The Googlization of Everything

Here is the text of a letter Google sent to Congress, via theGoogle Public Policy Blog:

August 8, 2008

The Honorable John Dingell
Chairman
House Energy and Commerce Committee
2125 Rayburn House Office Building
Washington, DC 20515

The Honorable Joe Barton
Ranking Member
House Energy and Commerce Committee
2322-A Rayburn House Office Building
Washington, DC 20515

The Honorable Edward Markey
Chairman, Subcommittee on Telecommunications and the Internet
House Energy and Commerce Committee
2125 Rayburn House Office Building
Washington, DC 20515

The Honorable Cliff Stearns
Ranking Member, Subcommittee on Telecommunications and the Internet
House Energy and Commerce Committee
2322-A Rayburn House Office Building
Washington, DC 20515

VIA HAND DELIVERY AND EMAIL

Dear Chairman Dingell, Ranking Member Barton, Chairman Markey, and Ranking Member Stearns:

Thank you for your letter of inquiry dated August 1st, in which you ask a series of important questions
about the online advertising practices of a number of companies. We appreciate your continuing
interest in protecting consumer privacy, and we welcome your efforts to learn more about the privacy
protections that Google offers its users and the practices of the internet industry generally.

As a threshold matter, given your Committee’s recent focus on deep-packet inspection in connection
with advertising, we feel it important to state clearly and for the record that Google does not deliver
advertising based on deep-packet inspection. We understand that many of the questions that you have
posed to us and a number of other companies stem from concerns about that particular model for
online advertising, but we believe that the vast majority of online advertisers – like Google – is not
engaged in these practices.

Letter to Messrs. Dingell, Barton, Markey, and Stearns
August 8, 2008
Page 2

In our quickly evolving business environment, ensuring that we earn and keep our users’ trust is an
essential constant for building the best possible products. With every Google product, we work hard to
earn and keep that trust with a long-standing commitment to protect the privacy of our users’ personal
information. The bedrock of our privacy practices are three design fundamentals: providing
transparency, choice, and security.

Another constant that we have found in our business is that innovation is a critical part of protecting
privacy. To best innovate in privacy, we take the feedback of privacy advocates, government experts,
our users, and other stakeholders. For example, we have participated actively in the Federal Trade
Commission’s efforts to develop privacy principles relating to online privacy and behavioral advertising.
Our hope is that the FTC’s privacy principles – once finalized and written to ensure that they can be
realized by industry and will provide consumers with appropriate levels of transparency, choice, and
security – will be adopted widely by the online advertising industry and will serve as a model for
industry self-regulation in jurisdictions beyond the United States.

Google also supports the adoption of a comprehensive federal privacy law that would accomplish
several goals such as building consumer trust and protections; creating a uniform framework for
privacy, which would create consistent levels of privacy from one jurisdiction to another; and putting
penalties in place to punish and dissuade bad actors.

We continue to welcome the opportunity to work together with you and other interested lawmakers on
efforts to enact a uniform federal privacy law, as well as your support of industry efforts to establish
robust self-regulatory mechanisms for protecting consumers’ privacy. In addition, we believe that there
are other aspects of individual privacy such as strengthening procedural safeguards for government
access to personal information online that very much merit the attention of those who want to bring
stronger protections to individual Americans.

We have attached the questions that you submitted to us in your letter of August 1st, which appear in
bold and italics and in each case is followed by our answer to the question. We believe that our
answers are best understood in the context of broader industry practices, as are many issues relating to
online advertising. Concerns about online advertising and its privacy implications cannot be solved by
one company alone or by focusing solely on advertising practices. Moreover, both technologies and
best practices for protecting privacy are changing rapidly, and this dynamism should be taken into
account by policy makers as you examine this space.

Should you have any follow up questions or comments, please contact Pablo Chavez, Senior Policy
Counsel for Google, at 202.346.1237 or at pablochavez@google.com.

Sincerely,

Alan Davidson
Director, Public Policy and Government Affairs
Google Inc.
attachment

ATTACHMENT

GOOGLE RESPONSES TO QUESTIONS FROM THE HOUSE ENERGY & COMMERCE COMMITTEE

Has your company at any time tailored, or facilitated the tailoring of, Internet advertising
based on consumers’ Internet search, surfing, or other use?

