Judge's Order For Google To Hand Over YouTube Usage Morphs Into Google Backlash On Storing IPs
from the backlash-everywhere dept
There was plenty of attention given to the judge's order that Google hand over log files to Viacom's lawyers in the Viacom/YouTube lawsuit, with much of it focused on what an awful ruling this was. Now it appears that some are trying to use this bad ruling to actually focus negative attention on Google instead. A lawyer who is also suing YouTube over copyright issues mistakenly claims that Google has tricked the press into making Viacom the enemy here. That's not quite true, though. Most of the anger was focused on the judge's decision, not on Viacom. However, he does make another, related point that is getting picked up by others as well: "How else do you explain why they have been collecting and using IP addresses to monetize their site (for a while now), yet only now, with great self righteousness, claim to be concerned about producing IP addresses?"Of course, that's not quite an accurate portrayal of the situation either. It's one thing to store your own log files -- it's quite another to be asked to hand them over to a random third party. Louis Solomon's statement above is like saying "how can a doctor store your medical info and then, with great self righteousness, claim to be concerned about protecting your medical info." It's rather easy: the doctor has a right to the medical info, while a third party does not.
However, that hasn't stopped some privacy advocates from asking why Google has kept the log files in the first place. This doesn't strike me as being that big a deal, to be honest. There are plenty of reasons why Google should be able to control its own log files. I can understand questions concerning what it does with the log files should those actions violate user privacy -- but merely tracking how people use their websites hardly seems like a privacy violation.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backlash, ip addresses, privacy
Companies: google, viacom, youtube
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
IP Logs vs. Medical Log
[ link to this | view in thread ]
Google Created an Attractive Nuisance
[ link to this | view in thread ]
is not about privacy only
so , yes i belive for google is important to store the ip tracks...
what should viacom get access in the extreme case is the statistics, of the parts they claim copyright infringement, but they should prove that google knew that those are copyrighted material and didn't remove them or that google didn't took them down after a DMCA claim... that if the DMCA still works...
anyway... useless hot water here... 2cents wasted
[ link to this | view in thread ]
Re: is not about privacy only
Almost all website in the world record IP, it would be foolish not too...
[ link to this | view in thread ]
Google is right...
There is nothing sinister here. That's just the way logs are kept. Department stores, grocery stores and even amusement parks have been tracking usuage for years.
[ link to this | view in thread ]
Re: IP Logs vs. Medical Log
What about anyone with something like AvG 8's "pre-scan" feature that crawls the web page of EVERY LINK you see to see if its a virus (works similar to the "prefetch)?
Or how about a struggling single parent who's kids used YouTube to watch a Viacom video?
People's lives CAN be ruined by this, just financially instead of medically. With the economy as it is that amplify's the damage.
Sure, Viacom could be only going after the people who UPLOADED the content (which are the ONLY people they should be trying to go after) but I'm skeptical that will be the case.
Thanks to the shambles of a system we have for copyright, Viacom sees it as having been given a money train.
Expect lawsuits, and lots of them.
[ link to this | view in thread ]
Re:
*for certain values of random
[ link to this | view in thread ]
Re: IP Logs vs. Medical Log
[ link to this | view in thread ]
Re: Re: IP Logs vs. Medical Log
[ link to this | view in thread ]
Legalities
YouTube has numerous times been used to exhibit illegal activities. In a purely ethical situation, Google should have in place the ability to provide (after a court order) any and all information leading back to the person posting the infringing video.
In a hypothetical situation; If someone was to post a video of an unsolved murder being committed. How would you prefer Google to respond to law enforcement trying to investigate?
A: Please provide us with a court order, and we will provide you with a possible step towards tracking the person who posted this video.
B: We're sorry. We don't store any information about who accesses our systems for fear that said information may be abused.
Obviously an extreme case, however it is a valid case.
Now, as for handing over all logs to Viacom, I'm surprised that someone hasn't stepped in and sued to block the court order. If the VPPA actually does apply in this situation, then can't someone declare that their rights under this law are being abused by this court order?
[ link to this | view in thread ]
Re: Google Created an Attractive Nuisance
So, a company whose main advantage is the quality of their research should use less reliable data that costs them more to produce and analyze?
And they should do this because a judge made a ruling that is very likely in opposition to an existing law.
Not to mention they are a publicly-traded company who has a duty to its shareholders.
Sorry, I'm not buying that argument.
[ link to this | view in thread ]
Re: Legalities
(Suddenly has the brilliant idea of posting a video of himself posting a video of himself committing some other crime...)
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Ahem
If you had to choose between the two, wouldn't a reasonable person prefer having the data stored by Viacom ?
[ link to this | view in thread ]
Re: Ahem
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Ahem
I'd rather have a company that knows what it's doing in charge of the data, thanks very much. "Super-evil"? Google? Compared to Viacom? Really?
