The Google-Viacom decision. Did Google sell IP down the River?
Louis Gray pointed me to this post on Profy by Cyndy Aleo-Carreira that changes my view on the Google-Viacom decision. I had assumed another clueless judge listening to another corporate lawyer sold a a few more of our privacy rights down the river in the decision of Viacom over Google. That decision by a NY Federal Court ruled that Vacom had the right to examine YouTube source code to make sure copyrights were not being infringed upon. In so doing, they would also see the IP addresses of viewers. Thus Viacom will be able to know what you watch on the Internet, which feels like a blatant violation of privacy rights.
But unlike the rest of us, Cyndy went and read the decision several times. And in so doing, discovered that the precedent for the judge's decision was--Google, who has previously argued for it's own reasons that your IP addresses was not personal data. The source of this goes back to Google's already controverial public policy statement.
First off, my thanks to Cyndy Aleo, who took the time to do some digging, the sort many of us do not always do in blogs. After that my head spins with ironies. The issue of IP addresses being violated by a court on Friday, was in my mind dwarfed a bit, by the revelation that Iran is considering execution of bloggers who write in ways that could steer readers away from Muslim.
But that brings me to the part about Google's sanctimonious slogan of "Do no evil." A fact that most of us deal with is that all companies--and people--do a little evil some of the time. Most of us also realize that so much of the evil we do is inadvertent and even felt quite innocent--like driving an SUV to the market.
Google is a big public company. It has obligations to shareholders, employees, customers and so on. Many of its calls are tough calls. But by positioning itself as a morall superior entity, its mistakes are tht much more glaring. Google in defending it's potential evil desire to keep it's privacy policy private has apparently buit the apparently more evil case for disclosing IP addresses.
[NOTE: This post has been reedited. I had not [properly attributed the fine work that Cyndy Aleo had done in the original article and I apologize for that.]
Shel - The IP address disclosure issue gets far more challenging when you consider Google Health - Google's personal health records service. Google and Microsoft (with Health Vault) are not subject to and are not electing to conform (rightly so in my opinion but I'm not a lawyer) with HIPAA guidelines that govern data privacy for healthcare providers and patients.
GOOG & MSFT are not healthcare providers so their position is that HIPAA doesn't apply. G&M are not obtaining records directly from a healthcare provider. Instead, individuals obtain health records from a healthcare provider and decide to "disclose" and let Google/Microsoft manage their electronic health records.
I'm sure at some point there will be a realization and related uproar that an IP address could be associated with personal electronic health records or data managed by Google or Microsoft. The current HIPAA regs tend to apply paper logic to online scenarios that defy paper logic. IP address "privacy" is one example where a strict interpretation of HIPAA's paper-centric logic would make most network security engineers laugh or cry.
So, are you ready to lead the charge for supplementing social security numbers with a permanent, personal IP address scheme (or equivalent) that is private, secure, encrpyted and portable as we all learn to navigate in Global Neighbourhoods? No doubt in my mind that having pervasive electronic health records is a good plan for addressing major US healthcare problems - preventing duplicated lab tests and medication conflict/errors to name just a few easy benefits.
Or shall we leave it up to Google, Microsoft and the courts to sort out the gap between laws/regs that were written to protect consumers based on a paper/print perspecitve to keep important records vs. the brave new world of IP addresses? With YouTube, we all have the option to decide not to post and avoid IP address disclosure. Last time I checked, I didn't have the option of telling my doctor how, when and where to keep records.
Posted by: Tom | July 05, 2008 at 11:45 AM
Shel, thanks for the notes. It should be clarified that while I did find the article, I did not write the article, and Cyndy of Profy should be given credit for the research and authoring.
Posted by: Louis Gray | July 05, 2008 at 12:25 PM