Like thousands of other internet companies, Google provides advertising based on consumers’
activities online. We strive to do this in a way that provides value to our users and protects their
privacy. Google offers three main advertising products, all of which are contextual in nature:
AdWords, AdSense for Search, and AdSense for Content.

AdWords is an advertiser-facing product that allows us to provide ads on Google.com in response to
search queries entered by our users, as well as to provide ads on dSense for Content and AdSense for
Search. AdSense for Search is a publisher-facing product that allows us to provide ads in response to
search queries entered by users of our partners’ search engines, including AOL and Ask.com. AdSense
for Content is a publisher-facing product that allows us to provide ads to visitors of the Google content
network – third-party partner sites for which we provide advertising. AdSense for Content ads are
provided largely based on the content of the page that is being viewed by a user. The vast majority of
the revenue that Google generates comes from these three products.

AdWords offers advertisers the ability to create text ads in an efficient and effective manner, which is
one of the many reasons why hundreds of thousands of small businesses advertise with us. We also
provide the capability to deliver display ads – ads that incorporate graphics in addition to text – and
other types of ads through AdSense for Content, and we plan to enhance our ad serving and reporting
capabilities with our recent acquisition of DoubleClick, a display ad serving technology company.

Please describe the nature and extent of any such practice and if such practice had any
limitations with respect to health, financial, or other sensitive personal data, and how such
limitations were developed and implemented.

As noted above, our core advertising business is providing contextual ads to our users. That is, we
provide relevant advertising based on what an internet user is searching for as well as relevant ads based
on a page that a user is viewing. So, for example, if a user searches for “asthma,” we will provide
search results responsive to the search query, as well as paid advertising that is relevant to the search
query, including information about asthma medication, symptoms, and treatment. In a similar way, if a
user is viewing a web page published by one of our third-party publisher partners on the Google
content network that addresses the subject of asthma, then we may provide an ad that relates to the
treatment of the condition.

In addition, in the coming months we will enable industry standard functionality – available today via
DoubleClick and many other ad serving technologies – on the Google content network. Among other
things, we will enable advertisers to limit the number of times a user sees an ad through frequency
capping. Users will have a better experience on Google content network sites because they will no
longer see the same ad over and over again. In addition, we will provide reach and frequency reporting,
which will provide insight into the number of people who have seen an ad campaign, and how many
times, on average, people are seeing these ads. More details about these enhanced capabilities are
available at googleblog.blogspot.com/2008/08/new-enhancements-on-google-content.html.

-1-

We are enabling this functionality by implementing a DoubleClick ad serving cookie across the Google
content network. Using the DoubleClick cookie means that DoubleClick advertisers and publishers
will not have to make any changes on their websites as we continue our integration efforts and offer
additional enhancements. It also means that with one click, users can opt out of a single cookie for
both DoubleClick ad serving and the Google content network. If a user has already opted out of the
DoubleClick cookie, that opt-out will also automatically apply across the Google content network.

Though it is not the focus of our business today, we also believe that behavioral advertising can be
done in ways that are responsible and protective of consumer privacy and the security of consumers’
information. To ensure the continuation and proliferation of responsible behavioral targeting practices,
we are supportive of efforts to establish strong self-regulatory principles for online advertising that
involves the collection of user data for the purpose of creating behavioral and demographic profiles.
For example, we believe that the Federal Trade Commission’s (FTC) efforts to address this type of
advertising through self-regulatory principles are appropriate and helpful. Likewise, we support the
Network Advertising Initiative’s (NAI) recently-announced draft Self-Regulatory Code of Conduct for
Online Behavioral Advertising, which includes limitation on the use of sensitive information to create
profiles of individuals for purposes of third-party advertising.

For both the FTC’s draft principles and the NAI’s draft code of conduct, we believe that the focus on
data collected across multiple web domains owned or operated by different entities to categorize likely
consumer interest segments for use in online advertising is appropriate. We also believe that a strong
and easy-to-find mechanism to permit consumers to opt out of this type of data collection is a goal that
all companies should aspire to achieve. Finally, we believe that special attention should be given to
rules around the creation of profiles based on sensitive information such as health status.

