Google Sold Us Out: The Viacom Decision
07/05/2008, 1 month 3 weeks ago
I have read and re-read Judge Stanton's decision in the Google/Viacom suit more times than I really should have. At first, I was as outraged as everyone else, assuming that Judge Stanton was one more government figure without a clue how the Internet even works.
So I called my mother, who works in the courts, and ran it by her, and she pointed out two things to me: one, any Judge has a stable full of much younger and savvier law clerks who research this stuff to death, and two, everything a Judge does is based on precedent. So I went back and read the decision a few more times.
One thing keeps coming back when you look at it: the precedent cited in the decision was Google's own virtual flapping lips.
Google, you see, claims that they shouldn't have to turn over 12TB of data about who watched YouTube videos because user data, including IPs, is private user data. The decision sites an entry on the Google Public Policy Blog from February, in which Google Software Engineer Alma Whitten states:
"the IP addresses recorded by every website on the planet without additional information should not be considered personal data, because these websites usually cannot identify the human beings behind these number strings."
And, quoted in the decision:
"We . . . are strong supporters of the idea that data protection laws should apply to any data that could identify you. The reality is though that in most cases, an IP address without additional information cannot."
Google can't play it both ways. Either our IP addresses and user data ARE private (in which case we should have a LOT more protection from our Moutain-View-based Big Brother) or they aren't. You can't say that they aren't protected when it comes to selling targeted advertising, and then claim it's private information when getting sued for copyright infringement on YouTube. Google needs to have a consistent policy when it comes to privacy and simply adding a link to a policy on their entry page doesn't cut it.
If you enjoyed this post, make sure you subscribe to profy RSS feed!
I don’t support many of Google’s privacy policies, but in this case, I DO NOT think Google is “playing it both ways”. I do believe that IP addresses on their own may not identify people, and hence as long as it is being used in isolation (for say, studying load patterns) there is no breach of privacy. However, in conjunction with other information like videos viewed and usernames, it poses a huge privacy risk; and this is precisely what Google is pointing out.
After reading and re-reading Judge Stanton’s decision, it’s not surprising that you got a little bit of eyestrain: You wrote here “4 TB of data”, and I’m sure you meant to write “12 TB of data on a few 4 TB drives”.
Judge Stanton ordered Google to copy the entire 12 TB logging database for Viacom.
If you stop and think about that logging database, and Google’s claim that IP addresses are “recorded by every website on the planet”… Does profy.com log every HTTP GET request and response? Along with the IP address?
Does Google’s logging database contain every HTTP GET request and response? They’ve been ordered to copy the entire 12 TB database.
@privacy-maniac Then why is Google tracking that data at all? If they weren’t pulling it themselves, they wouldn’t be in this mess.
@mike Thanks. Yes, that was a brain freeze moment and I fixed it. I was mulling over what I’d do if I were Google. Instead of using the 4 TB drives, I’d be sorely tempted to dig up a whole mess of 1.44MB floppy discs. It would be worth the man hours just to turn over the crates of data.
Google is wrong about IP addresses. They just say what suit them the best, which is wrong(evil:).
Btw, some people use their own name as username or their name can be found on their page when matching the username.
As for the IP address, it can be compared with a public site with the same date/hour. Imagine someone make a public post on another site and his IP address appears there, you match it with the Youtube IP and date/hour and bingo, you know who it was, at least at that moment.
The whole privacy concept is just starting as they are more and more information easly available by anyone.
Btw, imagine if both Google and Facebook get an order to release their data to a third party for analysis. Imagine all the matching they could perform with the IP / date stamp
I don’t say it’s a perfect indicator, but if someone has a static IP and that person says on his/her page that he/she is single and that he/she doesn’t have a lot of friends/family the chances are increased greatly. The IP alone could be a good indicator to identify someone. You just have to search for that IP and match it. The datetime stamp is usefull with dynamic IP to do the same thing.
