Alissa Cooper, of the Center for Democracy and Technology, says that steps by Google to make data anonymous are encouraging, but that personal info can still slip into the wrong hands and be linked back to a specific person, even if the company means well.
BOB GARFIELD: Alissa Cooper is chief computer scientist at the Center for Democracy and Technology. And she’s glad Google is going to anonymize all data collected by its new search engine Chrome, but she says that’s no guarantee of privacy. Sometimes, whether through a government wiretapping program or even just a divorce trial, personal data can be linked to specific people, even when the company that collects it tries to make it anonymous. ALISSA COOPER: The companies may not want to identify you using your name and your address and your telephone number, but that kind of identifying information tends to get collected just in the course of your Web activities.
You can think about searching for driving directions. Well, if you repeatedly search for driving directions starting from the same address, it becomes quite clear that it’s probably the address of your home or your work. It gets collected in the course of things, and because all of that information is stored over time and can be, in many cases, correlated together, that means that if it gets leaked - for example, we had this case with the AOL search logs that got leaked a couple of years ago. Supposedly all of that information had been anonymized, and yet there were reporters who were able to look at a bunch of logs and tie them back to a specific individual living in a specific place, and they went and they interviewed her.
So it’s not necessarily a case of ill intent or of bad motivation, but it’s just the upshot of collecting and storing all this data is that it can become identifiable in some cases. BOB GARFIELD: Now, you just used the term “anonymized,” and this figures into what Google has agreed to do. Tell me what anonymizing means. ALISSA COOPER: Well, it means different things to different people, and we actually tend to think [LAUGHS] that the word “anonymous” is somewhat overused in the Internet space. I think that anonymous information cannot ever be tied back to an individual. That’s – that’s my definition of it.
When we're talking about data and search logs, for example, all the search engines take some steps, and some of them call these steps “anonymization,” but in many cases information in the logs that they hold could probably still be tied back to an individual.
What you see with Chrome, for example, is that Google has said for all of the keystrokes typed into that box at the top of the browser, those are going to be anonymized after 24 hours, but they haven't quite given the details of what they mean by that.
So we're very anxious to see how that [LAUGHING] anonymization will work, because the mechanism that gets applied is really important to determining exactly how privacy-protective it actually is. BOB GARFIELD: So from your perspective, what society needs is a combination of laws and industry standards that would protect consumers from the very kind of technologies that are also [LAUGHS] serving them. ALISSA COOPER: Well, I think laws and industry standards are two very important components, but there’s a third piece, which is controls for consumers. What the browser companies are starting to do is by improving their different policies, by adding simple tools into the browser that make it easier for your average Internet user to safeguard their own privacy, they're putting the control in the hands of consumers when it comes to their own data. And that’s a really important step.
BOB GARFIELD: So sort of in the same way that I can go into a Safeway and get a discount card, and then Safeway knows about every tube of Preparation H I've ever bought, I can say, no, I don’t - you know what, I don't really need three cents off at the cash register that badly that I want a corporation knowing about my, uh, ointment habits. I can set my own degree of privacy on my browser in exchange for more or less utility from that same browser. ALISSA COOPER: Right. It can depend on your relationship with the site. There’s a feature in the new Internet Explorer, for example, that allows you to delete your browsing history to help you protect your privacy but save your history vis-a-vis the sites that are in your favorites.
So it’s a lot about sort of [LAUGHS] personalizing the privacy experience where you can say, yeah, I know this company, and I trust them, it’s okay for me to interact with them and for them to obtain my data; these other companies I'm not so sure, and I'd like to be able to control that experience. BOB GARFIELD: Alissa Cooper is chief computer scientist at the Center for Democracy and Technology. Thank you very much for joining us. ALISSA COOPER: Yeah, thank you.