Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


GEIST: OCEANS OF DATA RIPE FOR ABUSE

Source: Toronto Star

Posted on January 30, 2006

By Michael Geist

      The Internet community has been buzzing for the past 10 days about the U.S. Department of Justice's demand for search data from the world's leading search engines. Yahoo, AOL, and Microsoft have all reportedly complied with the request; however Google refused, paving the way for a major court battle in the months ahead.

      While much of the focus has been on the privacy implications of the justice department's request, the story highlights a much bigger issue - the significant risks and rewards that arise from retaining enormous amounts of data.

      Canadians have become accustomed to protecting their personal information by safeguarding their identification cards, shredding bank statements, or trusting their health provider to protect their medical files. Yet they have limited control over search engines, Internet service providers, and e-commerce companies that retain an ever-expanding mountain of data that can reveal personal preferences, interests, and habits.

      The U.S. justice department's demand stems from an attempt to prove that legislation, rather than technologies such as content filtering, would be more effective at blocking children's access to "harmful" materials. To prove its case, it sought data from leading search engines that would allow it to gauge the amount of available pornography on the Web as well as the frequency with which Internet users search for such content.

      The authorities' initial data request was stunning for its sheer breadth. Requested were all Web addresses (URLs) contained in Google's database as well as a record of "all queries that have been entered into your company's search engine between June 1, 2005 and July 31, 2005." In other words, they wanted a list chronicling every website in Google's database, with literally every search request over a two-month period.

      When it faced resistance, the justice department agreed to a narrower request that included a random sample of one million Web addresses as well as a list of every search string during a one-week period.

      Although none of this data relates to a specific individual - it covers hundreds of millions of Internet users - the request has still produced a chilling effect as many begin to question whether search requests thought to be anonymous could ultimately be tracked back to them.

      In a broader context, the demand also highlights the growing challenge associated with data retention. All companies, particularly those operating online, recognize the value of retaining information about users. Some is essential to providing customer service, while other data can be used to provide users with a customized experience by eliminating the need to re-enter passwords, automatically posting relevant content, or sending permission-based email marketing that accurately reflects the user's interests.

      The value of information extends beyond personal data. Once aggregated, retailers can spot trends among demographic groups, ISPs can gauge usage, and search engines can identify what is on the minds of the world's Internet users.

      Given its value, it comes as little surprise to find that companies retain such data for lengthy periods, using sophisticated data mining technologies to analyze the information.

      While these examples illustrate the rewards of data retention (which benefit both companies and their customers), significant risks also exist.

      The same data can be mined for purposes that extend far beyond the reasons for which it was provided. The Google case provides an illustration, as mere search terms take on new significance in the hands of justice department lawyers.

      Some data is not consciously provided at all - it is simply gathered automatically with little thought given to its potential uses. For example, private parties may demand ISP server logs that are generated automatically to assist with new defamation or copyright lawsuits.

      However, one of the biggest risks associated with data retention comes not from requests that proceed through the legal system, but from security vulnerabilities that put sensitive data into the hands of hackers. Last year, more than 50 million people in North America received notification that personal information had been placed at risk due to a security breach.

      Policy makers worldwide have scarcely begun to reconcile the risks and rewards of data retention. In the immediate aftermath of the Google issue, at least one U.S. politician has called for legislation to set limits on data retention and establish a positive obligation to destroy data under certain circumstances. In Europe, the debate has centred on mandating data retention to assist law enforcement.

      While Canadian privacy law establishes general obligations on data retention and destruction, there are few clear legal obligations to either retain or destroy information. In light of recent events, it is time to search for some solutions.

      Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can reached at mgeist@uottawa.ca or online at http://www.michaelgeist.ca.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.