In what communities, if any, has your company engaged in such practice, how were those
communities chosen, and during what time periods was such practice used in each? If such
practice was effectively implemented nationwide, please say so.

We understand this question to be focused primarily on the implementation of deep-packet inspection
advertising practices by a small number of U.S. ISPs in partnership with a privately-held online
advertising company. Google does not deliver advertising based on deep-packet inspection. Our
advertising products do, however, make the ads of hundreds of thousands of small businesses and
other companies available to internet users throughout the U.S. and around the world.

How many consumers have been subject to such practice in each affected community, or
nationwide?

We understand this question to be focused primarily on the implementation of deep-packet inspection
advertising practices by a small number of U.S. ISPs in partnership with a privately-held online
advertising company. Google does not deliver advertising based on deep-packet inspection. We do,
however, provide relevant advertising to hundreds of millions of people around the world.

-2-

Has your company conducted a legal analysis of the applicability of consumer privacy laws to
such practice? If so, please explain what that analysis concluded.

We understand this question to be focused primarily on the implementation of deep-packet inspection
advertising practices by a small number of U.S. ISPs in partnership with a privately-held online
advertising company. Google does not deliver advertising based on deep-packet inspection.

Our privacy practices are governed by our privacy policy, which is available to the public on our home
page and at www.google.com/privacypolicy.html. The policy is enforced by the FTC under section 5
of the Federal Trade Commission Act, and by many state Attorneys General under their consumer
protection statutes. Google’s policies and practices are designed to ensure compliance with applicable
law.

How did your company notify consumers of such practice? Please provide a copy of the
notification. If your company did not specifically or directly notify affected consumers, please
explain why this was not done.

We understand this question to be focused primarily on the implementation of deep-packet inspection
advertising practices by a small number of U.S. ISPs in partnership with a privately-held online
advertising company. Google does not deliver advertising based on deep-packet inspection.

One of our bedrock privacy principles is transparency, by which we mean that we are upfront with our
users about what information we collect and how we use it so that they can make informed choices
about their personal information. So, for example, the Google Privacy Center (available at our
homepage located at www.google.com and at www.google.com/privacy.html) provides Google’s
privacy policy, which underpins our practices and offers additional information about specific products.

We have also been an industry leader in finding new ways to educate our users about privacy. For
example, we have a Google Privacy Channel on YouTube, which is located at
www.youtube.com/googleprivacy. The channel offers users privacy videos that explain our privacy
policies in simple, plain English. And we provide additional transparency to our users about our
privacy policies and practices through our official Google blog, which is located at
googleblog.blogspot.com, and through our public policy blog, which is located at
googlepublicpolicy.blogspot.com.

Please explain whether your company asked consumers to “opt in” to the use of such practice
or allowed consumers who objected to “opt out.” If your company allowed consumers who
objected to opt out, how did it notify consumers of their opportunity to opt out? If your
company did not specifically or directly notify affected consumers of the opportunity to opt
out, please explain why this was not done.

We understand this question to be focused primarily on the implementation of deep-packet inspection
advertising practices by a small number of U.S. ISPs in partnership with a privately-held online
advertising company. Google does not deliver advertising based on deep-packet inspection.

Some of our products can be used without registration; the user does not need to log in or authenticate
to access and use the product. Our search engine – Google.com – is a good example of this type of
unauthenticated use. Any user can visit the Google web site from any computer and use our search
engine without providing us with any personally identifiable information (PII). For these services,
-3-

Google retains very few types of data: standard server log information that includes the uniform
resource locator, the Internet Protocol (IP) address associated with the computer or proxy server from
which the request originated, the time and date of the request, the operating system that runs on the
computer, and the type of browser that runs on the computer. We also may collect a unique cookie ID
generated for the computer from which the request originated.

In addition, as noted above, advertising on Google.com is contextual in nature. It is not based on the
web surfing history of an individual user or upon the demographic profile of a user. Advertising on
Google.com also only involves first-party advertising. That is, there is no third-party involved in the
serving of any ad on our search engine. Finally, as noted above, we do not collect additional user
information to provide advertising on Google.com.

