The New York Times has an article today about the privacy of one’s online intellectual activities and the increasing tendancy of ISPs and other online service providers to share that information with law enforcement (hopefully only when presented with a warrant or subpoena). From the article:
Who is sending threatening e-mail to a teenager? Who is saying disparaging things about a company on an Internet message board? Who is communicating online with a suspected drug dealer?
These questions, and many more like them, are asked every day of the companies that provide Internet service and run Web sites. And even though these companies promise to protect the privacy of their users, they routinely hand over the most intimate information in response to legal demands from criminal investigators and lawyers fighting civil cases.
[…]n short, just as technology is prompting Internet companies to collect more information and keep it longer than before, prosecutors and civil lawyers are more readily using that information.
When it comes to e-mail and Internet service records, “the average citizen would be shocked to find out how adept your average law enforcement officer is at finding information,” said Paul Ohm, who recently left the Justice Department’s computer crime and intellectual property section.
The issue has come to the fore because of a Justice Department request to four major Internet companies for data about their users’ search queries. While America Online, Yahoo and Microsoft complied with the request, Google is resisting it. That case does not involve information that can be linked to individuals, but it has cast new light on what privacy, if any, Internet users can expect for the data trail they leave online.
The answer, in many cases, is clouded by ambiguities in the law that governs electronic communication like telephone calls and e-mail. In many cases, the law requires law enforcement officials to meet a higher standard to read a person’s e-mail than to get copies of his financial or medical records.
[…]Investigators have found new ways to identify people who visit Web sites anonymously or use a false identity. Many Web sites keep a log of all user activity, and they record the Internet Protocol address of each user. I.P. addresses are assigned in blocks to Internet service providers, who use them to route information to the computers of their users. If an investigator determines the I.P. address used by a suspect, he can subpoena the Internet provider for the identity of the user associated with that address at a particular date and time.
Particularly relevant to my dissertation research is this concern:
Yahoo, Google and the new free AOL.com site, for example, maintain records of user surfing behavior. Google also keeps a log file that associates every search made on its site with the I.P. address of the searcher. And Yahoo uses similar information to sell advertising; car companies, for example, place display advertising shown only to people who have entered auto-related terms in Yahoo’s search engine.
It is unclear what standard is required to force Internet companies to turn over this search information to criminal investigators and perhaps civil litigants.
“The big story is the privacy law that protects your e-mail does not protect your Google search terms,” said Orin S. Kerr, a professor at the George Washington University Law School and a former lawyer in the computer crime section of the Justice Department.
Other lawyers argue that the law that provides protection for e-mail content, or even the Fourth Amendment protection against unreasonable searches, could be applied to data about Web searching, but the issue has not been tested in court.