March 21, 2002
Mr. David Krane
Director or Corporate Communications
Dear Mr. Krane:
like to give you an opportunity to justify this use in more detail. Your privacy
policy at www.google.com/privacy.html is inadequate for a search engine of the
reach and magnitude of Google.
Two days ago, a story was dispatched by the Associated Press that described
place that forced the CIA to acknowledge my concerns and take immediate action.
This sort of accountability does not exist with respect to Google's use of
cookies, but the issues are the same, and the dangers are potentially even
greater with Google.
Here is a copy of the AP article, for your information. This email continues
after the story.
CIA Removes Web Tracking Software
By DAVID HO (Associated Press Writer)
The Associated Press, March 19, 2002
WASHINGTON (AP) - The CIA got caught with a hand in the Internet cookie jar.
The agency removed tracking software known as a "cookie" from one
of its Web sites this week after a private group discovered the banned practice,
said Mike Stepp, who manages the CIA's public Web site.
"It was a mistake on our part. It was not intentional," Stepp said
Tuesday. "The public does not need to be concerned that the CIA is tracking
them. We're a bit busy to be doing that."
Cookies are small software files often placed on computers without a person's
knowledge. The files can make Internet browsing more convenient by letting sites
distinguish user preferences, but they have been criticized for violating
privacy because they can track Web surfing.
in 2000 after it was discovered that the White House drug policy office had used
the technology to track computer users viewing its online anti-drug advertising.
The rules ban the use of "persistent" cookies, which track Web habits
One of those long-lasting cookies was found Thursday on a CIA site by Daniel
Brandt, president of Public Information Research, a private San Antonio-based
group that preserves publications related to intelligence and business.
Brandt said he discovered the cookie, which keeps working until 2010, when he
was looking at the Web site for the CIA's Electronic Reading Room, which
provides access to previously released agency documents.
"They're not supposed to be doing this," Brandt said. He said he
was particularly concerned because the reading room site allows users seeking
documents to search for particular words.
"The keywords you put in reveal an incredible amount about what you're
looking for and what your interests are," Brandt said. "It would be
very, very tempting to track that kind of information."
A notice on the CIA Web site states: "The Central Intelligence Agency
Web site does NOT use the 'cookies' that some Web sites use to gather and store
information about your visits to their sites."
Brandt sent e-mail to the CIA with his concerns and the agency responded on
Monday, removing the cookie and some other temporary cookies that were
Stepp said an outside company had redesigned the reading room Web site, which
was posted to the Internet on Jan. 29.
"Unbeknownst to us, it was loaded with some software, commercial
off-the-shelf software used for Web analysis," Stepp said. The software
included a cookie that tracked repeat visitors to the site.
To make sure no improper information about site visitors had been recorded,
Stepp said two sets of log files would be destroyed.
Congress issued a study last summer that found 300 cookies still on the Web
sites of 23 agencies despite the government ban.
Please note the quotation in this story about the seriousness of tracking
information from users, when such information consists of keyword search terms.
The fact that your cookie expires in 2038 and you track everything from the user
(IP number, time, and search terms) simply compounds the situation.
of cookies by other search engines. I have a feeling that Google's data
collection practices will not compare well from a privacy standpoint.
The fact that Google has (at least until recently) tried to remain ad-free,
suggests that your interest in tracking is not commercial. One might infer from
this that your tracking policies are even more intimidating that those of
1) Google has inadequate justification for planting a cookie that
expires in 2038 on every user, and also recording that user's search terms, IP
number, and time-date. If Google needs cookie-tracking feedback for software
design and improvement purposes, you could offer an incentive to accept a cookie
for browser configuration convenience, and clearly explain the consequences of
"opting in" with such a cookie.
2) Even given an "opt in" situation for a cookie, there is
no justification for an expiration date of 2038. Google could use session
cookies, or if this is not satisfactory, it would be easy to constantly reset
the cookie with a 30-day expiration date. That way, if a user didn't frequent
Google at least once a month, their cookie would expire. There is no excuse for
your near-immortal cookies. Mr. Jason Catlett of Junkbusters asked Larry Page
about this 15 months ago, with respect to the toolbar, and he did not get a
straight answer from Mr. Page about the reason for these cookies.
information from the user. However, many users now have static IP numbers. New
laws passed by Congress last year give authorities the right to obtain the
information in Google's possession, apparently without a showing of probable
cause, just as they now have the right to obtain logging information from
Internet service providers. With the new Patriot Act, the use of the GET instead
of the POST method for Google searching makes your case even weaker, as the
authorities can claim that the search terms are part of the URL, and that they
get logged with the URL in normal httpd logging. Therefore they may fall under
the definition of "routing and addressing" information that is subject
to "tap and trace device" scrutiny. Judges are required to approve
orders for such scrutiny without a showing of probable cause.
The fact that you record unique cookie ID, plus IP number, plus date and
time, makes much of your information "identifiable." Authorities can
also do a "sneak and peek" search of a Google user's hard drive when
he isn't home, retrieve a Google cookie ID, and then get a keyword search
history from you for this ID.
unrealistic picture of the extent to which your policy protects the privacy of
the Google user. And no mention is made of the expiration date of the cookie,
Finally, Google confesses that its policy is subject to change. If Google
changed its policy, would the data previously collected fall under the previous
policy, or would it fall under the new policy? And even if Google has the best
of intentions, it should be recognized that Google is subject to a change in
ownership or control, and that all privacy policies are inherently optimistic
for that reason alone.