Google News

Google accidentally revealed more than it intended to in its latest transparency report. The Guardian reported today that it discovered “new data hidden in source code on Google’s own transparency report that indicates the scale and flavour of the types of requests being dealt with by Google – information it has always refused to make public. The data covers more than three-quarters of all requests to date.”

Those “requests” the Guardian mentioned are link-takedown requests invoking the so-called “right to be forgotten,” a legal [privilege and/or burden, depending who you ask] covering people and organizations in the European Union, but not in the United States (though some U.S.-based consumer groups would like to see that change).

Origins of "right to be forgotten"

The European “right to be forgotten” dates back to May 2014, when the E.U. Court of Justice ruled that Google and other search engines are, in at least some circumstances, legally obligated to stop linking to old news stories about various people — true and accurate news stories about people — if the people in question request it.

The original case was brought by a Spanish national, Mario Costeja González, whose house was auctioned off for unpaid taxes back in 1998. A Spanish newspaper printed legal notices about the proceedings — standard operating procedure for a local paper, in Spain or in America — and then in 2009, Costeja asked the newspaper to remove the stories from their online archives and also asked Google to stop linking to the stories, on the grounds that those 11-year-old news pieces about his debts were no longer relevant, since the debts in question had been settled.

Google and the newspaper refused, so Costeja sued them both. The court sided with the newspaper – so it is not required to remove the stories from its website. But the court also sided against Google – the stories can stay online, but Google has to stop linking to them when people search for the name “Mario Costeja González.” Specifically, Google and other search engines must honor certain takedown requests which involve “irrelevant and outdated” search results.

Data leak

As soon as the European court announced its decision, Google was inundated with takedown requests. Within two days of the court ruling, the BBC mentioned three of them: a politician running for re-election asked Google to stop linking to old news stories about his behavior while in office, a pedophile wanted Google to stop linking to news articles about his previous criminal conviction for possession of child pornography, and a doctor wanted to take down links to negative reviews written by his patients.

But that was only during the first two days of Europe's “right to be forgotten.” That right is now 14 months old and, according to the Guardian, “Less than 5% of nearly 220,000 individual requests made to Google to selectively remove links to online information concern criminals, politicians and high-profile public figures … with more than 95% of requests coming from everyday members of the public.”

Not that you'll find this statistic in the transparency report itself. The Guardian figured it out by analyzing previously archived versions of older transparency reports. The data “details the numeric breakdown of each request and associated link by country and issue type. The underlying source code has since been updated to remove these details.”

Largely private and personal information

Information about specific takedown requests doesn't seem to be available, but the Guardian said that “Of 218,320 requests to remove links between 29 May 2014 and 23 March 2015, 101,461 (46%) have been successfully delisted on individual name searches. Of these, 99,569 involve 'private or personal information'.”

Although some consumer or privacy groups want Google to honor a similar “right to be forgotten” in America – and even asked the Federal Trade Commission to require it – it's not certain whether such a law would even be constitutional. Unlike Europeans, Americans have First Amendment guarantees to free speech and a free press, which sometimes means that laws allowable in the E.U. wouldn't pass constitutional muster in the United States (and, conversely, that certain U.S. laws and practices violate privacy laws in the E.U.).

For example: in Europe, you won't find many websites like ConsumerAffairs or Yelp, for the simple reason that businesses can bring libel charges against anyone who speaks ill of them and have a reasonable certainty of winning, even if the criticism is accurate. (And now, even if websites like ConsumerAffairs did operate in Europe, it might be illegal for Google to link to our stories anyway.)

That said, European supporters of the “right to be forgotten” will likely view the accidental Google data dump as evidence favoring their cause. The Guardian quoted Dr. Paul Bernal, a lecturer in technology and media law at the University of East Anglia, as saying that the data suggests the right to be forgotten is a legitimate law (in the United Kingdom): “If most of the requests are private and personal ones, then it’s a good law for the individuals concerned. It seems there is a need for this – and people go for it for genuine reasons.”

Fairly or not, people often judge you by the company you keep. And the nonprofit group Consumer Watchdog says this can cause huge problems for people with Google+ accounts, who might not be able to control who does or does not associate with their virtual online personae.

