Knight Ridder Newspapers

SAN JOSE, Calif. – Steve Shaer is feeling more skittish about Internet companies these days.

Not only is he upset that the federal government subpoenaed reams of data from four Internet companies – Google, Yahoo, AOL and Microsoft. He’s now wondering which online companies he can trust to keep his personal information private.

Although Google is strenuously fighting the government’s request for the information, the other three Internet companies gave authorities at least some of what they were seeking.

“It definitely brings up the issue of trust in those companies when they will comply with a bogus subpoena without fighting it,” said the Miami real estate developer. “It does give me pause that they would rollover without a fight.”

Revelations last week that government officials asked the four large companies to provide information about the billions of Internet searches conducted on their sites has cast new light on the fact that online companies collect and store so much potentially personal information about people.

Authorities in this case never sought any personal information about any of the companies’ users, according to court documents and statements by government officials last week.

But the case has nonetheless sparked a dialogue about how much those companies can be trusted to guard information about their users an how forthcoming they would they be if the government were more aggressive in its information requests. And it also raises questions about how many times companies may have already turned over information to third parties, including the government, without the public knowing.

For some people, these questions have taken on more importance at a time when the government has been given more freedom to search and spy on Americans.

Yahoo, Google and AOL didn’t respond to requests to be quoted in this story.

Internet users may be surprised to learn that the privacy standards for personal online data vary widely, said Chris Hoofnagle of the Electronic Privacy Information Center. Laws dictate what banks, telephone, cable and satellite companies can do with their customers’ information and with whom they can share it, he said.

But there are no rules, he said, to govern how most Internet and e-commerce companies handle personal information.

“There are no laws that stop the government from looking at that info,” Hoofnagle said.

The amount of information amassed by online companies grows daily. Companies such as Amazon, Yahoo and AOL are constantly signing up new members who willingly hand over their real names, addresses, gender, income levels and, in some cases, credit card information.

Search engines, meanwhile, are constantly building a growing record of search queries, Web site visits and Internet Protocol addresses, which can sometimes help identify who owns the computers being used by searchers.

Even without specific legal requirements to safeguard that information, most online companies have done a good job of policing themselves when it comes to privacy, said Trevor Hughes, executive director of the Network Advertising Initiative, which represents online marketing, analytics, advertising and email companies on privacy issues.

Google’s privacy policy, for example, says that it will only share personal information about its users with third parties in certain circumstances – if a user allows it, if business partners need it, or if it is “reasonably necessary” to comply with “any applicable law, regulation, legal process or enforceable governmental request.”

“I think it’s fair to say that, even in the absence of legislation, we’ve had widespread adoption of privacy practices and policies,” Hughes said. “The private sector generally has an incentive to do things in a good way.”

Yahoo forcefully asserted last week that it protects its users’ privacy.

Nonetheless, privacy policies are voluntary and carry no legal weight.

“They’re just stated intentions,” Hoofnagle said.

Companies could avoid many of these legal and social questions by reconsidering how much information they collect and how they long they store it, some privacy experts said.

Lauren Weinstein, a noted privacy commentator, said he worries that the U.S. government will someday try to compel companies to store their personal data for longer periods of time so it will be available to the government in the fight against terrorism.

European rules

Weinstein pointed to new rules adopted by European lawmakers that require Internet service providers and other companies to retain certain types of data for up to two years as a way to help fight terrorism.

“Part of the reason these problems come up is because this data is being retained in the first place,” he said.

Lee Tien, attorney for the Electronic Frontier Foundation, agreed.

“What we always say about subpoenas is, they can’t subpoena what you don’t have,” Tien said.

Some companies allow their users to purge their online accounts whenever they want. Other online services that host personal information will block search engines from crawling their sites, preventing them from creating their own records of the data.

But few Internet users take the time to understand or think about how much of their personal lives are stored online.

“It’s the society we live in, that we’re so open and trusting.” said Sonia Arrison, director of Technology Studies at the Pacific Research Institute think tank. “We make the assumption that everything is OK. And then something like this happens and it’s a wake-up call. I’m certainly going to think more about where I put my information.”

Copy the Story Link