wife Wendy live in the affluent town of Atherton, Calif., where, at a $10,000-a-plate political fund-raiser five years ago, presidential candidate Al Gore and his wife Tipper danced as Elton John belted out "Bennie and the Jets."

Schmidt has also roamed the desert at the Burning Man art festival in Nevada, and is an avid amateur pilot.

That such detailed personal information is so readily available on public Web sites makes most people uncomfortable. But it's nothing compared with the information Google collects and doesn't make public.

What Google knows about you

• Gmail -- The e-mail service offers two gigabytes of free storage and scans the content of messages to serve up context-related ads.

• Cookies -- Google uses cookies, which are commonly used to link individual users with activities.

• Desktop Search -- Google's Desktop Search lets users easily search files stored on their computer.

• Web Accelerator -- The application speeds Web surfing by storing cached copies of Web pages you've visited; those page requests can include personal information.

Assuming Schmidt uses his company's services, someone with access to Google's databases could find out what he writes in his e-mails and to whom he sends them, where he shops online or even what restaurants he's located via online maps. Like so many other Google users, his virtual life has been meticulously recorded.

The fear, of course, is that hackers, zealous government investigators, or even a Google insider who falls short of the company's ethics standards could abuse that information. Google, some worry, is amassing a tempting record of personal information, and the onus is on the Mountain View, Calif., company to keep that information under wraps.

Privacy advocates say information collected at Yahoo, Microsoft's MSN,'s A-9 and other search and e-commerce companies poses similar risks. Indeed, many of those companies' business plans tend to mimic what Google is trying to do, and some are less careful with the data they collect. But Google, which has more than a 50 percent share of the U.S. search engine market, according to the , has become a lightning rod for privacy concerns because of its high profile and its unmatched impact on the Internet community.

"Google is poised to trump Microsoft in its potential to invade privacy, and it's very hard for many consumers to get it because the Google brand name has so much trust," said Chris Hoofnagle of the Electronic Privacy Information Center. "But if you step back and look at the suite of products and how they are used, you realize Google can have a lot of personal information about individuals' Internet habits--e-mail, saving search history, images, personal information from (social network site) Orkut--it represents a significant threat to privacy."

Kevin Bankston, staff attorney at the Electronic Frontier Foundation, said Google is amassing data that could create some of the most detailed individual profiles ever devised.

"Your search history shows your associations, beliefs, perhaps your medical problems. The things you Google for define you," Bankston said.

The Google record
As is typical for search engines, Google retains log files that record search terms used, Web sites visited and the Internet Protocol address and browser type of the computer for every single search conducted through its Web site.

In addition, search engines are collecting personally identifiable information in order to offer certain services. For instance, Gmail asks for name and e-mail address. By comparison, Yahoo's registration also asks for address, phone number, birth date, gender and occupation and may ask for home address and Social Security number for financial services.

"It's data that's practically a printout of what's going on in your brain: What you are thinking of buying, who you talk to, what you talk about."
--Kevin Bankston, staff attorney, Electronic Frontier Foundation

If search history, e-mail and registration information were combined, a company could see intimate details about a person's health, sex life, religion, financial status and buying preferences.

It's "data that's practically a printout of what's going on in your brain: What you are thinking of buying, who you talk to, what you talk about," Bankston said. "It is an unprecedented amount of personal information, and these third parties (such as Google) have carte blanche control over that information."

Google uses the log information to analyze traffic in order to prevent people from rigging search results, for blocking denial-of-service attacks and to improve search services, said Nicole Wong, associate general counsel at Google.

Personally identifiable information that is required for consumers to register for and log in to Google services is not shared with any outside companies or used for marketing, according to Google's privacy policy, except with the consent of the user, or if outside "trusted" parties


Correction: The original article incorrectly implied that Google Desktop Search can track what's stored on a user's PC. The service does not expose a user's content to Google or anyone else without the user's explicit permission.
Featured Video