Judge's Order For Google To Hand Over YouTube Usage Morphs Into Google Backlash On Storing IPs

from the backlash-everywhere dept

There was plenty of attention given to the judge's order that Google hand over log files to Viacom's lawyers in the Viacom/YouTube lawsuit, with much of it focused on what an awful ruling this was. Now it appears that some are trying to use this bad ruling to actually focus negative attention on Google instead. A lawyer who is also suing YouTube over copyright issues mistakenly claims that Google has tricked the press into making Viacom the enemy here. That's not quite true, though. Most of the anger was focused on the judge's decision, not on Viacom. However, he does make another, related point that is getting picked up by others as well: "How else do you explain why they have been collecting and using IP addresses to monetize their site (for a while now), yet only now, with great self righteousness, claim to be concerned about producing IP addresses?"

Of course, that's not quite an accurate portrayal of the situation either. It's one thing to store your own log files -- it's quite another to be asked to hand them over to a random third party. Louis Solomon's statement above is like saying "how can a doctor store your medical info and then, with great self righteousness, claim to be concerned about protecting your medical info." It's rather easy: the doctor has a right to the medical info, while a third party does not.

However, that hasn't stopped some privacy advocates from asking why Google has kept the log files in the first place. This doesn't strike me as being that big a deal, to be honest. There are plenty of reasons why Google should be able to control its own log files. I can understand questions concerning what it does with the log files should those actions violate user privacy -- but merely tracking how people use their websites hardly seems like a privacy violation.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    inc, Jul 11th, 2008 @ 4:29am

    if your IP address is hitting my server using my bandwidth, I sure as hell have a right to record and store that IP address. While I don't think Google should give out their logs and it's no ones business who visits their servers and IP address is far from private information. This is like saying your license plate is private. At the same time I don't want my Sunpass logs revealed to everyone.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    eh, Jul 11th, 2008 @ 5:01am

    Unless I'm totally missing something here, I don't think a "Judge's Order" really counts as a "random third party". This isn't just another company saying "hey, can I get that?". It's a judge. And I'm pretty sure we have to listen to those guys. You know, the law thing. :-P

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    vic, Jul 11th, 2008 @ 5:06am

    IP Logs vs. Medical Log

    That's just a terrible argument from analogy. Not too many lives depend on keeping track of which IP hits your site.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Jim Harper, Jul 11th, 2008 @ 5:14am

    Google Created an Attractive Nuisance

    I think the knock on Google is well-placed. The best notion I can come up with is to equate Google's data collection practices with the creation of an attractive nuisance. I've written about it here, though imperfectly. Read the comments for interesting challenges. Google absolutely has a right to collect IP information and whatever else users share with them. The more subtle question is what they should collect, and it's a bit less than "everything they can." Yes, Google uses data to improve their services, as they should - and users benefit from that. But they should really be cutting the edge on things like synthesized data - data that is developed from real data, that is statistically relevant for the purpose of an inquiry, but that is not actually real. This would allow Google its research capabilities (yes, slightly degraded and slightly more costly) without the attractive nuisance of huge swaths of personal data about users for litigants and governments to try to grab. So long as the Fourth Amendment's third-party doctrine exists, our protection must rely on preventing accumulations of data anywhere and everywhere, even with companies that have fully adequate privacy policies. They can't make good on their promises.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    simon, Jul 11th, 2008 @ 5:24am

    is not about privacy only

    google as a company that sales advertising, ip's are ways to control that the company from aloaska doesn't have its adds in filippines, or such, ip's are just scores for most of the job, and to be sure that your adds have been seen, and u have payed for a delivered product, you can say, this and this ip has seen the ad, ip pointing mostly to a region than to an house address in most of the cases of internet connection ...

    so , yes i belive for google is important to store the ip tracks...

    what should viacom get access in the extreme case is the statistics, of the parts they claim copyright infringement, but they should prove that google knew that those are copyrighted material and didn't remove them or that google didn't took them down after a DMCA claim... that if the DMCA still works...

    anyway... useless hot water here... 2cents wasted

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Shuryno, Jul 11th, 2008 @ 5:37am

    Re: is not about privacy only

    + how can Google prevents fraudulent clicks from advertizer's competitor , if it can't log IP usage?

