I’m in Maastricht today participating in the “Forum on Quaero: A public think tank on the politics of the search engine.” In my talk, “Privacy and Quaero’s Quest for the Perfect Search Engine: Threats and Opportunities,” I call on the designers of the Quaero project to engage in value-conscious design in order to protect the value of privacy. I make eight privacy-protecting demands:
- Quaero must be designed in such a way as to prevent any substantive response to a civil or criminal subpoena of user activity
- Quaero must be designed so IP addresses and cookies cannot be associated with particular users or accounts
- Query traffic must be encrypted to prevent ‘man in the middle’ monitoring
- Quaero must provide transparency in the data it collects about users, how it is used, who uses it, and how long it is retained
- Quaero must not engage in personalized or behaviorally-targeted advertising
- Quaero must take steps to remove or obscure personally-identifiable images (faces, license plates, etc) from its searchable index
- Quaero must provide individuals the ability to remove or obscure personally-identifiable data from its searchable index
- Quaero must provide users the ability to view, edit, and delete any search history data associated with their account
A PDF of my presentation is here (7.1 MB file – sorry).
I’ll blog more about the event soon.
UPDATE: I forgot to mention that while I had hoped to be engaging with the actual designers of the Quaero engine, no one from the Quaero Project attended this forum. In fact, they had actually tried to prevent the organizers from using the name “Quaero” in the title, claiming trademark infringement. (Thanks, Joris, for the reminder)
UPDATE: UPDATE: An excellent summary of the event can be read here. Thanks, Erik!