Focusing public attention on emerging privacy and civil liberties issues

Google Books: Policy Without Privacy

Top News

  • EPIC Launches "Fix Google Privacy" Campaign: In response to the recent announcement that Google has agreed to adopt a "Comprehensive Privacy Plan," EPIC has launched "Fix Google Privacy," a campaign to encourage Internet users to offer their suggestions to improve safeguards for Google's products and services. Submissions to EPIC will be forwarded to the Federal Trade Commission and considered by the agency as part of the final Privacy Plan. All comments must be sent before May 2, 2011. For more information, see EPIC - In Re Google Buzz and FTC - Analysis to Aid Public Comments. (Apr. 5, 2011)
  • Courts Rejects Google Books Settlement as Unfair, Also Finds that "Privacy concerns are real": Judge Denny Chin struck down a proposed settlement between Google and copyright holders that would have imposed significant privacy risks on e-book consumers. Google's proposal would have entitled the company to collect each users' search queries as well as the titles and page numbers of the books they read. In a February 2010 hearing before the Court, EPIC President Marc Rotenberg explained that this settlement would "turn upside down" well established safeguards for reader privacy, including state privacy laws, library confidentiality obligations, and the development of techniques that minimize privacy intrusions. Judge Chin determined that the proposed opt-out settlement was "not fair, adequate and reasonable." He further stated that "the privacy concerns are real" and that "certain additional privacy protections could be incorporated" in a revised settlement. For more information, see EPIC Press Release: EPIC Urges Court To Reject Google Books Settlement; EPIC: Google Books Settlement and Privacy. (Mar. 22, 2011)
  • EPIC Urges Court to Reject Google Books Settlement, Warns that Privacy Problems Cannot Be Fixed: In federal district court in New York, EPIC President Marc Rotenberg urged Judge Denny Chin to reject the revised settlement now before the court in Authors Guild v. Google. Mr. Rotenberg said that the settlement would "turn upside down" well established safeguards for reader privacy, including state privacy laws, library confidentiality obligations, and the development of techniques that minimize privacy intrusions. Mr. Rotenberg warned that the settlement would eviscerate legal safeguards for library patrons, commercialize access to information, consolidate Google's control of the Internet, and put in place an elaborate system of user authentication and watermarking. "A person at any library or any university in the United States that attempted to retrieve information from Google's digital library would be uniquely tagged and tracked. There is simply no precedent for the creation of such power." For more, see EPIC: Google Books and Privacy, EPIC: Google Books Litigation, and EPIC: Google Books: Policy Without Privacy, EPIC: Google Books Hearing Press Release. (Feb. 19, 2010)
  • EPIC to Defend Readers' Privacy at Google Books Hearing: On February 18, 2010, EPIC President Marc Rotenberg will appear in federal court in New York to represent readers' privacy and right to read anonymously. EPIC will urge Judge Chin to reject Google's deal with publishers, which requires readers to provide sensitive personal information to view digital books offered by Google, but fails to protect their privacy. EPIC previously moved to intervene in the case, observing that readers' interests are not represented, and warning that the settlement "threatens well-established standards that safeguard intellectual freedom," "imperils longstanding Constitutional rights," and "threatens to eviscerate state library privacy laws that safeguard library patrons in the United States." For more, see EPIC: Google Books and Privacy, EPIC: Google Books Litigation, and EPIC: Google Books: Policy Without Privacy. (Feb. 9, 2010)
  • Revised Google Books Settlement Fails to Fix Key Problems: Even after revisions, the Google Books Settlement still fails to address antitrust, privacy, and copyright concerns, according the the US Justice Department, privacy advocates, and academic authors.On February 4, the Justice Department filed a brief and issued a statement opposing the revised settlement. The Department said the revisions still ran afoul of authors' copyrights and did not fix antitrust problems. EPIC also continues to object to the settlement because it does not contain adequate privacy protections for readers. On February 4, EPIC informed the court of its intent to appear at the February 18 Fairness Hearing on behalf of users' privacy interests. For more information, see EPIC: Google Books and Privacy, EPIC: Google Books Litigation, and EPIC: Google Books: Policy Without Privacy. (Feb. 5, 2010)
  • Revised Google Books Settlement Announced, Privacy Problems Remain: The parties in the Google Books Settlement have filed an amended settlement. The Department of Justice, authors, EPIC and other privacy advocates criticized the original settlement. The revised settlement attempts to address price fixing and concerns about orphan works. However, the revised settlement does little to address privacy. Professor Pamela Samuelson stated “There are dozens of provisions in the settlement agreement that call for monitoring of what users do with books and essentially no privacy protections built into the settlement agreement.” For more information, see EPIC Google Books Settlement and Privacy, EPIC Google Books Litigation, and EPIC Google Books: Policy Without Privacy. (Nov. 17, 2009)
  • Federal Trade Commission Issues Statements on Google Books Settlement and Privacy: With the Google Books Settlement now under consideration in federal court, FTC Chairman John Liebowitz today issued a statement, calling attention to privacy concerns and the vast amount of consumer information that could be collected. The Chairman expressed the Commission's commitment to evaluating the privacy issues presented by Google Books, a sentiment that was echoed by Commissioner Pamela Jones Harbour in her statement. In a separate letter, FTC Consumer Protection Director David C. Vladeck urged Google to address consumer privacy concerns and to limit the secondary use of user data. For more information, see EPIC Google Books Settlement and Privacy. (Sep. 4, 2009)