In December, Consumer Watchdog criticized Google for allowing Google+ to become “a virtual playground for online predators and explicit sexual content” (according to this .pdf letter CW sent to Google).

To back its claims, CW also sent Google a detailed, 27-page study (which is also available in .pdf form, but be warned: due to sexually explicit content it might not be suitable to download or read on your workplace computer).

On January 9, Consumer Watchdog thanked Google for clearing out some of the more predatory Google+ accounts but brought another problem to the company's attention: pretty much any Google+ user can add people to their “Circles” whether they want to be there or now.

In social media terminology, Facebook users have “friend lists,” whereas Google+ users have people in their “Circles.” In theory they're pretty much the same thing, only on different social media platforms, so that saying “Let's be Facebook friends” or “Let me add you to my Google+ circle” are more or less synonymous.

Except they're not. There's a big distinction between becoming somebody's Facebook friend and joining their Google+ Circle, as Consumer Watchdog said:

[On Facebook] a person receiving a request from an individual to be their “friend” must approve that request first. If the person chooses not to accept, he or she is in no way associated with the individual.

On Google+ any individual can add a user to his Circles. If the user does not appreciate the posts he sends to them, they can block the individual. However, if anyone visits the person’s profile and he has opted to display publicly who is in his Circles, the user’s name and picture will still appear there. The user cannot remove himself from the sender’s Circles, no matter what, once that person has placed them in their Circle's. A user is forced to be publicly associated with someone with whom they do not wish to be associated.... This is a fundamental privacy flaw and must be fixed. People must have the right to choose with whom they are associated.

Friends and Circles

In other words: on Facebook, I can't add you to my “friends” list (or vice-versa) unless we both agree to it. But on Google+, I can add you to my “circle” whether you want me to or not — so anyone looking through the list of people in my Circle will see your name there, and naturally assume that you chose to associate with me.

Google has already been under fire for accusations that it's going too far in its attempts to expand the size of its Google+ user base (or at least increase the number of people who have Google+ accounts, whether or not they actually use them).

Just this week, we learned the story of Thomas Gagnon, who was arrested after sending a Google+ invite to an ex-girlfriend who had taken out a restraining order against him — except Gagnon's attorney says Google sent the invite automatically, without his client's knowledge or approval. (Gagnon was arrested in late December; as this story is published, Google has not yet released any records related to the invitation or who exactly sent it.)

There's an acronym you'll often see used in online forums: IRL, which stands for “In Real Life” (as opposed to the “virtual” life on the Internet). It usually appears in such contexts as, “I only talk to him online; we've never met IRL.” But as Gagnon's story shows, and Consumer Watchdog's concerns further underscore, “Internet vs. real life” is probably a false distinction — nowadays, the Internet is part of real life, and what you do on the Internet can have real-life consequences … even if you had no idea you did it, because Google's auto-bots did it for you.

In light of the old joke “You're not paranoid if everyone really is out to get you,” we offer the following joke corollary: “Therefore it's not possible to be paranoid on the Internet, where everyone really is out to get you.”

More frightening is the following non-joke observation: “It's not paranoia to think using Google might be all it takes to get in trouble with the law.”

Last month we told you about the former federal contractor suing various federal officials on the grounds that they unfairly deemed him a national-security risk due to autocomplete results on a Google search:

“In October of 2009, Kantor used the search engine Google to try to find, 'How do I build a radio-controlled airplane …. He ran this search a couple weeks before the birthday of his son with the thought of building one together as a birthday present. After typing, 'how do I build a radio controlled', Google auto-completed his search to, 'how do I build a radio controlled bomb.'"

But if Google+ user Thomas Gagnon's complaints are accurate, what happened to him was even worse. On Dec. 21, the Salem News in Massachusetts reported that Gagnon was arrested for violating a restraining order his ex-girlfriend had taken out against him — specifically, by sending her an invitation to join one of his “circles” on Google+.

But Gagnon's attorney claims that Google+ sent the invitation automatically, without Gagnon's approval.

Numbers inflated?

The story came to national attention on Jan. 8 when tech writer Austin Carr wrote about it for Fast Company; Carr also discussed various ways Google is alleged to have been inflating the number of Google+ users – or at least inflating the number of people who have a Google+ account, regardless of whether they ever do anything with it.

