This is the fourth in a series of posts about the proposed Google Book Search settlement.

We have now examined the chief promised benefit (increased public access) of the proposed Google Books settlement, as well as one of the chief potential drawbacks (impaired competition). Another down-side to the proposed settlement is its lack of adequate protections for reader privacy. And although EFF has repeatedly written about the privacy problem and outlined specific steps that could be taken to address it, as have the ACLU, CDT, EPIC, library associations, and academic authors, the revised Settlement 2.0 still does nothing new to address the serious privacy concerns raised by the Google Book Search services.

[Note: EFF represents a groups of authors and publishers who have filed an objection to the proposed settlement on privacy grounds, arguing that the lack of reader privacy protections is also a threat to the interests of authors and publishers, particularly of books on controversial or sensitive topics. This post, however, will focus on the interests of readers, rather than authors and publishers.]

The Reader Privacy Problem

The products and services envisioned by the proposed settlement will give Google not only an unprecedented abililty to track our reading habits, but to do so at an unprecedented level of granularity. Because the books will be accessed on Google's servers, Google will not only know what books readers search for and access, but will also know which pages they read, how long they stayed on each page, what book they read before, and which books they access next. This is a level of reader surveillance that no library or bookstore has ever had.

Readers who feel surveilled will be chilled in their freedom of inquiry. As Supreme Court Justice William O. Douglas observed in 1953, “Once the government can demand of a publisher the names of the purchasers of his publications . . . [f]ear of criticism goes with every person into the bookstall . . . [and] inquiry will be discouraged.” Or as Author Michael Chabon put it: "If there is no privacy of thought — which includes implicitly the right to read what one wants, without the approval, consent or knowledge of others — then there is no privacy, period."

And it's not just Google that might want records about your reading habits. A core concern EFF has with the proposed settlement is that under it Google need not insist on a warrant before turning over this sensitive reader information to governmental authorities or private third parties. This is hardly a hypothetical risk: between 2001 and 2005, libraries were contacted by law enforcement seeking information on patrons at least 200 times. And in 2006 alone, AOL received almost 1,000 requests each month for information in civil and criminal cases.

This lack of protections for reader privacy stands in sharp contrast to the privacy protections that librarians and bookstores have been fighting for in connection with physical books for decades. Nearly every state has laws protecting the privacy of library patrons. Yet when Google scans books it got from libraries, privacy protections could be left behind at the digital threshold if Google doesn't stand up for them.

Google's Privacy Policy for Book Search

Google has announced a privacy policy for Google Books. While it addresses some of the privacy concerns EFF and others had raised, it does not go nearly far enough. As we've previously explained, the privacy policy can be changed at any time, is not an enforceable obligation tied to the proposed settlement agreement, and:

  • as noted above, fails to commit to a "come back with a warrant" standard before disclosing reader information to the government;
  • fails to require Google to delete logging information about users within 30 days, or any other reasonably short period of time;
  • allows (albeit upon opt-in consent) Google to aggregate the information it learns about readers with other information it knows about readers from other sources, including its other services and its DoubleClick product that places cookie-traced advertising on millions of non-Google websites across the Internet;
  • fails to ensure that readers will always be able to use anonymity services like the Tor network, proxy servers and anonymous VPN providers to access Google Books;
  • does not offer registered users who purchase texts any equivalent of a "hiding books under their bed" to protect against parents, family members or other local users who might scrutinize their reading (we have suggested several ways that Google might implement a feature like this, and hope that Google will eventually do so);
  • does not allow purchasers to cover their reading tracks by anonymously transferring or giving purchases to accounts that do not have Google Checkout or other identifying features (we've also discussed technical methods for this with Google and believe they are seriously considering it);
  • fails to provide a robust, easy-to-read notice of and link to the Google Books privacy provisions on the Google Books pages themselves, rather than tucked away in a privacy policy;
  • fails to promise to annually publish online, in a conspicuous and easily accessible area of its website, the type and number of requests it receives for information about Google Book Search users from government entities or third parties; and
  • fails to require Google to store information about readers, who must be in the U.S. under the terms of the settlement, in the U.S. so that they will be protected by U.S. privacy laws.

For all of these reasons, in its present form and without further affirmative steps by Google either in the context of the settlement or outside it, the proposed Settlement 2.0 makes Google Books a threat to reader privacy, which in turn is a serious a down-side that must be weighed against the settlement's potential benefits.