A bit of a firestorm was sparked by Google changing its privacy policies rather abruptly, while making opt-ing out of the massive amount of data sharing that will take place if their proposed folding 60 of its 70 existing
product privacy policies under one blanket policy and breaking down the
identity barriers between (to accommodate its new Google+
social network software) nearly impossible.
In other words, Google will combine data from all its services, so when users are signed in, Google may
combine identity information users provided from one service with information
from other services. The goal is to treat each user as one individual across
all Google products, such as Gmail, Google Docs, YouTube and other Web
services.
One one hand, this didn't strike me as something they weren't already probably doing...but that doesn't make it okay, either. By the least, Google's ability to create an incredibly detailed digital dossier
of every one of us, with little to no control on our part, would be enhanced beyond what it already can do.
As John Simpson, director of the the nonprofit, nonpartisan Group's
Privacy Project stated, "Google has eliminated its last pretense that it
protects consumer privacy - the walls are torn down. Instead of a privacy policy Google has finally
admitted they have a profiling policy - and every Internet user is a target to
be spied on."
Peter Eckersley,
the Electronic Frontier Foundation's
Technology Projects Director points out that the search giant's
disclosure that it will track what you do across all Google-owned services that
you partake of -- on your PC and mobile devices -- comes across more like a
confession than a bold new move.
Google of course is claiming it will simply and improve the users experience...but they also admit it will also make it impossible for users to opt out of having their
identities applied to dozens of Websites they might not have agreed to use.
Common Sense Media CEO James Steyer wrote in a statement emailed to eWEEK:
"Google's
new privacy announcement is frustrating and a little frightening. Even if the
company believes that tracking users across all platforms improves their
services, consumers should still have the option to Opt Out—especially the kids
and teens who are avid users of YouTube, Gmail and Google Search."
More than anything, this kind of "cross personalization", from video to email, would be a boon for advertisers and marketers...which is what's this really all about. Already though, lawmakers and the the Federal Trade Commission are looking into Google's search business practices - a company that has already been ordered to submit to 20 years of audits after breaching user privacy
with its Google Buzz feature.
So what exactly is different with this policy? Peter Eckersley of EFF notes, ""It has always been the case that Google kept
effectively linkable records of our uses of Gmail, Search, Maps and Market for
Android, and other services,. Only very
sophisticated users have ever been able to remove any of that linkability, and
that remains the case today. In a couple of cases, Google had some internal
practices of not linking your browsing history, and YouTube history, to other
data -- and those internal walls at the company are now gone."
We should also consider Google's sordid privacy
history, from
Google
Books to
the
loss of "Locational Privacy" to the company's
lobbying
efforts in Congress, to
its
cloud computing, to its
increasing
usage and expansion of behavioral marketing techniques, to Google
StreetView cars gathering private information from unaware local residents, to
the company teaming with the National Security Agency (the agency responsible
for such privacy violation greatest hits as warrantless wiretapping) "for
technical assistance" to the infamous Google Buzz to the company's recent admittance that it gets THOUSANDS of requests from the government for information about its users to claims that the company
manipulates its search results to favor its own products.
AS
reported by Wired Magazine:
The number of U.S. government requests for data on Google
users for use in criminal investigations rose 29 percent in the last six
months, according to data released by the search giant Monday. U.S. government
agencies sent Google 5,950 criminal investigation requests for data on Google
users and services from Jan. 1 to June 30, 2011, an average of 31 a day. That’s
compared to 4,601 requests from July 1 to Dec. 31, 2010, the company reported
Tuesday in an update
to its unique transparency tool. Google says it complied in whole or part
with 93% of such requests, which can include court orders, grand jury subpoenas
and other legal instruments...According to Google, the numbers do not include National Security Letters, a
sort-of self-issued subpoena used by the FBI in drug and terrorism cases. At
their post–Patriot Act peak, the FBI issued more than 50,000 such letters a
year, nearly all with gag orders attached to them. The use of such letters
dipped for a time after the Justice Department’s internal watchdog unveiled
widespread abuses and sloppy procedures, but are on the rise again. Also not
included are national security wiretap and data requests, known as FISA
warrants, that are approved by a secret court in D.C. to combat spies and
threats to national security.
In other words,
I view ANYTHING Google says or apparently does when it comes to
privacy with a huge grain of salt.We are living in a brave new cyber world in which nearly everything we do can be monitored, sold and stored. And, let's remember, we have yet to establish the kinds of privacy protections demanded in this new information age. And that is not by accident, last year Google spent a record $9.7 million on lobbying
Let's also remember the bigger picture, and why we need a set of ironclad privacy protections for internet users, including opt-in (and by the least opt-out), as well as Do Not Track...to name a few.