Since last November, for example, anyone wishing to comment on YouTube can only do so through a Google+ account. Even worse (and potentially more relevant to Gagnon's case) are claims that Google connects Gmail accounts with Google+ circles, to the point where “by default, when someone joins Google+ and that person is in your Gmail contacts, Google will automatically send you a notification, along with an invitation suggesting that you "add him [or her] to your Circles to stay connected."

Of course, it's also possible that Gagnon actually did violate the terms of his restraining order, by deliberately sending a Google+ invite to his ex, and is now blaming Google in hope of wriggling off the hook. Thus far, Google has not released any records or responded to any media requests for comment, regarding exactly how that invitation came to be sent.

By Jon Hood
ConsumerAffairs.com

September 13, 2009
The proposed Google Books settlement, once hailed by Google cofounder Sergey Brin as giving consumers unprecedented access to the tremendous wealth of knowledge that lies within the books of the world, is getting decidedly negative reviews from a number of industry players and government agencies, with concerns about monopolies and consumer privacy at the top of the list.

Google was hit with a lawsuit in 2006, accused of copyright infringement for offering over 10 million protected works to the public free of charge. The search behemoth settled the lawsuit in October of last year, agreeing to pay $125 million in what it called an historic deal that would benefit consumers. Under the agreement, Google would give publishers about two-third of revenues made from selling access to out-of-print works, keeping 37% for itself.

The settlement was hailed as the first step toward allowing consumers to search for and buy out-of-print books, and provided that U.S. libraries would have free access to Google's master database. In testimony before Congress, Google's chief legal officer David Drummond added that bookstores and online booksellers like Amazon.com would be able to sell access to Google's database on any Internet-connected device they choose.

The settlement is now facing increasing scrutiny as it awaits final court approval. A key point of contention is a section permitting Google to scan and store orphan books -- those that are no longer in print but still protected by a valid copyright -- without first securing permission from the works' copyright holders.

Marybeth Peters, head of the U.S. Copyright Office, told Congress that the settlement would give Google a license to infringe first and ask questions later, and added that the agreement makes a mockery of Article One of the Constitution, that anticipates that authors shall be granted exclusive rights.

John M. Simpson of Consumer Watchdog, a California-based non-profit, said a key problem is the unfair competitive advantage Google receives under the settlement that comes from its attempt to pull an end-run around the appropriate legislative solution to the orphan books problem. This is not an issue for a court and certainly one that cannot be settled by solving the problem for one large corporation and no one else, he said in testimony before the House Judiciary Committee last week.

He said the problem is Googles monopolistic digital library and how it would be implemented. The proposed class-action settlement is monumentally overbroad and invites the court to overstep its legal jurisdiction, to the detriment of consumers and the public, he said. The proposed settlement agreement would strip rights from millions of absent class members, worldwide, in violation of national and international copyright law, for the sole benefit of Google.

Google's competitors -- Microsoft, for example -- are also crying foul, claiming that the provision allowing Google to store orphan books would amount to a veritable monopoly on that market. Amazon executive Paul Misener told SF Gate that, while his company also scans and stores orphan books, it first secured permission from copyright holders. We went to the rights holders, and one by one, negotiated deals, Misener said.

Misener likened Amazon's interest in blocking the settlement with its interest in network neutrality. He said the settlement would give Google an advantage rather than provide a level playing field. "Under the proposed settlement, Google would become a consumer's nightmare: the only store in town," he said.

In a move aimed at quelling such criticism, the settlement agreement provides that funds for orphan books would be held in escrow for five years, or until the copyright owner claims the book. Additionally, Google has agreed to spend $34.5 million to create a registry in an effort to locate those owners.

Privacy concerns

Google is also under fire from privacy advocates, who insist that the agreement will do nothing to protect consumers. The Electronic Privacy Information Center (EPIC) sought to intervene on behalf of consumers' privacy rights, apparently unswayed by Google's newly released privacy proposal.

That proposal, pitched to the Director of the Bureau of Consumer Protection, stresses that Google would not share users' information with third parties except under very limited and narrow circumstances, which would be explicitly set forth in the final privacy proposal. According to Google, those narrow circumstances are limited to situations where Google shares information with trusted entities that process information on our behalf or to prevent physical or financial harm. Google also promised to enact protections to limit the information ... available to credit card companies about book purchases. Privacy advocates point out that these measures are informal and not legally binding, and thus afford consumers little real protection.

