Google Keeps What Ask.com ErasesGoogle Keeps What Ask.com Erases

AskEraser may remove user search query data from Ask.com's servers, but deleted data may live on, in part at least, on Google's servers. That's because Google delivers the bulk of the ads on Ask.com, based on information provided by Ask.

This week Ask.com launched its new AskEraser program to eliminate a users' IP addresses, user IDs, session ID cookies, and the complete text of search queries if users ask for it. In some cases, however, gone from an Ask.com server does not mean gone for good.

"We pass information to Google, including the IP address and the search query, in order to get search results on the site," explained Doug Leeds, senior VP at Ask.

Google uses that data to fight click fraud and to present contextually relevant ads. It may well use the information for other purposes, such as measuring the responsiveness of its systems. However, Leeds said he could not disclose the specifics of the contractual relationship between Ask and Google.

"The contractual relationship we have with Google constrains Google much more than its [privacy] policy does," said Leeds. "But I can't say what the specifics are."

Google didn't immediately respond to a request for comment.

Despite the apparent indelibility of shared data, at least during the 18-month retention period the industry has settled on, Leeds said that AskEraser addresses search privacy concerns "because it primarily erases it from our servers and our logs."

Indeed, Ask offers more privacy than any of the major search engines at the moment. A lesser known search engine, Ixquick.com, deletes user search data within 48 hours.

The persistence of Ask users' search queries and IP addresses on Google's servers isn't necessarily troubling to most people. The fact that neither Ask nor Google has had a major privacy breach suggests that both companies are storing user data responsibly. But clearly the same cannot be said for the many other companies that have acknowledged data breaches in recent years.

Privacy Rights Clearinghouse estimates that more than 216 million personal records have been exposed as a result of security breaches in the U.S since the start of 2005. Perhaps the most serious recent breach of note, made public in January, was the theft of as many as 94 million credit and debit card account numbers, not to mention hundreds of thousands of merchandise return records, which included driver's license numbers, from the computer systems of TJX Companies, through a series of cyber break-ins dating back to 2005. The U.K. government's recent loss of discs containing data on some 25 million of its citizens represents a comparable data debacle. In 2006, there were more than 315 publicized breaches affecting almost 20 million people, according to the Identity Theft Resource Center. The type of organization involved breaks down as follows: 29% government or military agencies; 28% from educational institutions; 22% from general businesses; 13% from health care organizations; and 8% from financial companies. In 2005, there were 158 publicized breaches affecting more than 64.8 million people, according to the ITRC.

The companies leaking data are not fly-by-night firms staffed by the IT challenged. They've got names like Gap, eBay, IBM, and Pfizer, not to mention assorted universities and government agencies.

Since, according to the Government Accountability Office, most information exposed thus doesn't lead to identity theft, is it worth being worried? It might be. The absence of privacy isn't always inconsequential.

In an adversarial situation, your actions, online and off, may help incriminate you. According to Gaetano Ferro, president of the American Academy of Matrimonial Lawyers, electronic data is becoming more common in divorce cases and often that data is supplied to the attorney by the client unsolicited.

"I tell my clients to go in with the assumption during your divorce that your electronic information may not be all that private," said Ferro. "And maybe I'm a little more paranoid than most, but I've seen cases where people have planted spyware. I've seen cases were people have programmed their computer to forward copies of all e-mails. I've seen cases where people have swiped the laptop and cloned the hard drive. I've seen cases where people have taken their spouse's BlackBerry. It happens fairly frequently."

Job seekers have to consider how the absence of privacy affects their employability. Search engines are frequently used by employers to screen potential applicants. It only takes a few unflattering photos to doom one's resume to the circular file.

"I think it's quite common," said John Challenger, CEO of global outplacement consultancy Challenger, Gray & Christmas. "It's not just Google. It's several different sites looking to find out who they know, like LinkedIn and ZoomInfo, as well as sometimes electronic background checks that companies use to check up on people."

The scrutiny once reserved for high-profile hires has become more accessible and more affordable, said Challenger. For example, recruiters are looking at MySpace and Facebook. "They're using that as part of the screening process," he said.

The issue affects travelers as well. Andrew Feldmar, a psychotherapist from Vancouver in Canada, was denied entry into the U.S. earlier this year for narcotics use because a border guard Googled "Andrew Feldmar" and found that Feldmar had written an article about his experience with LSD forty years earlier.

"I should warn people that the electronic footprint you leave on the Net will be used against you," Feldmar told the New York Times in May. "It cannot be erased."