Here's the situation: Google stores data on its own users - no problem there in principle. It's never intended to be seen anywhere outside of Google. Then, Viacom sue and demand to see these logs. A judge agrees. Now, Viacom have the log data without any real reason to do so - that's the problem.
If you don't see the problem, consider this: Viacom is a media conglomerate that's suing for a ridiculous amount of damages. Now that Viacom has user data, do you honestly think that they'll stop at suing YouTube if that lawsuit is successful?
[ link to this | view in thread ]
Re:
Even if this judge interpreted the law correctly, it doesn't mean the law itself is correct. Remeber, the whole civil disobedience thing was directed at laws that was wrong?
[ link to this | view in thread ]
Re: Legalities
A: Please provide us with a court order, and we will provide you with a possible step towards tracking the person who posted this video.
B: We're sorry. We don't store any information about who accesses our systems for fear that said information may be abused.
Obviously an extreme case, however it is a valid case.
It is a highly contrived case (I'm not sure what you mean by "valid"), and it could quite easily (and more plausibly) go the other way: a man is divorcing his wife, accusing her of infidelity, and she may have sent email to another man who uses a gmail account.
A. Here's his IP address, it looks as if he was using his home computer although his wife and kids have different email accounts.
B. Sorry, we don't retain those records for fear that something like this will happen.
Now here's one that comes up in the news much more often: a large company has a data breach. Maybe an employee leaves a laptop on the train, maybe their web server is laughably insecure, maybe a bull-headed judge orders them to reveal everything to a hostile lawyer.
A. Oops. There go half a million SS numbers, a few gigabytes of private email, some sealed adoption records and the files on that *ahem* medical exam you had a few years back.
B. Don't worry, we delete personal information as soon as we satisfy the specific reason we collected it.
[ link to this | view in thread ]
Re: Google is right...
[ link to this | view in thread ]
I'm Just Pissed Because
[ link to this | view in thread ]
IP privacy
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
OK, here's what Google *should* do in future...
2) Generate a key pair and *destroy* the private key so that no-one knows it.
3) When logging, concatenate the IP address with the browser ID string and then *encrypt* it before logging it.
Thus:
They have a trail of user ID that works for their purposes just as well as the unencrypted stuff would, in that the same unique user generates the same encrypted ID and thus can be used to pull up the same ads.
If the logs get out into the public domain, by lawsuit, accident or malice, there is no way to identify an individual user with a specific transaction unless you already know it was them - you can encrypt a user's IP and browser string to prove that it matches, but you can't look at a transaction and work backwards to the ID and browser string.
A decent bit of overkill, say a 512 byte key, and everybody's happy but Viacom. Result.
[ link to this | view in thread ]
Re: Ahem
What's at risk here is that anyone can now get all your surfing habits. While I may not like the fact that Google has IP addresses, if I use their site, I'm making the choice to go there. Any third party such as Viacom is thus invading my right to privacy.
[ link to this | view in thread ]
Re: OK, here's what Google *should* do in future...
Software would be better, so if there's a vulnerability found or otherwise better encryption developed, they could upgrade.
2) Generate a key pair and *destroy* the private key so that no-one knows it.
It would be simpler to just generate a one-way hash of the value. Any string gets hashed to a string of always the same length, and there's no way to derive the original string from the hash value. There's not even a key to destroy. Add some "salt" to make it even harder to find out any information. That would end up the same as your solution, just a little easier and a little more secure. The problem is Google probably wants more than just a marker, they want information about where you are too.
[ link to this | view in thread ]
They could also see that someone was planning on divorcing their deployed military spouse and move to another state. Was she fleeing abuse, and this information would help him to track her down since it included her current city and cities of interest? We have no idea.
It sounds like YouTube has logs going back to it's beginnings. Most companies have learned not to keep too much data around, it's often damaging to the company when a litigant's attorney subpoenas it. Maybe they'll learn something here, but I doubt it.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: OK, here's what Google *should* do in future...
No good. In Peet's solution a user will have the same alias every time, so that it is possible to see a user's history (without identity). In your scheme a user will show up as a different alias every time-- in fact, I see no point in generating these hashes at all. If you simply discard all user information, the result will be like your solution but much easier and more secure (and with 100% less storage cost).
[ link to this | view in thread ]
Re: OK, here's what Google *should* do in future...
No good. There are only a few billion users at most, so a fast machine can hash them all and make a directory.
There is no good and simple solution to this, but here's one that's interesting: use a public key system so that only someone with the secret key can see which actions really belong to the same user-- and who that is. Then split the key among several entities in different countries, so that statistical research or user exposure require the cooperation of all. This is complicated and cumbersome, but pretty secure against carelessness and legal attack.
[ link to this | view in thread ]
seriosuly...
[ link to this | view in thread ]