The amount of data that Google could amass about a readers behavior is unprecedented, Consumer Watchdog's Simpson said. It could be commingled with data from other Google services posing a new threat to user privacy and flies in the face of the U.S. tradition of privacy regarding reading habits, he argued.

"Consumer Watchdog supports digitization and digital libraries in a robust competitive market open to all organizations, both for-profit and non-profit, that offer fundamental privacy guarantees to users, Simpson concluded. But a single entity cannot be allowed to build a digital library based on a monopolistic advantage when its answer to serious questions from responsible critics boils down to: Trust us. Our motto is Dont be evil.

Its its defense, Google notes that it has taken measures to protect privacy in the past. The company blurs certain locations on Google Maps including, until January, the Vice President's residence in Washington -- and its privacy policy says that personal information required for customers to log in is not shared with third parties, although it makes an exception for trusted parties.

Trying to pin down Google privacy policies is like discussing the weather: whatever you say about it today will probably be obsolete by next week.

Just a couple weeks ago, on April 15, we discussed how Google, in response to an attempted class-action suit alleging privacy violations in California, changed its Terms of Service for Gmail users to say outright that Google will scan the contents of your emails.

As of May 1, Google's online terms of service page is still dated April 14 and still says, in part, that:

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

However, despite these terms, Google has announced intentions to stop scanning the contents of certain emails—specifically, those attached to students' Apps for Education accounts (which have been made available to schools for seven years), and also, those attached to various government or business accounts.

Privacy implications

For all the privacy implications involved in Google's scanning the contents of everyday Gmail accounts (which, according to its terms of service, it still does), the privacy violations inherent in scanning student or workplace accounts are arguably worse. Consider the opening paragraph of Google's April 30 announcement on the official Google Enterprise blog: “Protecting students with Google Apps for Education”:

Today more than 30 million students, teachers and administrators globally rely on Google Apps for Education. Earning and keeping their trust drives our business forward. We know that trust is earned through protecting their privacy and providing the best security measures.

Nitpick: actually, driving that particular business forward requires only the trust (or at least cooperation) of school administrators, and possibly the teachers. Students, by contrast, can be required to use Google at school whether they trust Google or not, which is one of the reasons why scanning their Gmail activities is more fraught with privacy violations than usual.

A similar problem involves workplace accounts, whether government agencies or the private sector: while no adult is legally mandated to hold down a particular job (in the same sense that minors are legally mandated to attend school or otherwise acquire an education), it's still disquieting to think that, for example, letting Google analyze your workplace communications should be a prerequisite for government employees. However, Google has said it will stop scanning their emails, too.

InBloom withers

Google is not the only company to recently step back from data-mining captive-audience public school students. Last week, data-harvesting company inBloom announced its intention to close up shop altogether, after its CEO Iwan Streichenberger posted a head-smackingly self-serving letter blaming his business failure on overprotective parents who don't want third-party data harvesters vacuuming up all available data about their children and themselves:

Over the last year, the incredibly talented team at inBloom has developed and launched a technical solution that addresses the complex challenges that teachers, educators and parents face when trying to best utilize the student data available to them. That solution can provide a high impact and cost-effective service to every school district across the country, enabling teachers to more easily tailor education to students' individual learning needs. It is a shame that the progress of this important innovation has been stalled because of generalized public concerns about data misuse, even though inBloom has world-class security and privacy protections that have raised the bar for school districts and the industry as a whole.

What were these world-class high-impact utilize-the-data corporate buzzspeak services inBloom offered?

Sopho's Naked Security blog, writing about inBloom's shutdown on April 24, noted:

Since inBloom's rollout in 2013, privacy and security experts and parents have been aghast at schools sucking up everything from students' tax ID numbers to intimate family details (including options to identify family members as "foster parent" or "father’s significant other") with inBloom.

So, between Google's recently announced intention to stop data-mining Apps for Education accounts, and inBloom's intended closing, American students this week theoretically enjoy more privacy protections at school than a month or so before. (Even so: you should probably tape over the webcam on any school-issued laptops your kids have, so school administrators can't spy on them at home.)

