News & Information for Technology Purchasers
NewsFactor Network Sites:   NewsFactor.com Security CRM Business Sci-Tech Newsletters XML/RSS Feed  
   
Home Enterprise I.T. Hardware Software Communications More Topics...
Network Security
Average Rating:
Rate this article:  
Privacy Advocates Question Yahoo Privacy Advocates Question Yahoo's Data Policy
By Jennifer LeClaire
December 19, 2008 1:17PM

    Bookmark and Share
Privacy advocates are taking another look at Yahoo's new three-month data-retention policy, which at first appeared to be a new industry standard. Marc Rotenberg of the Electronic Privacy Information Center said Yahoo is actually just modifying log data after three months and keeping it. He said Yahoo has confused the privacy issue.
 

Advertisement

Yahoo on Wednesday announced a new data Relevant Products/Services-retention policy, but on Thursday privacy experts were still scratching their heads about what the policy really means.

Although it appeared Yahoo was setting an industry standard for data retention with a promise to anonymize user log data within 90 days (with limited exceptions for fraud, security Relevant Products/Services and legal obligations), privacy advocates say the announcement isn't clear.

"It's subtle, but it's important. Yahoo is not slashing its data-retention policy to three months," said Marc Rotenberg, executive director for the Electronic Privacy Information Center. "Yahoo is modifying the data at three months and keeping the data. So the real question is what is happening to the information that these search companies are keeping?"

Confusing the Privacy Issue

Yahoo said the heads of its business and engineering units worked with the privacy and data-governance teams to review the company's data needs. The goal was to ensure that Yahoo retains data only long enough to serve its business and user-experience needs while maintaining the ability to fight fraud, secure systems, and meet legal obligations.

"This policy represents Yahoo's assessment of the minimum amount of time we need to retain data in order to respond to the needs of our business while deepening our trusted relationship with users," said Anne Toth, Yahoo's vice president of policy. Yahoo is also expanding its policy to apply not only to search-log data but also page views, page clicks, ad views, and ad clicks.

Rotenberg said he would welcome a retention policy in which data is deleted or destroyed, but that's not what Yahoo has announced. As a consequence, he said, there's more confusion about what search-engine companies are doing with the data they collect.

"Just to give an example, the IP address is a unique identifier that more often than not links a search query to an individual user. Yahoo is not even removing the entire IP address. They are knocking out the last few digits," Rotenberg said. "That's a little like having someone's phone number and taking the last number off of it. That's not deletion. It gets very subtle and very complicated."

What Happens When We Search?

When a user conducts a search on Yahoo, Google, Microsoft Relevant Products/Services or another search engine, the companies collect a large volume of data. Most users aren't aware of how much data is collected because it happens behind the scenes.

For example, when a user searches, the engine collects data around the text, which is referred to as the search query. It also saves the date and time stamp, which is when the search occurred down to the second. It records the cookie, which is more accurately called a persistent identifier. It saves the IP address, and there's also a record locater.

"When the companies say they are deleting or anonymizing, neither of those statements are true. What they are really doing is modifying the data that they are keeping. Then the interesting question is, how are they actually modifying the data? What is being kept? What isn't being kept?" Rotenberg asked. "And the fairly obvious question is, is it possible to re-identify the person that made the search, because, at least from the privacy perspective, that's what this is all about."
 

Advertisement


Advertisement


 Network Security
1.   Peer-to-Peer Software Ban Sought
2.   Los Alamos Computer Security Weak
3.   Security Firm Fortinet Plans IPO
4.   Heartland Restraining Order Denied
5.   Social-Networking Security a Concern


advertisement
Social-Networking Security a ConcernSocial-Networking Security a Concern
Facebook hijacking shows dangers.
Average Rating:
ICANN Approves International NamesICANN Approves International Names
Dramatic increase in users expected.
Average Rating:
Center Opens To Battle CybercrimeCenter Opens To Battle Cybercrime
Increasing threat from hackers seen.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Enterprise Hardware

  Go Green with IBM Blade Center
  

Network Security Spotlight
House Lawmakers Push Ban on Peer-to-Peer Software
Stung by an embarrassing electronic leak revealing ethics investigations into dozens of lawmakers, Congress moved to prohibit federal employees from using the file-sharing software blamed for the disclosure.
 
GAO: Los Alamos Computer Security Has Weaknesses
Security weaknesses uncovered in Los Alamos National Laboratory's computer network increase the risk of a classified-information breach, says the Government Accountability Office.
 
Computer Security Firm Fortinet Plans IPO This Week
Fortinet plans to go public in an initial public offering, giving investors a chance to tap a network security provider with sales that are expected to grow. The IPO could be valued at $137.5 million or more.
 

Enterprise Technology Spotlight
Flat Shipments Hurt Dell Despite Increased Earnings
Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.
 
Smartphones: A Bigger Target for Security Threats
Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them attractive to thieves and hackers.
 
FBI Says Hackers Targeting Law Firms, PR Companies
Hackers are targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source
Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | Free Whitepapers | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2009 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.