Introduction

In 2005, the Authors Guild filed a lawsuit against Google arising from the Google Books project. In October 2008, the parties announced a proposed settlement. While the Google Books settlement is still pending, Google has released a Google Books privacy policy. The Google Books privacy policy contains ambiguities concerning key terms and permits the disclosure of user information to third parties.

EPIC Commentary on the Google Books Privacy Policy

KEY PROVISIONS FROM THE GOOGLE PRIVACY POLICY

The privacy policy set forth on the Google Books website outlines the basic Google policies regarding privacy, and incorporates much of the same language as Google's overarching privacy policy. It begins with a review of the key provisions of the Google privacy policy, including policies regarding the sharing of personal information, collection of log information, other optional Google services, and security standards.

Google Says: "We do not share your personal information with third parties, except in the narrow circumstances described in the Privacy Policy, such as emergencies or in response to valid legal process."

EPIC's Response: The information collected on Google Books, aggregated with the information collected by Google's numerous other applications, will allow Google to amass huge databases of sensitive user information. And Google's "Privacy Policy" allows the company to share that information with third parties at will. Because the policy fails to define emergencies and valid legal process, it leaves disclosure up to Google's discretion and allows the company to turn over user records or personal information to government authorities and other third parties without a valid court order (which is the requirement in most state library record privacy laws). In order for users to be assured of the privacy of their data, the settlement must specify what narrow circumstances allow for user information to be disclosed to third parties.

 

Google Says: "When you use Google Books, we receive log information similar to what we receive in Web Search. This includes: the query term or page request (which may include specific pages within a book you are browsing), Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser."

EPIC's Response: Google acknowledges that it collects and stores extremely detailed log information on every single access to Google Books. This includes not only what you are searching for, but also unique identifiers, such as IP address and cookies, that make it possible for Google or others to link your interests and your identity. The settlement should include a provision which states that the parties agree that no personally identifiable information, including cookies or IP addresses, may be obtained from any user of the Google Book Search.

 

Google Says: "In addition, you may choose to use other optional services that require a Google Account and which may receive and store information from Google Books in association with your Account, such as our Web History service. Unless you are logged in and using such a service, your activity on Google Books will not be associated with your Google Account. Books features that store information with your Account will show you the information you have stored and allow you to delete it (unless we are required to keep it by law or for legitimate and limited business purposes such as fraud investigations.) Google uses the information it stores for the purposes discussed in the Google Privacy Policy, including to improve our services and report on aggregate user trends."

EPIC's Response: This is the main privacy concern with the Google Books Settlement: that Google will create massive profiles of users of Google Books by linking Google Book activities with other Google Services. This provision shows the company's intent to do just that: to be a central repository, storing vast amounts of user information gleaned from email accounts, book searches, mapping inquiries.

"Deletion" of Information: While Google maintains that users will be empowered to delete this information, the policy does not clarify what “delete” means in this context. If the user deletes the information, is it cleared from the central server, or does it remain stored on the central server, but not appear when the user looks at his own account? This is an important distinction because the huge databases of information Google holds could exist indefinitely and be easily accessible to law enforcement authorities and other third parties. In order to address this, the settlement term described above should include the following provision: the parties should further agree that all log data will be destroyed (from Google's records, and not just the user's view) once the users request is fulfilled.

Use of Information: This provision also allows Google to use that stored information for just about any purpose. It states “Google uses information it stores for the purposes discussed in the Google Privacy Policy, including to improve our services and report on aggregate user trends.” “Improve our services” leaves much to Google’s discretion. Services to whom? The ability to target ads more accurately helps Google to improve its services. And Ad targeting involves the disclosure of information to third parties. The settlement should forbid Google from storing personally identifiable information (as discussed above) and should delineate the permissible uses for all other information.

 

 

PRACTICES SPECIFIC TO THE CURRENT GOOGLE BOOKS PRODUCT

Google Says: "The My Library feature lets you maintain a public online list of your favorite books and your reviews of those books. This information is stored with your Google Account. You may review and delete the information stored in the My Library feature at any time."

