Google on Anonymizing Server Logs

Here’s Google’s Global Privacy Counsel Peter Fleischer discussing in more detail Google’s recent laudable decision to anonymize its server logs after 18-24 months. The discussion helps illustrate the diverse interests that must be balanced in choosing how long to maintain information.

It’s often easy to disregard the value that deep wells of raw information have for information-based business. Fleischer explains some of how Google makes use of data to improve its services and protect users. These consumer-beneficial activities must be balanced against the background demand for privacy protection.

Of particular note, of course, is his discussion of the emerging government demands for data retention (some of which conflict with government demands for data destruction). Data retention mandates are outsourced government surveillance, neatly shifting the cost of surveillance to the private sector while avoiding limits on government action like the Fourth Amendment and Privacy Act (in the case of the U.S.). Too put a fine point on it, data retention is bad.

This explication of Google’s thinking is a welcome contribution to public understanding. I did get a little chirping on my B.S. detector where Fleischer says he had talked to privacy activists in developing their plans. I’d like to know which ones. It’s a small enough community that I figure I would have known about it (I say at the risk of sounding self-important).

I’ve been aware in the past of government agencies deluding themselves about taking privacy into consideration because they’ve heard from government contractors selling “privacy enhancing technologies” like immutable audit logs and such. As often as not, this stuff is lipstick on a pig - seeking to make bad surveillance programs acceptable by tacking on complex, fallible privacy protections.

I’m sure Google has done better than that in its consultations with privacy experts. At least, I hope I’m sure.