Earlier this month Louis L. Stanton, the senior judge on the United States District Court for the Southern District of New York, ordered Google to hand over YouTube user log data to Viacom to help Viacom determine damages in their ongoing billion dollar litigation with Google.
We and others cried out in protest, since the data being delivered included username, IP address and identifiers of all videos viewed on YouTube. And the entity it was being delivered to has a penchant for litigating over copyright infringement (some of their many lawsuits are mentioned in the original post). The fear is that if data is turned over to Viacom, any YouTube user who has watched a copyrighted video would be subject to a lawsuit.
Viacom’s first line of defense when the negative press hit was obfuscation. They said “Viacom has not asked for and will not be obtaining any personally identifiable information of any YouTube user. The personally identifiable information that YouTube collects from its users will be stripped from the data before it is transferred to Viacom.”
Sounds good, right? The LA Times mentioned it in their article on the issue and quoted Viacom. A number of other publications then followed, saying that Viacom wasn’t going to collect all the data they were entitled to under the order.
But not really. Everyone involved in the lawsuit (except the users, who weren’t asked) agreed that a YouTube login ID isn’t personally identifiable. The original Stanton order summarized: “Defendants do not refute that the “login ID is an anonymous pseudonym that users create for themselves when they sign up with YouTube” which without more “cannot identify specific individuals”.”
So Viacom didn’t abandon any of their data rights, but they sure went out of their way to suggest they did. And anyone who watched the 2006 AOL search debacle will know that users were absolutely identified based on nothing more than a list of the search terms they entered. Does anyone really believe that a motivated plaintiff couldn’t identify individuals based on a user selected ID (mine is “TechCrunch”), IP address and a list of all watched videos?
Now Viacom is talking again, and saying that they won’t use the information to go after individuals.
Here’s the problem – I don’t know if Viacom will live up to their promise, or not. The fact that Google is unwilling to hand over employee data tells me they’re not so sure, either. And frankly I shouldn’t have to care or have to worry about Viacom’s trustworthiness. As a user I interacted only with Google, and there are implicit and explicit promised by Google to protect my data. If Google hands my data over to Viacom, it doesn’t really matter to me if Viacom uses it or not. All I will remember is that Google gathered and stored information without my consent, and then handed it over at the first sign of trouble.
Google’s self imposed code of conduct is “Don’t be evil.” It doesn’t say “don’t be evil unless there’s important litigation at stake.” Google’s reputation is on the line, and how they respond will show their true character. They’ve shown they’ll go to bat for employees, now it’s time for them to show they’ll go to bat for their users.