    Almost all website in the world record IP, it would be foolish not too...

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    John, Jul 11th, 2008 @ 5:43am

    Google is right...

    Storing log files is essential to creating trending data and trending data is essential to improve service. They want to know which of their services are being hit the most and by whom. Not neccessarily WHO IN PARTICULAR, but IPs can show providers and providers show regions so they can see more people from the east coast hit this portion of the site and more people from the west coast hit this portion. This allows them to tailor their services to us.

    There is nothing sinister here. That's just the way logs are kept. Department stores, grocery stores and even amusement parks have been tracking usuage for years.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 5:45am

    Re: IP Logs vs. Medical Log

    What about the people using browsers with a "prefetch" feature that may have been on a page that links to a Viacom video on YouTube?

    What about anyone with something like AvG 8's "pre-scan" feature that crawls the web page of EVERY LINK you see to see if its a virus (works similar to the "prefetch)?

    Or how about a struggling single parent who's kids used YouTube to watch a Viacom video?

    People's lives CAN be ruined by this, just financially instead of medically. With the economy as it is that amplify's the damage.

    Sure, Viacom could be only going after the people who UPLOADED the content (which are the ONLY people they should be trying to go after) but I'm skeptical that will be the case.

    Thanks to the shambles of a system we have for copyright, Viacom sees it as having been given a money train.

    Expect lawsuits, and lots of them.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 5:47am

    Re:

    It's still giving it to a random* third party. Viacom said, "Hey, can I get that?" Good said no. Viacom ran to the judge and said, "Mommy, he's being mean." So the judge ruled against Google. Still a random* third party.


    *for certain values of random

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 5:50am

    Re: IP Logs vs. Medical Log

    No, you're right, but the argument was how you can store records and then be self-righteous when someone else wants to see them. Most disclosures of medical information don't threaten people's lives, either, but both are a violation of privacy. Google has a right to keep records and a duty to not let those records fall into just anyone's hands.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 5:58am

    Re: Re: IP Logs vs. Medical Log

    No. The Judge has specifically told them they may not use the logs for any other lawsuit, just the one between Google and Viacom.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Shane C, Jul 11th, 2008 @ 6:01am

    Legalities

    All of the research, and market study viewpoints aside, Google has an ethical responsibility to store IP addresses.

    YouTube has numerous times been used to exhibit illegal activities. In a purely ethical situation, Google should have in place the ability to provide (after a court order) any and all information leading back to the person posting the infringing video.

    In a hypothetical situation; If someone was to post a video of an unsolved murder being committed. How would you prefer Google to respond to law enforcement trying to investigate?

    A: Please provide us with a court order, and we will provide you with a possible step towards tracking the person who posted this video.

    B: We're sorry. We don't store any information about who accesses our systems for fear that said information may be abused.

    Obviously an extreme case, however it is a valid case.


    Now, as for handing over all logs to Viacom, I'm surprised that someone hasn't stepped in and sued to block the court order. If the VPPA actually does apply in this situation, then can't someone declare that their rights under this law are being abused by this court order?

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    moe, Jul 11th, 2008 @ 6:13am

    Re: Google Created an Attractive Nuisance

    "slightly degraded (research capabilities) and slightly more costly"

    So, a company whose main advantage is the quality of their research should use less reliable data that costs them more to produce and analyze?

    And they should do this because a judge made a ruling that is very likely in opposition to an existing law.

    Not to mention they are a publicly-traded company who has a duty to its shareholders.

    Sorry, I'm not buying that argument.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 6:13am

    Re: Legalities

    You must've missed the memo, it's illegal to post evidence of illegal activity on a video website like YouTube.

    (Suddenly has the brilliant idea of posting a video of himself posting a video of himself committing some other crime...)

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    eh, Jul 11th, 2008 @ 6:21am

    I know I'm just repeating myself here, but the issue is no longer between Viacom and Google. It's between a judge and Google. What are they supposed to do? Refuse to surrender the information? And then fines or jail time? They have to comply. It's the law. Viacom was just the complainer. The judge thought it was worthy of a court order. Google complies (as it should). And, yes, of course they should be storing this info.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 6:36am

    The analogy works like this. This situation would be like me suing for your medical files and the judge complying. It's not an issue between you and the judge, it's between you and me, the judge just thought it was a good idea. It's not the "law" either. His ruling can be over turned.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Shohat, Jul 11th, 2008 @ 6:36am

    Ahem

    What is the difference between an super-evil, omnipresent corporation such as Google having your logs, and some other, far less technologically capable company such as Viacom having it ?
    If you had to choose between the two, wouldn't a reasonable person prefer having the data stored by Viacom ?