EPIC's Response: The language in this provision indicates that this is an opt-out feature. But, as in Blockbuster and numerous other opt-out schemes, many users who are not aware of the opt-out program will unintentionally broadcast personal and private information about what they are reading. In order to protect user privacy, features like this need to be opt-in, not opt-out. The settlement should include the terms of "My Library", which make the feature expressly an opt-in feature.

 

Google Says: "Special legal privacy protections for users may apply in cases where law enforcement or civil litigants ask Google for information about what books an individual user has looked at. Some jurisdictions have special "books laws" saying that this information is not available unless the person asking for it meets a special, high standard - such as proving to a court that there is a compelling need for the information, and that this need outweighs the reader's interest in reading anonymously under the United States First Amendment or other applicable laws. Where these "books laws" exist and apply to Google Books, we will raise them. We will also continue our strong history of fighting for high standards to protect users, regardless of whether a particular "books law" applies. In addition, we are committed to notifying the affected user if we receive such a request that may lead to disclosure of their information; if we are permitted to do so by law and if we have an effective way to contact the user, we will seek to do so in time for the user to challenge the request."

EPIC's Response: This provision highlights one of the best reasons for including privacy terms in the settlement: because existing laws do not protect users. A settlement term would bind the parties in a way that Google's privacy policy cannot, creating accountability for Google and third parties and requiring them to respect user privacy.

In this provision, Google argues that it will assert users' rights for them. But Google’s assertion of users' rights under library privacy laws would be impossible because Google Books does not qualify as a library for the purposes of these statutes. Library privacy laws typically have statutorily created definitions. For example, Michigan’s library privacy law states:

"A library record is not subject to the disclosure requirements of the freedom of information act, …unless ordered by a court after giving the affected library notice of the request and an opportunity to be heard on the request, a library or an employee or agent of a library shall not release or disclose a library record or portion of a library record to a person without the written consent of the person liable for payment for or return of the materials identified in that library record." See Mich. Comp. Laws § 397.603 (2009).

The Michigan statute has the following definition:

"Library" includes a library that is established by the state; a county, city, township, village, school district, or other local unit of government or authority or combination of local units of governments and authorities; a community college district; a college or university; or any private library open to the public.

Courts would not protect Google’s users because Google is not a library as defined by the statute. No matter what arguments Google makes in court on its users’ behalf, it would not be a library for the purpose of the statute and would, as a result, be vulnerable to law enforcement requests for records.

It is the users, and not Google, who should be empowered to assert privacy rights. Under the statutes, users are empowered to assert their own rights and, often, collect attorneys’ fees or statutory damages. If Google is entrusted with asserting these laws on behalf of its own users (as is presently imagined in its “privacy policy”), then what are users to do if Google, itself, is violating their privacy? If Google is serious about protecting the privacy of its users, it will create a method by which the users are empowered to get redress for violations of their privacy without relying on Google to assert their privacy rights for them. That is: Google will agree to privacy protections as a part of the settlement, which would allow users to vindicate their rights in court.

 

Google Says: Google can share information with outside companies and individuals when "We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law."

EPIC Response: As discussed above, there are no laws or contracts that would necessarily prevent Google Books from disclosing user information and records to law enforcement officers and other third parties without a valid court order. The library privacy laws, unless amended, would likely not protect Google Books users in the same ways that they protect library users. Thus, Google would be completely within its rights to disclose user information to other companies or to law enforcement (without a court order). The settlement must establish strict, binding guidelines to prevent Google from aggregating user information into profiles of users and then sharing that information with outside parties.

 

 

PRACTICES SPECIFIC TO SERVICES PROPOSED UNDER THE PENDING SETTLEMENT AGREEMENT

Google Says: "The Book Rights Registry will receive aggregate, non-personally identifiable information about usage of Google Books. Google will not require users to create Google accounts or in any way register their identity with Google, in order to use the following planned services: free online viewing of pages, use of the institutional subscription, use of public access service terminals in public libraries. However, Google will receive IP address and cookie information."

EPIC's Response: This in no way alleviates concerns regarding the collection of information. In order to link usage information to a specific user, Google does not need names or email addresses. A cookie would easily reveal the identity of the user if she logs into a Google account during the same session. This should be addressed in the settlement as discussed above - cookies and IP addresses should not be stored by Google or third parties.

 

Google Says: Google plans to build protections to limit the information (such as book titles) available to credit card companies about book purchases, and to enable you to delete or disassociate the titles of books purchased from your Google Account.

