Google's announcement last month that it will begin "anonymizing" the information in its search logs after 18 to 24 months astonished many in both the search engine and data privacy communities. For the first time, a major search engine company directly addressed the issue of how long it will store search details, and Google's pre-eminence in the industry ensured that competitors will feel pressure to provide similar transparency into this sensitive practice.
In and of itself, the news does not raise significant issues for corporate networking professionals. But it represents a reaction from a major player to a policy movement that has been afoot for several years in the United States and will probably come to a head sometime this year--federally mandated data retention for information providers. "Information providers"? Pretty vague. But that's because the various proposals circulating around Washington vary widely as to who would be included.
At the very least, ISPs would be required to keep logs detailing which IP addresses were assigned to which accounts at particular times, letting law enforcement link an IP with a residence or place of business. For broadband service providers with network architectures that frequently change IP address assignments, this data would prove voluminous. But the incentives for complying with the rules will likely be intense, with potential criminal liability for failure to retain records.
And commercial ISPs are the lowest common denominator in the proposals floated thus far. Others include any entity that provides Internet service to its users, such as colleges and universities, and even retail businesses providing free wireless access to customers. Many of these providers probably keep logs for billing, fraud detection and other purposes. Although they may purge them after several months, cranking up the storage requirements to a year to two years--as called for by the proposals--will add only marginal costs and complexity.
But when it comes to putting data-retention requirements on search engines and other application providers, such as social networking sites and other modern modes of Internet communication--e-mail, Web forums and chat rooms--the stakes get much higher. These logging and retention requirements would mean significant application-development costs, as well as costs associated with retaining the data in a form ready to be produced in response to a federal law enforcement request. Combined with the likely lack of user enthusiasm for apps with one-to-two-year government-mandated "memories," expect to see, or even participate in, lobbying efforts against these more onerous requirements.