Google and a California non-profit, Consumer Watchdog, are hurling accusations and insults today over whether consumers should really expect their emails to be private.

The dispute grows out of a class action lawsuit that charged Google was violating federal and state wiretap laws by analyzing its 425 million users' emails. In a court filing, Google said that people can’t expect privacy when sending a message to a Gmail address.

In a motion to dismiss the lawsuit, Google said there is no reasonable expectation of total privacy when sending an email through the public Internet:

“Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery. Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.’"

 

Consumer Watchdog jumped on the motion and called on Google to "stop reading and analyzing the content of emails sent to its system."

In response, Google seemed to backtrack from the message in its court filing, saying: 

“We take our users’ privacy and security very seriously; recent reports claiming otherwise are simply untrue. We have built industry-leading security and privacy features into Gmail — and no matter who sends an email to a Gmail user, those protections apply.”

Which is it?

Google can't have it both ways, Consumer Watchdog said, alleging that "Google is either lying to the court or lying to the public."

“If they take privacy seriously, then they must amend their brief and stop reading and analyzing the content of email we send to their system,” said Consumer Watchdog's John M. Simpson. “If Google stands by the claim of no expectation of privacy it asserted in the court filing, they cannot claim to respect users’ privacy. These two claims are obviously incompatible.”

Google has always insisted that the "processing" to which emails are subjected is automated and intended only to match advertising to the general context of the email or to sort emails into appropriate folders or categories.

In its motion, Google said the plaintiffs in the lawsuit were trying to "criminalise ordinary business practices" that have been part of Gmail's service since it was introduced.

 The class action lawsuit, filed in San Jose U.S. District Court in May, charges that Google "unlawfully opens up, reads, and acquires the content of people's private email messages." It quotes Eric Schmidt, Google's executive chairman as saying: "Google policy is to get right up to the creepy line and not cross it."

The suit claims that "on a daily basis and for years, Google has systematically and intentionally crossed the 'creepy line' to read private email messages containing information you don't want anyone to know, and to acquire, collect, or mine valuable information from that mail."

The full text of the lawsuit was filed under seal because it details many of Google's confidential and proprietary business practices. A hearing in the case is set for Sept. 5 before Judge Lucy H. Koh.

When Google changed its privacy policy in 2012 to expand its data-mining, there was an outcry from consumers and privacy groups who were certain that an outrage was being committed. A blizzard of class action lawsuits followed.

But judges have shown little sympathy for the claims. In the latest act of judicial rejection, U.S. District Court Judge Lucy Koh held that a class action is not the right way to resolve the matter, even though she had previously refused Google's motion to dismiss the case.

"The court finds that individual issues regarding consent are likely to overwhelmingly predominate over common issues," Koh said in her 41-page ruling, Courthouse News Service reported.

At issue is Google's claim that it is within its rights to electronically scan emails to and from Gmail users for the purpose of displaying ads based on the emails' content.

Google contends that such activities are within the normal range of business activities. Privacy advocates say they're not.

Where it starts to get complicated is the point at which millions of individuals, each with slightly different situations and grievances, are lumped into one gigantic class action lawsuit.

Koh's ruling doesn't mean individuals could not, at least in theory, pursue a successful case against Google. It doesn't even mean that aggrieved consumers are wrong to claim their rights have been trampled. It just means that there are too many differing claims wrapped up in one enormous class action.

The other issue facing privacy advocates is the matter of damages, around which all lawsuits revolve. It's difficult for an individual to show that he has been damaged by Google displaying an ad for snow blowers when the individual has penned an email complaining about the weather.

There's a dangerous new phishing scam, first discovered by security experts at Symantec, that seeks to steal the passwords and other confidential information of any Google account holder.

It's quite sophisticated compared to most phishing attempts, but even so: you should be able to protect yourself provided you pay extra-close attention to details, and also remember the phishing-protection rule “Don't call us; we'll call you.”

Here's how the newest scam works: you, the would-be victim, get an email with the subject heading “Documents”; the body of the email includes a link to an “important” Google Docs document.

Hopefully, if you'd received such an email you'd already know to ignore it, since it's neither personally addressed to you nor from any sender you actually know and recognize. But suppose you decided to click on this unknown link from an unknown sender anyway — what would you have found?