EPIC's Response: Google does not explain, even in the vaguest terms, how it plans to limit this information. If the company plans on protecting users’ information, the settlement should create a comprehensive plan that will allow users to be billed for book purchases without sending specific titles on to credit card companies. The settlement should also clarify what “delete or disassociate” means. Does it mean that the purchases are simply deleted from the users’ view, or are the records of purchases actually deleted from Google’s own servers?

 

Google Says: "Users will need to have Google Accounts in order to purchase books because such information is necessary to provide access to the user who bought the book. However, we plan to build protections to limit the information (such as book titles) available to credit card companies about book purchases, and to enable you to delete or disassociate the titles of books purchased from your Google Account."

EPIC's Response: There is no "necessary" reason that users need to have a Google Account to purchase a book from the Book Rights Registry. Other payment systems could be used. Also, this provision indicates that the title of your book purchases will be tied to your Google account, unless you opt-out, possibly for each title.

 

Google Says: "Any publicly available product authorized by the settlement will have a privacy policy comparable to policies you can see in our Privacy Center today for other Google products. That policy, in combination with the main Google Privacy Policy, will explain what information Google receives and stores when you use the product including any unique identifiers such as your account information, what we may do with that information, what security standards protect it against unauthorized access, and what choices you have about data provided to Google when you use the product as well as information about our data retention practices."

 EPIC's Response: This final provision from the Google Privacy Policy underscores the point that a privacy policy is not privacy protection. No where does Google says what its responsibilities are when it collects personal data, nor what rights users will have if Google does not uphold its obligations. Google simply states what it will do with the information it collects.

 

CONCLUSION

A privacy policy alone is not enough. The information that would be gathered as a result of Google Books is too sensitive to be left in the hands of Google and protected only by the company's own changeable privacy policy. Writing the privacy protections into the settlement would empower users to vindicate their rights against Google and others in court. The court that is considering the Google Books settlement should require that the company create a comprehensive privacy policy that is actually specific enough to create enforceable privacy standards and bind the parties to those standards.

In order to protect user privacy, the following provisions must be added to the settlement agreement:

 

Under ARTICLE I — DEFINITIONS, New Section 1.104 (p. 13)

"Personally Identifiable Information" is any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any:  (A) name, social security number, date of birth, official State or government issued driver's license or identification number, alien registration number, government passport number, employer or taxpayer identification number;(B) unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation; (C) unique electronic identification number, address, or routing code; or (D) telecommunication identifying information or access device (as defined in 18 USC§ 1028). 

 

Under ARTICLE III — GOOGLE BOOK SEARCH – RIGHTS, BENEFITS AND OBLIGATIONS, Section 3.10: Specific Prohibitions (p. 38)

"Any and all personally identifiable information gathered, collected, stored, or received by parties to this settlement shall not be disclosed to third parties without either valid court order or express, written permission by the user. Express written permission by user shall in no way be implied by user's decision to make use of Google Books or any other Google product. Nor shall permission be required in order to make use of Google Books or any other Google product. Users whose information is disclosed without a valid court order or express, written permission shall have the right to vindication in a court of law."

"The parties agrees that no personally identifiable information, including cookies or IP addresses, may be obtained from any user of the Google Book Search. The parties further agree that all log data will be destroyed once the user request is fulfilled."

"Google Book personally identifiable information gathered, collected, stored, or received by parties to this settlement shall not be used for the purposes of targeted advertising. Individual user information shall not be disclosed to third party advertisers for any purposes, including the tailoring of targeted advertisements."

"The My Library feature envisioned by Google which would allow users to maintain a public online list of favorite books and reviews of those books shall be an opt-in feature. Users shall not be automatically enrolled in this feature or any other feature that links specific books to individual user accounts. Instead, in order to be enrolled in any feature that links specific books to a user's account, the user must affirmatively agree to this linkage feature separately from any other user agreement or user registration."

 

Under ARTICLE IV — ECONOMIC TERMS FOR GOOGLE’S USE OF BOOKS, Section 4.1(d) Basic Features of Institutional Subscriptions (p.47)

"The parties agrees that no personally identifiable information, including cookies or IP addresses, may be obtained from any user under and institutional subscription of the Google Book Search. The parties further agree that all log data will be destroyed once the user request is fulfilled."

 

Under ARTICLE IV — ECONOMIC TERMS FOR GOOGLE’S USE OF BOOKS, Section 4.2(a) Basic Features of Consumer Purchase (p.48)

"Billing and payment shall not create a lasting record that ties a specific book to a specific user. If specific titles must be tied to specific users for the purpose of payment, all records of this transaction shall be destroyed within 48 hours of when the transaction is billed. Credit card companies, Paypal, and other forms of payment shall not receive information regarding what titles or books users are purchasing."

 

News Items

Resources