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 6:37am

    Re: Ahem

    I've never heard of Google suing its own YouTube users.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jul 11th, 2008 @ 6:50am

    Re:

    your missing the point. the third party is viacom

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    PaulT (profile), Jul 11th, 2008 @ 6:59am

    Re: Ahem

    "other, far less technologically capable company such as Viacom having it"

    I'd rather have a company that knows what it's doing in charge of the data, thanks very much. "Super-evil"? Google? Compared to Viacom? Really?

    Here's the situation: Google stores data on its own users - no problem there in principle. It's never intended to be seen anywhere outside of Google. Then, Viacom sue and demand to see these logs. A judge agrees. Now, Viacom have the log data without any real reason to do so - that's the problem.

    If you don't see the problem, consider this: Viacom is a media conglomerate that's suing for a ridiculous amount of damages. Now that Viacom has user data, do you honestly think that they'll stop at suing YouTube if that lawsuit is successful?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    xs, Jul 11th, 2008 @ 7:04am

    Re:

    Judges are known to be wrong all the time, and plenty of their orders gets reversed or even chastized by other judges. Otherwise, what's the use of appeal courts, state superem courts and the US superem court?

    Even if this judge interpreted the law correctly, it doesn't mean the law itself is correct. Remeber, the whole civil disobedience thing was directed at laws that was wrong?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Beta, Jul 11th, 2008 @ 7:21am

    Re: Legalities

    In a hypothetical situation; If someone was to post a video of an unsolved murder being committed. How would you prefer Google to respond to law enforcement trying to investigate?

    A: Please provide us with a court order, and we will provide you with a possible step towards tracking the person who posted this video.

    B: We're sorry. We don't store any information about who accesses our systems for fear that said information may be abused.

    Obviously an extreme case, however it is a valid case.


    It is a highly contrived case (I'm not sure what you mean by "valid"), and it could quite easily (and more plausibly) go the other way: a man is divorcing his wife, accusing her of infidelity, and she may have sent email to another man who uses a gmail account.

    A. Here's his IP address, it looks as if he was using his home computer although his wife and kids have different email accounts.

    B. Sorry, we don't retain those records for fear that something like this will happen.

    Now here's one that comes up in the news much more often: a large company has a data breach. Maybe an employee leaves a laptop on the train, maybe their web server is laughably insecure, maybe a bull-headed judge orders them to reveal everything to a hostile lawyer.

    A. Oops. There go half a million SS numbers, a few gigabytes of private email, some sealed adoption records and the files on that *ahem* medical exam you had a few years back.

    B. Don't worry, we delete personal information as soon as we satisfy the specific reason we collected it.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Abdul, Jul 11th, 2008 @ 7:28am

    Re: Google is right...

    I do agree with you that there is nothing sinister about Google making and storing log files.Most analysis on this Google/Youtube/Viacom saga has been very partial. I came across this expert's analysis and to me it was well researched: Viacom, Google/YouTube Flap Hits Slippery Slope(http://www.internetevolution.com/author.asp?section_id=565&doc_id=158450&F_src=flftwo)

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    bobbknight, Jul 11th, 2008 @ 7:46am

    I'm Just Pissed Because

    That Viacom now knows that I watch Lesbians Kissing?

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Benjamin Wright, Jul 11th, 2008 @ 7:57am

    IP privacy

    If Google can assert its legal terms just by publishing them (on something less than its homepage), then a user can assert her own terms of privacy protection just by publishing them! The terms could say that search engines are not allowed to store the user's IP address. What do you think? --Ben http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    JS Beckerist (profile), Jul 11th, 2008 @ 9:17am

    Re:

    Sunpass == EZPass? Interstate IR transmitter so you can drive right through the booths?

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Peet McKimmie (profile), Jul 11th, 2008 @ 11:55am

    OK, here's what Google *should* do in future...