_A_ website cannot identify a person from IP numbers, but can use those numbers to obtain
info that can be used to identify a set of people, and with sufficient effort can usually ID a
person.
This process involves lawyer and private investigator type actions so the judge probably
thinks that, because more research must be done to get the personally identity, the data
isn’t a privacy problem.
Note that an investigator would not use _one_ number, but would search thru the entire
database.
They are many webpages and other services that still show the IP addresses with date/time, no need for a lawyer and private investigator to match all these infos that are available publicly to ID a person.
I think it’s fairly obvious that not only does Google have the IP addresses, but also the userids, and that would clearly separate, for instance, me from my husband unless we were sharing an account. There’s no doubt in my mind that Google saves userid as well as IP address in the same data file. They want that entire profile for ad targeting.
The big deal is the Video Rental Privacy act, which is largely left out of this discussion (except by Bijan). There is tons of precedent using that act.
Nicholas, the Video Rental Privacy Act isn’t going to be used as precedent here. There are two major differences that would prevent that: one is that the VRPA has an actual customer contract in place. The TOS at YouTube is similar in theory, but without an actual paid transaction, it’s not the same type of contract. Secondly, Viacom’s issue has to do with viewing of videos that violate copyright law. The illegal material would probably supersede the VRPA at any rate, even if it was Blockbuster we were talking about instead of YouTube.
This is a perfect example of why google can not be trusted with our information, People may not realize but this is only the beginning, next they will contact every US Based Internet Service Provider, then force them to hand over names and addresses of everyone on that list, which by law they will be required to do.
Then what?
Cyndy, here is a political video: It is a video about the 18,000 votes that were “lost” in the Sarasota, FL election of November 2006. It’s a video that raise serious questions about the integrity of that election.
FL-13 HEARINGS: Evidence/ “Who Had Warehouse Access?”
http://www.youtube.com/watch?v=4acC583ZfWc
I do understand that Viacom has claimed that data regarding views of this video is somehow relevant to their claims of copyright infringement.
But this video is core political speech. If you’re saying that this video is now illegal in Florida, it’s certainly not because it infringes Viacom’s copyrights.
This is partly why I don’t use gmail. I wonder what kind of security they have to protect all those private emails? But it’s a free service, what do you expect?
As for YouTube, I don’t really care because I don’t watch many videos, in fact I have disabled Flash with “Flash Switcher”. I prefer reading
Do no Evil eh?
I guess the perfect PR shield is starting to show some cracks….about time folks saw through the BS. Its the same as when some one says, Trust me…. I think 6 of 8 times the following statement is a lie…Trust me
The forces of evil now focus on destroying Yahoo and Google.
The internet is a ‘highway’ do we sue highways? Should we sue the government for not disallowing every vehicle with illegal CDs, DVDs, drugs, weapons, etc?
I am sorry but this activity of suing facilitators such as Youtube and ISPs is just silly and won’t fix the problem. The problem for companies (and this has been noted millions of times) is the world has moved onto digital distribution systems, that people are sharing (like they did with mixed tapes) content they like and pricing is totally out of wack with current expectations.
I am sorry but I am not interested in a 10$ DVD when I get to watch a dozen movies a day on any of the basic cable packages. Maybe I wouldn’t mind buying a movie for $5 (MAYBE) but the point is not for $10 and not with a huge delay (2-3 days delivery?).
I expect instant access for my $5 and no I don’t want to go to WalMart to get it either.
Just my thoughts.
This is a complete invasion of privacy on the part of Viacom and our user information doesn’t have any relevance to their billion dollar lawsuit against Google. Google should be able to anatomize the user information before handing over 12 terabytes of personal information so my privacy and the privacy of millions like me are protected. I have a campaign that will force Viacom to allow Google/YouTube to protect us or 100,000 will boycott Viacom and all its subsidiaries: https://www.thepoint.com/campaigns/stop-viacom-from-invading-our-you-tube-privacy