A Privacy Call to Action

Peter Cullen, Microsoft's Chief Privacy Strategist, here ...

Peter CullenToday, joined by industry colleague Ask.com, we are encouraging other technology leaders, consumer advocacy organizations and academics to come together in an effort to develop global privacy principles for data collection, use and protection related to search and online advertising.

Additionally, expanding on our ongoing work to protect customer privacy, Microsoft also announced a set of privacy principles to protect the privacy of Microsoft’s Windows Live users, including making search query data anonymous after 18 months by permanently removing cookie IDs, the entire IP address and other identifiers from search terms.

I wanted to take a moment to focus on two important aspects of these announcements: why we believe industry needs to establish a set of global privacy principles, and why we believe it is important to strike the right balance between privacy and security for our users when storing search queries linkable to IP addresses.

Industry dialogue will benefit consumers

The details of data collection and use practices in the search and online advertising space are difficult enough to understand even if you are a technologist or privacy professional.  So it’s probably an understatement to say that it is very difficult for most Internet users to know how, or if, their privacy is being protected.  Given these services are becoming ubiquitous across the Web, it is hard for a consumer to know which companies may be logging information relating to their interactions with Web sites.  Therefore, we believe it’s time for a comprehensive discussion between industry and the privacy community.  Some of the topics for discussion might include ways to provide the appropriate amount of user notice so consumers can make informed choices; appropriate approaches to providing user choice relating to the use of their data, appropriate ways to secure data to protect data from unauthorized access; and an agreed upon timeframe for anonymizing search records and the method of that anonymization.

We hope others in the industry will join us in developing and supporting principles that address these important issues. People should be able to search and surf online without having to navigate a complicated patchwork of privacy policies.

Security relies on enough data to detect seasonal changes

In determining the appropriate time period before anonymiszing search queries data, we carefully examined the uses of the data that are necessary to operate our Windows Live Search service, and have concluded that 18 months of data strikes the right balance and allows us to ensure that we are providing users with relevant search results, to protect the financial integrity of our business model including being able to detect and defend against click fraud, and to help protect the security and integrity of the Windows Live Search service.  For example, in order to detect and protect against security threats such as botnet attacks, click fraud, worms, and other future threats, it is necessary to create a baseline of normal traffic patterns against which to conduct the analysis.  Because search patterns vary seasonally, it is necessary to look back to the same time the prior year, and several months before and after, in order to create that baseline.  An even longer period would help to provide a more reliable baseline, but we believe that 18 months strikes an appropriate balance.
 
We look forward to engaging in a dialogue between industry and the privacy community on these matters with the goal of enabling consumers to continue to realize the benefits of technology at the same time as being confident that their privacy and security are appropriately protected.  We plan to provide an update on progress in September.