    1) Fit all their logging machines with state-of-the-art public key/private key encryption in hardware.

    2) Generate a key pair and *destroy* the private key so that no-one knows it.

    3) When logging, concatenate the IP address with the browser ID string and then *encrypt* it before logging it.

    Thus:

    They have a trail of user ID that works for their purposes just as well as the unencrypted stuff would, in that the same unique user generates the same encrypted ID and thus can be used to pull up the same ads.

    If the logs get out into the public domain, by lawsuit, accident or malice, there is no way to identify an individual user with a specific transaction unless you already know it was them - you can encrypt a user's IP and browser string to prove that it matches, but you can't look at a transaction and work backwards to the ID and browser string.

    A decent bit of overkill, say a 512 byte key, and everybody's happy but Viacom. Result.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Turd Nugent, Jul 12th, 2008 @ 11:43am

    Re: Ahem

    You're an idiot.

    What's at risk here is that anyone can now get all your surfing habits. While I may not like the fact that Google has IP addresses, if I use their site, I'm making the choice to go there. Any third party such as Viacom is thus invading my right to privacy.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Nasch, Jul 12th, 2008 @ 11:04pm

    Re: OK, here's what Google *should* do in future...

    1) Fit all their logging machines with state-of-the-art public key/private key encryption in hardware.

    Software would be better, so if there's a vulnerability found or otherwise better encryption developed, they could upgrade.

    2) Generate a key pair and *destroy* the private key so that no-one knows it.

    It would be simpler to just generate a one-way hash of the value. Any string gets hashed to a string of always the same length, and there's no way to derive the original string from the hash value. There's not even a key to destroy. Add some "salt" to make it even harder to find out any information. That would end up the same as your solution, just a little easier and a little more secure. The problem is Google probably wants more than just a marker, they want information about where you are too.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jul 14th, 2008 @ 2:45am

    Google keeps 18 months of search information with IP addresses, to be sold to interested parties, which is why I use Ixquick and others. Google was at least up-front about this after the AOL search data mess, where it was shown that a journalist could identify at least some people by name and address based solely off of their searches.
    They could also see that someone was planning on divorcing their deployed military spouse and move to another state. Was she fleeing abuse, and this information would help him to track her down since it included her current city and cities of interest? We have no idea.

    It sounds like YouTube has logs going back to it's beginnings. Most companies have learned not to keep too much data around, it's often damaging to the company when a litigant's attorney subpoenas it. Maybe they'll learn something here, but I doubt it.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Jul 14th, 2008 @ 2:53am

    Use TOR, block all ads, stop all scripts, stop all flash, strip http-refers, and don't let the bastards grind you down.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Beta, Jul 14th, 2008 @ 1:54pm

    Re: Re: OK, here's what Google *should* do in future...

    It would be simpler to just generate a one-way hash of the value... Add some "salt" to make it even harder to find out any information. That would end up the same as your solution, just a little easier and a little more secure.

    No good. In Peet's solution a user will have the same alias every time, so that it is possible to see a user's history (without identity). In your scheme a user will show up as a different alias every time-- in fact, I see no point in generating these hashes at all. If you simply discard all user information, the result will be like your solution but much easier and more secure (and with 100% less storage cost).

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Beta, Jul 14th, 2008 @ 2:04pm

    Re: OK, here's what Google *should* do in future...

    [Hash the user's identity] They have a trail of user ID that works for their purposes just as well as the unencrypted stuff would, in that the same unique user generates the same encrypted ID and thus can be used to pull up the same ads... [Y]ou can encrypt a user's IP and browser string to prove that it matches, but you can't look at a transaction and work backwards to the ID and browser string.

    No good. There are only a few billion users at most, so a fast machine can hash them all and make a directory.

    There is no good and simple solution to this, but here's one that's interesting: use a public key system so that only someone with the secret key can see which actions really belong to the same user-- and who that is. Then split the key among several entities in different countries, so that statistical research or user exposure require the cooperation of all. This is complicated and cumbersome, but pretty secure against carelessness and legal attack.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    George, Jul 18th, 2008 @ 10:38pm

    seriosuly...

    Does anyone seriously believe that the judge's orders are thought out and unbiased? Come the f*ck on. This is all past and done people! If you don't think Viacom had anything to do with the order than go back to sleep right now.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This