Post 26/11, security measures and privacy issues are much talked about. So the news that search companies are cutting down on search data retention time, is of much relevance.
Search companies keep the IP addresses of their users for a period before making them anonymous. Until they anonymise the identities of its users, the information is used alongside other data, such as search queries, to improve relevance of search results and target advertising to the user, among other reasons. The most recent announcement came from Yahoo!, saying it would cut down data retention to three months in most cases, from the prior norm of 13 months. “This was our attempt to put a stake in the ground” Anne Toth, Vice President of Policy and Privacy Chief at Yahoo said on the issue, thus making its retention policy the shortest among peers. It is reserving the right to keep data for up to six months if fraud or system security is involved. Earlier this year, industry leader Google Inc. halved the amount of time it stores personal data to nine months, while earlier in December Microsoft Corp had said it will cut the time to six months if its rivals did the same.
The spate of reduction in retention times is a response to pressure from the European Commission’s data protection advisory group, the Article 29 Working Party, and other data protection officials to do more to protect the privacy of users. The commission is also pushing for the sector to adopt an industry-wide standard. Currently, there is disparity in the method companies are adopting in the process of anonymisation. Microsoft said it welcomed the move, but made a distinction between the timeframe and the method of making data anonymous. Yahoo! will delete the final segment of the IP address, which it said makes it no longer unique or identifiable. Microsoft is deleting all of the Internet address, which it said will break any potential link to a particular set of search queries. With its nine-month anonymisation, Google intends to change some of the bits in the user IPs stored on its servers. But that’s it. The plan would leave cookie data alone.
Let’s leave search companies and privacy issues alone for a minute and look at what risk Data retention could pose to National Security. Even Internet service providers can retain certain data. Back in 2006, this very issue was being debated in the US. A major concern was that the ISPs retaining data would also retain traffic information of federal, state and local governments. Classified federal systems, which generally don’t use the Internet, may be the exception. What problems could arise if commercial ISPs hold detailed records of all the communications to and from government agencies? Data retention may increase the risk of the exposure of undercover police or confidential informants. And this is just one example.