Privacy backers push FTC to end AskEraser service

January 24, 2008 (Computerworld) A group of privacy advocacy organizations has filed a complaint with the U।S. Federal Trade Commission (FTC) alleging that Ask.com's recently launched AskEraser service does not live up to its promise of deleting users' search histories.

In an 11-page brief filed with the FTC last week (download PDF), the group claimed that the search engine company is indulging in deceptive and unfair trade practices with AskEraser and should be forced to withdraw the service। The Electronic Privacy Information Center (EPIC), the Center for Digital Democracy, Consumer Action and the Fairfax County Privacy Council are among those that filed the complaint.

Officials from IAC Search & Media's Ask.com did not immediately respond to a request for comment on the compliant. Ask।com's AskEraser service was unveiled on Dec. 11 and described at the time as a way for users to ask that their search activity data not to be retained on the company's servers.

Ask।com claimed that AskEraser, when enabled by the user, would completely delete search queries and associated cookie information from Ask.com servers -- including IP addresses, user IDs, session IDs and the text of queries made. The feature is available to users of the company's U.S. and U.K. search engines and is designed to give users more control over search data, the company said. In most cases, the deletion would take place within a few hours of the time a search is completed.

The reality, however, is quite different, said Marc Rotenberg, executive director of the Washington-based EPIC. He pointed to three problems. "When it was announced, there as a lot of hoopla over it," Rotenberg said. "So we decided to take a closer look and were kind of surprised. Some of the things that AskEraser does we don't think are very privacy-friendly."
The first issue is that users who want to enable the service must accept and install an AskEraser opt-out cookie on their system। That approach is both counterintuitive and misleading, Rotenberg said. Users who are concerned about privacy typically tend to delete cookies. For such users, the privacy settings on Ask.com are meaningless because each time the cookie is deleted, the settings are lost -- and Ask.com will no longer honor the user's privacy choice. Similarly, Ask.com offered no explanation for its policy of allowing the opt-out cookies to expire after two years.

Another troubling fact is that Ask।com's AskEraser service can be turned off without notice to the user, Rotenberg said। According to Ask.com's policies on its Web site, the company can disable the AskEraser service at any time -- to comply with a court order, for instance. In such cases, the company will retain search data, even if the AskEraser service appears enabled to the user, Rotenberg said. Without user notice, such a practice would be tantamount to spying on a user's search activity.
Another issue identified by the privacy advocacy groups has since been addressed by Ask।com, Rotenberg said। That had to do with Ask.com's previous practice of putting a date and time-stamp on the opt-out cookies when a user enabled the service. The information stored in the opt-out cookie's content field had the effect of turning the cookie into a unique identifier, Rotenberg said.


Since the issue was first raised by the privacy groups, Ask.com has stopped using time-stamps on its opt-out cookies, he said, arguing that that alone would appear to be a tacit admission from the company that the previous approach was problematic. Ask.com's relationships with various third-party advertisers and with Google Inc. also limit the efficacy of the privacy protections ostensibly offered via AskEraser, Rotenberg said. Though Ask.com itself has said it will not store any search data, there are no such restrictions on third parties tracking and storing the search histories of those who use Ask.com. Under a five-year agreement with Google signed last November, user search information from Ask.com is passed on to Google, raising serious privacy questions, Rotenberg said.