In sum, advertising on Google.com is contextual, requires no PII, is not provided by a third-party, and
does not collect any information in addition to the basic information collected to provide search results.
In addition, we take further steps to prevent the identification of a user by further anonymizing
unauthenticated search logs that users provide to us after 18 months. Specifically, we obfuscate both
the last octet of the IP address and the full unique cookie ID, which, in some cases, can be used in
association with other information to identify an individual. Further discussion of our anonymization
efforts can also read the March 2007 announcement of the policy on our blog located at
googleblog.blogspot.com/2007/03/taking-steps-to-further-improve-our.html.

We also provide advertising through our AdSense for Search and AdSense for Content products, and
we serve third-party ads through DoubleClick. We give users the ability to opt out of data collection
from a DoubleClick advertising cookie that we serve in connection with advertising through AdSense
for Content and DoubleClick ad serving.

More specifically, users are able to opt-out of the use of the DoubleClick ad serving cookie in several
ways. First, users can opt out by visiting the DoubleClick opt-out page located at
www.doubleclick.com/privacy. Second, Google’s ads privacy microsite has an above-the-fold opt out
button located at www.google.com/privacy_ads.html. Finally, users can opt out of the DoubleClick
cookie’s data collection through the NAI’s opt out page located at
www.networkadvertising.org/managing/opt_out.asp.

How many consumers opted out of being subject to such practice?

We understand this question to be focused primarily on the implementation of deep-packet inspection
advertising practices by a small number of U.S. ISPs in partnership with a privately-held online
advertising company. Google does not deliver advertising based on deep-packet inspection.

There are many ways that users can opt out of ads provided by Google and from providing data to
Google in connection with viewing an ad provided by Google. For example, with respect to ads
provided through DoubleClick or AdSense for Content, users can opt out of data collected by the
DoubleClick cookie by visiting the DoubleClick opt out page located at www.doubleclick.com/privacy,
Google’s ads privacy microsite at www.google.com/privacy_ads.html, or the NAI’s opt out page
located at www.networkadvertising.org/managing/opt_out.asp.


-4-

Did your company conduct a legal analysis of the adequacy of any opt-out notice and
mechanism employed to allow consumers to effectuate this choice? If so, please explain what
that analysis concluded.

We understand this question to be focused primarily on the implementation of deep-packet inspection
advertising practices by a small number of U.S. ISPs in partnership with a privately-held online
advertising company. Google does not deliver advertising based on deep-packet inspection.

Google’s policies and practices are designed to ensure compliance with applicable laws, which are
vigorously enforced at both the state and federal levels.

What is the status of consumer data collected as a result of such practice? Has it been
destroyed or is it routinely destroyed?

Google anonymizes its logs data after 18 months. This means that we anonymize IP addresses and
cookie IDs associated with searches conducted by unauthenticated users after 18 months. It also
means that we anonymize the IP address and the cookie ID collected in association with the
DoubleClick cookie after 18 months. Specifically, we obfuscate both last octet of the IP address and
the full unique cookie ID, which, in some cases, can be used in association with other information to
identify an individual. Further discussion of our anonymization efforts can also read the March 2007
announcement of the policy on our blog located at googleblog.blogspot.com/2007/03/taking-steps-to-
further-improve-our.html.

Is it possible for your company to correlate data regarding consumer Internet use across a
variety of services or applications you offer to tailor Internet advertising? Do you do so? If not,
please indicate what steps you take to make sure such correlation does not happen. If you do
engage in such correlation, please provide answers to all the preceding questions with
reference to such correlation. If your previous answers already do so, it is sufficient to simply
cross-reference those answers.

Google does not correlate data regarding use across our products to offer advertising. For example,
when we serve a contextual ad to a user of Gmail, our email service, that ad is based only on the text of
the page that a user is viewing, and it is not based on any information from any other product such as
Google Calendar or Google Search. If we were to correlate data regarding use across our products to
offer advertising, we know that we would have to do so in a way that protects the privacy and security
of our users, an endeavor to which we are deeply committed.

* * * *
-5-