Looks convincing

Here's where the sophistication of this new scam comes in. In most phishing attempts, if you clicked on such a link (and did not immediately infect your computer with all sorts of malware as a result), you'd usually be taken to a page whose address, visible in your browser bar, is obviously not that of the company the scamsters are pretending to be – as in, you get a fake email allegedly from Google, but the link leads to a page with an unfamiliar (and distinctly not Google) web address.

However, as the official Symantec security blogger warned on March 13, if you click on this new Google-based phishing link:

“[T]he link doesn't go to Google Docs, but it does go to Google, where a very convincing fake Google Docs login page is shown. The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages.”

In other words, you think you're logging in to your actual Google account, so you type your email address and password as usual, not realizing that your password is not being read by the real Google to verify your identity, but by phishing scammers to steal your identity.

Still not too late

However, even if you were caught off-guard enough to click on the unsolicited Google Docs link that some unknown sender e-mailed you, it's still not too late to detect certain details indicating a scam. Remember two sentences ago, when we said “you type your email address and password as usual”? That's the detail which sharp-eyed Google account holders should recognize as scammy: usually, when logging into legitimate Google accounts from your own computer, you don't have to type your email address at all, only your password.

As Gizmodo writer Adam Clark Estes pointed out: “if you show up at the log-in screen, you should notice that it doesn't recognize you as a Google user (if you are a Google user).”

Note to non-Google users who don't understand what Estes is talking about here: if you have a Google account, or more than one, anytime you visit a genuine Google page it will recognize you, and you'll see your name, avatar and other personal features as applicable — although you still won't be allowed access to your Gmail or any other personalized, password-protected Google things until you actually type in your password and only your password — your actual you@gmail.com email address is already there.

But with this fake Google phishing scam, you only get a generic login page requiring you to type not just your password, but your email address itself; the genuine Google login pages only require this if you're accessing your account from a public computer, or a brand-new one you've never used to sign in to Google before.

(Warning: This article might be illegal in the European Union. More specifically, it might be illegal for search engines such as Google to link to this article in the European Union. Why? This article says nothing about how to commit crimes or acts of violence, but it does make mention of a Spanish back-taxes real-estate auction from 1998 and names the individual involved.)

Who owns your personal information? When people ask that question in America, it's usually in the context of sensitive info which (in theory) is supposed to remain confidential: who owns your Social Security and bank account numbers? Employment and salary history? What about your credit-card history detailing everything about you from what you eat and wear to where and when you travel, and how much money you spend on it all … and what, if anything, can you do to protect yourself from getting hurt when some company is careless with all this data?

In short, Americans' “personal information” is usually of the sort that's not supposed to show up on an ordinary online search engine. Also, for Americans, the answer to the question “Who owns your information” seems to be “Nobody knows, but definitely not you.”

Opposite extreme

In the European Union, a high court's answer to that question appears to be at the opposite extreme: not only do you own your personal information, you may also have some control over publicly available information about you, if it's too old or perhaps even unflattering, and while you can't make such information vanish, you can (in some instances) demand that Google or other search engines refrain from linking to it. Though in E.U. terms, it's not so much “the right to control your information” as it is “a right to be forgotten.”

The Court of Justice of the European Union (the E.U. equivalent to the U.S. Supreme Court, more or less) announced on May 13 that “An internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties,” which is another way of saying “Google and other companies are responsible for removing links to certain information, upon request.” An English-language press release summarizing the case is available in .pdf form here.

The Court of Justice ruling was in regards to a case which a Spanish national named Mario Costeja González brought before the court in 2010. But the start of Costeja's complaint goes back much further, to 1998, when he owed some tax debts high enough that some real estate was auctioned off as part of attachment proceedings for repayment.

Public information

In Spain as in America, auctions for tax repayment are public information and thus count as legitimate news, so a Spanish daily newspaper called La Vanguardia published legal notices of the proceedings in January and March 1998. In 2009, those 11-year-old notices still turned up in Google searches for Costeja's name. Costeja asked La Vanguardia to take down the stories and asked Google to stop linking to them, on the grounds that old stories about his debt issues were no longer relevant, now that his debts had been resolved.

Google and the newspaper both refused Costeja's request, so in 2009 he took his complaints to the Spanish Data Protection Agency which, in July 2010, ordered Google to remove the links but did not order La Vanguardia to remove the stories.

