Data retention

My post the other day, 'Things Google Knows About You', picked up quite a few misinformed comments but also a few excellent additions.

On the good side, George Hotelling wrote "I guess the question about trusting Google comes down to this: do you trust this information to be available to anyone who gets a court order for it?"

It's the same problem that was discussed for data retention by ISPs, in the US and the EU, where a number of authorities could request details of your internet traffic. Many people say they have nothing to hide, but that's irrelevant when someone else has the power to decide what it is that you should have to hide.

An illustration of the data gathering that *anyone* can do with Google's database of web content can be found on Trevor Smith's weblog, where he gathered data to find out more about (and perhaps to intimidate) a possibly suspect business operator. It's not hard to imagine that if Trevor had connections to a government authority he could request data from an ISP, and if he had a reasonable suggestion that there was fraud involved then the authorities could request Google to provide, for example, all of the searches that this person had run and all the rest of the linked data. If the checks on the authenticity of and evidence for those claims aren't rigorous, as they didn't seem to be for requests for personal information from ISPs for file sharing under the DMCA, there are many opportunities for blackmail and persecution which would be quite easily avoided by simply not storing the data in the first place.