NEW YORK -- Google is at once a powerful search engine and a growing e-mail provider. It runs a blogging service, makes software to speed Web traffic, and aims to become a digital library. And it is developing a payments service.
Though many Internet users eagerly await new technology from Google Inc., its rapid expansion is prompting concern that the company may know too much: what you read, where you surf and travel, to whom you write.
''This is a lot of personal information in a single basket," said Chris Hoofnagle, senior counsel with the Electronic Privacy Information Center. ''Google is becoming one of the largest privacy risks on the Internet."
Not that Hoofnagle is suggesting that Google has strayed from its mantra of making money ''without doing evil."
Rather, some privacy advocates worry about the potential: The data's very existence -- conveniently all under a single digital roof -- makes Google a prime target for abuse by overzealous law enforcers and criminals alike.
Through hacking or with the assistance of rogue employees, they say, criminals could steal data for blackmail or identity theft. Recent high-profile privacy breaches elsewhere underscore the vulnerability of even those systems where thoughtful security measures are taken.
Law enforcement, meanwhile, could obtain information that later becomes public, in court filings or otherwise, about people who are not even targets of a particular investigation.
Though Google's privacy protections are generally comparable to -- even better than -- those at Microsoft Corp., Yahoo Inc., Amazon.com Inc. and a host of other Internet giants, ''I don't think any of the others have the scope of personal information that Google does," Hoofnagle said.
Plus, Google's practices may influence rivals, given its dominance in search and fierce competition.
''Google is perhaps the most noteworthy right now by the simple fact that they are the 800-pound gorilla," said Lauren Weinstein, a veteran computer scientist and privacy advocate. ''What they do tends to set a pattern and precedent."
Google says it takes privacy seriously. ''In general, as a company, we look at privacy from design all the way [through] launch," said Nicole Wong, associate general counsel at Google.
That means product managers, engineers and executives -- not just lawyers -- consider the privacy implications as new technologies are developed and new services offered, Wong said.
She also said that Google regularly seeks feedback from civil liberties groups such as the Center for Democracy and Technology and the Electronic Frontier Foundation, both of which credit Google for listening even if it doesn't always agree.
Google's privacy statements specify that only some of its employees have access to personal data -- on a need-to-know basis -- and such access is logged to deter abuse.
Google chief executive Eric Schmidt says a tradeoff exists between privacy and functionality, and the company believes in making fully optional -- and seeking permission beforehand -- any services that require personally identifiable information.
''There are always options to not use that set of technology and remain anonymous," Schmidt told reporters in May.
But what is meant by personally identifiable information is subject to debate.
Google automatically keeps records of what search terms people use and when, attaching the information to a user's numeric Internet address and a unique ID number stored in a Web browser ''cookie" file that Google uploads to computers unless users reconfigure their browsers to reject them.
Like most Internet companies, Google says it doesn't consider the data personally identifiable. But Internet addresses can often be traced to a specific user.
Without elaborating, Google says it ''may share" data across such services as e-mail and search. It also provides information to outside parties serving as Google's agents -- though they must first agree to uphold Google's policies.
Much of the concern, though, stems from a fear of the unknown.
''Everybody gets worried about what they [Google] could do but what they have done to date has not seemed to violate any privacy that anyone has documented," said Danny Sullivan, editor of the online newsletter Search Engine Watch.
Eric Goldman, a cyberlaw professor at Marquette University, believes the focus ought to be on the underlying problem: access by hackers and law enforcement.
''We still need to have good technology to inhibit the hackers. We still need laws that make hacking criminal. We still need restraints on government surveillance," Goldman said. ''Google's database doesn't change any of that."
Anne Rubin, 20, a New York University junior who uses Google's search, Gmail and Blogger services, says quality overrides any privacy concerns, and she doesn't mind that profiles are built on her in order to make the ads she sees more relevant.
''I see it as a tradeoff. They give services for free," she said. ''I have a vague assumption that things I do [online] aren't entirely private. It doesn't faze me."
Google and privacy
Google's various services raise questions about the protection of personal data. The highlights:
Google is testing an optional service in which results are based partly on past searches. The service is tied to the same user name used to access e-mail through Gmail, post on Google Groups discussion boards, and maintain shopping lists at Froogle. Users may remove entries from the list of past searches, but separate logs are kept for auditing, regardless of any removal.
Google's generosity in free storage means users never have to delete anything. Company computers scan a user's messages to build profiles for targeting ads. Gmail users can delete messages, but Google says that for technical reasons the actual e-mails may not be eradicated immediately.
Google is testing software for making websites load more quickly, accessing copies of pages previously accessed by other users rather than fetching new ones every time. To work, all Web requests must go through -- and get logged by -- Google's servers.
As Google scans millions of library books into its search engine index, it is sometimes requiring usernames to limit access and protect copyrights. But Martin Garnar, chairman of an American Library Association subcommittee on privacy, warns that ''Google as a business doesn't have to abide by the same patron confidentiality rules that libraries do." To protect people's rights to read unpopular opinion anonymously, Garnar says, most library computers automatically delete personal information when a book is returned.
Users wishing to respond to Usenet discussion posts, either by adding a message to a group or contacting an item's author directly, must create accounts and route messages through Google because e-mail addresses have been hidden as a spam-prevention measure.
Google has yet to share details, but critics say it could add billing information to user profiles.