Google challenged the order, the E. U. Court of Justice agreed to hear the appeal, and this week ruled against Google.

A footnote in the Court of Justice release notes that the ruling was based on “Directive 9 5/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.”

No First Amendment

There is, of course, no First Amendment in most European countries. This means that would be an open-and-shut case in the U.S. came become quite muddied elsewhere.

There are, for example, few sites like ConsumerAffairs or Yelp in Europe, for the simple reason that businesses can bring libel charges against anyone who speaks ill of them with a reasonable certainty of winning, even if the criticism is accurate. 

In the U.S., the press has over the years developed accepted standards for handling sensitive information that it might have a legal right to publish. For example, most publications voluntarily withhold the identity of rape victims except in the most extreme cases. The Googles of the world largely ignore such niceties.

Want to make big bucks by endorsing products in Google ads? It's easy, as long as you omit the big bucks part. Following in the footsteps of Facebook, Google plans to start selling its users' endorsements to advertisers.

This means that if you give five stars to a movie or coffee concoction on Google Plus or YouTube, your name, photo and comments may wind up in ads shown to your friends and just about everybody else on Google's network of about two million affiliated sites.

Facebook pioneered this practice, which many users find creepy or downright predatory, and found itself in hot water, not to mention a class action lawsuit. Google is proceeding with a little more caution, however. It is serving notice in advance of the Nov. 11 start date, thorugh changes to its terms of service and says it will post notices on its home page and elsewhere. Users will be able to opt out, Google promises. 

Google also says that only adults -- those over 18 -- will be featured in the endorsements. No kids allowed.

High praise

Advertisers love these endorsements. They're considered the highest form of praise -- basically your friends (or people who would be your friends if you ever met them) passing on inside tips on what's hot and what's not.

They're like the reviews on Yelp, ConsumerAffairs and other peer review sites, except -- hey -- they're all positive.

It wasn't all that long ago that Alta Vista was the hands-down favorite search engine. Then something called Google came along. Now computer scientists at Case Western Reserve University think they may have something even better than Google, although they're still lacking a catchy name.

Would you believe it's called the Conjunctive Exploratory Navigation Interface (CENI)? OK, but other than that, the researchers say their creation saves users time by more quickly identifying and retrieving the most relevant information on their computers and hand-held devices.

"Most people have an iPhone or laptop that stores a wide variety of information and, often, you can't find it when you need it, even though you know it's there," said GQ Zhang, professor of electrical engineering and computer science, division chief of Medical Informatics at Case Western Reserve and an author of the study.

"Or, you go to a website where the content has been divided under different areas, and what you're looking for fits several. If you choose one area but whoever filed the data chose another area, you may not find that information," Zhang said.

Crowdsourced testing

Anonymous testers recruited through crowdsourcing preferred the new search tool nearly two-to-one over a keyword-based lookup interface and the most commonly available lookup search interface using Google, according to the study, published in the open-access Journal of Medical Internet Research.

Side-by-side comparisons showed CENI, which combines two search modes and a more comprehensive way to organize and tag data, is more effective than looking up items by matched keywords alone.

They describe CENI as an on-screen portal where users access data by browsing through menus of topics and typing in keywords and say it provides a more focused search and retrieves the most pertinent information.

In one test, for example, a keyword search came up with 89 responses to a question: "What are the typical vision problems associated with diabetes?" CENI came up with the most applicable 13 by selecting appropriate menus.

CENI overcomes this limitation by allowing data to be tagged into as many areas as relevant, and provides an interface and system that leverages multiple tags for each single data item.

Prototype site

Zhang and Licong Cui, a PhD student in Zhang's lab, have a working prototype designed specifically for the health resource website, NetWellness. This not-for-profit site allowed the public to ask health professionals at Case Western Reserve, Ohio State University and the University of Cincinnati health-related questions. More than 60,000 questions and answers are searchable using CENI. The interface is currently not available to the public.

Health information is highly sought after. A Pew Foundation survey found that 80 percent of Internet users have searched for health information, and 60 percent used that information to help make health-care decisions.

But a study in the Journal of the American Medical Association concluded that accessing health information using simple terms on such search engines as Google and Yahoo was inefficient. Less than a quarter of the searches led to relevant information, the study found.

