Dr Provos,You've made a reasonable argument for keeping the log data on the actual content requested from google's servers.(i.e. google.com/q=Free&Screensavers)However, what you have failed to argue for, is Google's shameful policy of keeping full ip addresses in the logs for 18 months.I've read through your blog post, and some of your past academic papers, and I can come up with no solid argument for keeping such data. Your complex regex system does not need user ip addresses in order to do its job.Personally, I think it's pretty sneaky for Google get its engineers to take on a PR role, and post about how great Google's log retention policies are. Neither you nor Dr. Whitten have yet to cover the most important issue: Why do you need my ip for 18 months?While I'm not surprised that lawyers or PR lackeys would spout this information, I am frankly quite disappointed that someone so respected in the security field would so willingly tow the company line.
I am glad that Google is keeping this log data. Unauthorized users my be able to sniff your password and log in to your account. Keeping a log file can help in legal matters of privacy.
It is very comphorting that Google is keeping the log data. what I would like to hear from Google is to provide me a facility to get a report (whenever I request) of all the accesses (including backup applications, administrator checks, my own access, authorized, if authorized by who, non-authorized accesses, and by myself) with the timestamps my own documents. Since this is my data, I would want to know who, when and under what authority accessed to my documents. I believe this is the ultimate compliance with privacy.
The comments on this blog belong only to the person who posted them. We do, however, reserve the right to remove off-topic or inappropriate comments.