The creepiness factor surrounding online search data was also upped by the revelation in early 2006 that the U.S. Justice Department had subpoenaed Google, Yahoo, Microsoft, and AOL to turn over a random list of Web queries conducted over the course of a week, divorced from the names of those submitting them. AOL, Microsoft, and Yahoo turned over some of the requested information, but Google resisted. Although Google set a good precedent by doing so, "Governments can and will do things that companies have to comply with," says Chris Sherman, executive editor of Search Engine Land, referring to the Chinese government pressuring Yahoo to turn over the name of a user who posted to an online forum.

"The [U.S.] government is a growing concern because over the last several, years it's been expanding its power to ask for such information, especially as the political climate has changed," Templeton says. For instance, he points out, warrants have been easier to get since the USA Patriot Act was enacted. "It's something we should worry about more than in the past," he says.

Of course, some in the government are trying for more, not less, protection for online data. Congressman Edward Markey (D-Mass.) introduced a bill in early 2006 (H.R. 4731) to require owners of Internet Web sites -- not just search engine firms --- to destroy obsolete data containing personal consumer information.

Putting aside the government, there are other ways for private data to be revealed, Templeton says, in the form of internal employees. "Everyone knows the history of most large database [breaches] comes down to a story of corrupt employees who sell access to private records," he says. "In the private investigation world, they can use bribes to get people's tax returns."

Brass tacks
All of this raises the question: Why do search firms store all this data? Google offers three reasons: It can help the company improve its services, maintain security and prevent abuse by looking for patterns indicating fraudulent activity, and comply with legal obligations to retain data. The company asserts that it can use this information to determine how often users are satisfied with the first result of a query and how often they proceed to later results. Or it can determine how many times an advertisement is clicked in order to calculate how much the advertiser should be charged.

In his blog, Sullivan is more direct. "Google is big on personalization," he writes. "Big, big, big. For Google, getting up close and personal with individuals is seen as a big leap forward on many fronts -- and 2007 is the year Google is going all out after it."

The more Google can know about you, Sullivan explains, the more it believes it can deliver you a better experience, not to mention more targeted ads. "But in particular," he says, "personalization is seen as the next generational step in delivering better search results."

But Templeton questions whether the search firms need to store as much information as they do and for as long as they do. "We regularly advise [Google] that they're keeping too much information," he says. While some people, such as Sullivan, applaud Google's move to limit the amount of time it retains search logs, saying that will make it nearly impossible to trace any query back to a particular computer, Templeton thinks total destruction of the data would be far better.