Who is Paloma Gaos? She runs Liaisons Interpreters, a translation service with an address on Bush Street in San Francisco's Lower Pacific Heights. Her business has an estimated revenue of $140,000 a year and employs two people. And one more thing: Gaos is the complainant in a class-action suit against Google, alleging that Google has violated her privacy by passing along search queries embedded in referral links. If she wins, business on the Web will never be the same.
Ironically, I located her in about two minutes by searching with Google, looking at her LinkedIn profile, then checking a business directory. With one phone call (the number was on the Web), I found out a few more details, which I won't reveal. The point, of course, is that while her lawsuit targets a fairly unlikely chain of events that would identify a user, she herself has left a trail that anyone could follow.
[ Get the spin on key tech news that you'll find nowhere else at InfoWorld's Tech Watch blog. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. ]
"Someone voluntarily posting information about her business is very different than having deeply personal information passed along by Google," her co-attorney, Kassra P. Nassiri, told me.
He's right of course. But I'm beginning to think it doesn't matter. Some years ago, Sun co-founder Scott McNealy, when asked about privacy and the Web, said, "You already have zero privacy. Get over it." I really, really, hate to think it, but maybe he was right too.
The selling or sharing of users' personal data is so pervasive and so deeply intertwined with the business model of the Internet that separating them might be a solution akin to King Solomon's suggestion that the mothers cut the baby in two. (Google has declined, for now, to comment on the suit.)
Google in the cross-hairs
The suit against Google was filed earlier this week in federal court in San Jose. It claims that Google violates the privacy of users when it passes along URLs containing the text of search strings to the publisher of the website the user clicks on.
There's no argument about some of that. Google, along with Bing and other search engines, does pass that information on. It has to, because it allows Web publishers (including InfoWorld.com) to see which sites are sending them traffic and which search terms are generating most of that traffic.
Here's the nub of the argument made in the filing:
The user search queries disclosed to third parties can contain, without limitation, users' real names, street addresses, phone numbers, credit card numbers, Social Security numbers, financial account numbers, and more, all of which increases the risk of identity theft. User search queries can also contain highly-personal and sensitive issues, such as confidential medical information, racial or ethnic origins, political or religious beliefs or sexuality, which are often tied to the user's personal information.
As you may know, the information is actually passed on by the user's browser via "referrer" data that tells a website the page that someone came from. (There's a great discussion of this whole matter on the Search Engine Land website, replete with deep explanatory material.)
How damaging is that information? It depends on what the search query was about and how likely it is that the query can be linked to a specific individual. By and large, the data is anonymous -- but not necessarily.