This kind of search, called "lookup," can overwhelm the user with a long list of document links the user must then sift through, Zhang said. "If results do not show up in the first couple of pages, they are lost because the user is not going to go through millions of links manually."

CENI combines lookup and another search method, called "exploratory navigation." The exploratory mode enables users who lack a specific target or have trouble forming descriptive lookup terms to use menus of topics to navigate and explore information.

It's said that hindsight is 20/20, but before you've had time for hindsight to come around you often muddle your way through an indistinct blur.

So it is with the latest news from Google, promising a “new encryption tool” to protect email users' privacy; when the New York Times reported the story on June 3, it kicked off with the sentence “The National Security Agency’s snooping is about to get more difficult.”

This of course is in reference to the NSA's indiscriminate monitoring of American communications in what critics say is defiance of constitutional guarantees against it, and maybe hindsight will one day view this as “One of the milestones on the road leading to Americans' regaining their ability to have private discussions without the government reading and recording every word.”

On the other hand, the whole NSA-spying bit didn't become common knowledge until whistleblower Edward Snowden told the world what his former NSA employers were up to. Among Snowden's many revelations/allegations was one saying that the NSA secretly installed “backdoors” into various encryption programs — meaning, you think your messages are encrypted and secure but the NSA can read them anyway.

In addition to Snowden's files, there are also the (alleged) email communications between Google and the NSA suggesting that Google executives have cooperated with the spy agency more enthusiastically than they've let on.

Of course, the phrase “Google executives” covers many different individuals, some of whom might be more idealistic than others. The New York Times quoted Eric Grosse, Google's chief of security, as saying “It’s important that the government not overstep … We don’t want any government breaking the security of the Internet.”

On the other hand, Grosse was allegedly one of the individuals mentioned by [first] name in those alleged emails between Google and the NSA (assuming the emails are genuine, not taken out of context, and otherwise accurate). And that same New York Times article later said this:

Until now, technology companies have been hesitant to provide end-to-end encryption because it excludes companies like Google and Yahoo from gathering data from messages that can be sold for targeted advertising. None of the major technology providers have signed on to Dark Mail Alliance, a partnership announced last year by Silent Circle and Lavabit, two privacy-conscious communications providers, that offered companies like Microsoft, Google and Yahoo a new end-to-end encrypted email protocol.

So perhaps hindsight will agree that Google genuinely is standing on principle, abandoning not only its former (alleged) close relationship with the NSA, but also a good chunk of its own ad revenue, to preserve the privacy essential for a free country. Or maybe hindsight will laugh at those who were naïve enough to believe it. It's still too early to tell.

Well, that didn't take long: earlier this week, Google introduced a new anti-phishing tool called Password Alert to its Chrome browsers. Password Alert would show you a warning if you type your Google password into a site that isn't a Google sign-in page.

So if, for example, a scammer sent you an email purportedly (but not really) from Google, claiming there's some problem with your Google account so you should click the link in this-here email to log in and type your password when asked – Password Alert would send you a warning notice advising you to reset your password since it had just been typed into a non-Google page.

But it took less than 24 hours for security researchers to discover a workaround which ArsTechnica called a “drop-dead simple exploit that nukes Google's password alert.”

White-hat hacking

Paul Moore, an information security consultant with the UK-based Urity Group, developed a simple proof-of-concept exploit, shown here,which looks convincingly similar to a genuine Google login page even though it's completely fake, with no connection to Google at all — yet if you're in Chrome and type your password into it (don't try this yourself), you won't see Google's Password Alert warning because the program will suppress it.

A proof of concept (or PoC) exploit is an example of white-hat hacking (or “good guy” hacking). PC Mag's encyclopedia defines a PoC exploit as: “An attack against a computer or network that is performed only to prove that it can be done. It generally does not cause any harm, but shows how a hacker can take advantage of a vulnerability in the software or possibly the hardware.”

To its credit, Google swiftly responded to news of Moore's PoC exploit with an update to patch it. Yesterday, a Google engineer took to Twitter to say that Password Alert has been updated to version 1.4, in order to prevent Moore's PoC exploit from working:

It's now fixed in 1.4. To update quickly, go to chrome://extensions/ , enable developer mode, click update extensions now.