Search engine vendor Ask.com has come out swinging against several privacy advocacy groups over a complaint they filed last week with the U.S. Federal Trade Commission alleging that a new service called AskEraser isn't living up to its promise of deleting the search histories of Web users.
Helping Ask.com's cause was the Center for Democracy and Technology (CDT), a Washington-based think tank that in a highly unusual move sent a letter Wednesday to the FTC urging it to quickly review and dismiss the complaint as "unfounded." In its letter, the CDT said that Ask.com "had proactively addressed or is in the process of addressing the concerns previously raised by the petitioners that are within [its] control."
Nicholas Graham, a spokesman for Ask.com, said Thursday that the complaint submitted by the Electronic Privacy Information Center (EPIC) and five other privacy groups was both flawed and unfair to the search engine vendor, which is owned by IAC Search & Media Inc. in Oakland, Calif.
Graham said that Ask.com tried to engage EPIC and its allies in a "constructive dialogue" after receiving a letter from them last month, following the Dec. 11 announcement of the AskEraser service. "Instead, they filed a complaint with the FTC," he said. "That merits a 15-yard penalty for unsportsmanlike conduct."
"You get the impression from reading EPIC's complaint that the world would be a better place without AskEraser," Graham added. "That's just hogwash."
In the 11-page document that the privacy groups submitted to the FTC, they claimed that Ask.com was indulging in deceptive and unfair trade practices and asked the agency to order the search engine vendor to turn off the AskEraser service.
When AskEraser was launched, Ask.com described it as an option that would let users ask for their search activity data not to be retained on the company's servers. The vendor claimed that when enabled by a user, AskEraser would completely delete search queries and associated cookie information from its systems. The deleted information would include IP addresses, user IDs, session IDs and the text of all queries, it said.
According to EPIC's complaint, though, the service initially posed three major privacy issues: users who want to enable AskEraser first need to accept an opt-out cookie; the cookie itself was a persistent unique identifier; and Ask.com's policies allow it to disable the service without notice to users in the event of a court order. The second issue has already been addressed by Ask.com, EPIC has since said.
The complaint also expressed concern over the fact that Ask.com's opt-out cookie was set to automatically expire in two years, which EPIC and the other groups claimed was too short a time period. They also cited concerns about the privacy implications of Ask.com's relationships with Google Inc. and third-party advertisers.
Graham said that the complaints reflected a misunderstanding of the AskEraser service and were based on outdated information. For instance, the lifetime of the opt-out cookie has been changed to 30 years, and that change has been publicly posted on the search engine's Web site, he said. And because the concerns about the persistence of the cookie have been addressed, it now provides no way for Ask.com to uniquely identify anyone, Graham said.
Graham also defended Ask.com's decision to use an opt-out cookie approach, which EPIC claimed is counterintuitive and potentially exposes users to greater privacy risks. He said that the company decided to use such a cookie because it offered the best way now available to identify individuals who didn't want their search histories to be stored.
Similarly, Graham downplayed EPIC's concerns about Ask.com's relationships with third-party advertisers and the recent extension of a sponsored search and advertising deal with Google that could be worth US$3.5 billion to Ask.com over five years. All such relationships have clearly been disclosed by Ask.com in its privacy policies, according to Graham. And, he said, Ask.com has made no secret of the fact that enabling AskEraser will do nothing to prevent the third parties from collecting information from its site.