In a recent op-ed in the San Diego Union Tribune,
Beth Givens, Executive Director of the Privacy Rights Clearinghouse lays out this larger issue of privacy on the net:
Individuals are increasingly using the Internet as their
primary information source, often seeking information on sensitive matters such
as finances, health, personal relationships, divorce, sexuality, workplace
difficulties and legal conflicts. But few individuals realize the extent to
which they are being tracked by companies that create rich profiles of their
web-browsing activities. The 2010 Wall Street Journal series, “What They Know,”
reported that the nation’s top 50 websites installed an average of 64 pieces of
tracking technology onto each visitor’s computer. Tracking tools go beyond the
cookies many of us routinely delete. Some companies deploy “Flash cookies” or
other “supercookies” that are not only extremely difficult to delete but can
also be used to reinstall cookies that a user has removed.
Such data-gathering and profiling activities are largely invisible, except that
they can result in the real-time display of behaviorally targeted ads. You
might ask, “What’s the harm in receiving ads based on my web-surfing history?”
In a legislative primer presented to members of Congress by 10 organizations,
including ours, several potentially harmful effects of behavioral tracking and
targeting were identified: (1) targeting economically distressed individuals
with payday loans and subprime mortgages; (2) sending ads for bogus cures to
individuals with serious medical conditions; (3) engaging in discriminatory
pricing in which some people are offered products or services at higher prices
than others; and (4) targeting children who lack the judgment capacity of
adults. Further, profiles compiled originally for the ad industry may be sold
to non-advertising third parties such as insurance companies.
Harms aside, let’s not forget, simply, the right to privacy.
The definition of privacy that guides my organization’s work is the ability of
individuals to control the use of their personal information. Everyone has a different
comfort level regarding the collection and use of their personal information.
We believe individuals’ choices must be respected, no questions asked.
...
However, studies show that robust profiles generated from anonymous data can be
matched with other data sources, offline and online, to determine individuals’
identities. These days, the anonymity argument is largely a myth. Another myth
is that young people are not concerned about privacy. These “digital natives”
have not known a world without the Internet, so the argument goes, and they are
not worried about their personal information being revealed online. However, a
2009 academic survey found there are no significant differences between young
adults and older individuals regarding online privacy concerns. While some
believe that in a generation or two, concerns about online privacy will vanish,
we at the Privacy Rights Clearinghouse are not so quick to accept that
argument.
In closing, effective online privacy protection requires a
multipronged approach involving policymakers, industry, nonprofits and
consumers. It must not be lost to bogus arguments and unfounded myths.
Legislators Taking Action
The good news is legislators are asking Google some tough questions. Rep. Jackie Speier, a longtime privacy stalwart, has co-authored a letter (
PDF) asking the company to respond to a series of sternly worded questions
about its
plans
to simplify privacy policies into one more-or-less standard one. Currently
Google has more than 70 individual privacy policies.
The letter states, "We believe that consumers should have the ability to
opt-out of data collection when they are not comfortable with a company's terms of service and that ability to exercise that choice should be simple and straightforward."
Other members signed on include Cliff Stearns (R), Henry
Waxman (D)--plus
veteran
Google antagonists Joe Barton (R) and Ed Markey (D). Google has until February 16th to respond.
Interestingly, there happens to be a major privacy conference taking place in Europe right now. Here's how the Europeans are addressing some of these same concerns (it goes without saying they're taking a much more PRO privacy stance):
The European Commission proposed these key changes in the
data protection law that went into effect in 1995 when only 1 percent of
Europeans were on the Internet:
---A ‘right to be forgotten’ will help people better manage
data protection risks online: people will be able to delete their data if there
are no legitimate grounds for retaining it.
---Companies and organisations must notify the national
supervisory authority of serious data breaches as soon as possible (if feasible
within 24 hours).
---Wherever consent is required for data to be processed, it
is clarified that it has to be given explicitly, rather than assumed.
--- People will have easier access to their own data and be
able to transfer personal data from one service provider to another more easily
(right to data portability). This will improve competition among services.
--- EU rules must apply if personal data is handled abroad
by companies that are active in the EU market and offer their services to EU
citizens.
Conclusions
The ramifications of Google's new policy aside - and I'm not saying I know exactly what they are yet - the
fact is, there's been a virtual
explosion in data collection, data analysis and use of behavioral marketing on
the internet without the requisite privacy protections to go along with
it. Billions of dollars at stake, and your private information is the
currency.
As I have written on this blog in the past: We know for instance, and they have been sued for it, companies like Google,
Yahoo, Microsoft and other Internet companies track and profile users and then
auction off ads targeted at individual consumers in the fractions of a second
before a Web page loads.
That in itself, may not be all that threatening to most. But it raises some
interesting questions: What kind of control should we have over our own data?
And, what kind of tools should be available for us to protect it? What about
ownership of our data? Should we be compensated for the billions of dollars
being made by corporations from their tracking of us? And of course, what of
the government's access to this new
world of data storage?
The argument from privacy advocates has largely been that this massive and
stealth data collection apparatus threatens user privacy and regulators should
compel (not hope that) companies to obtain express consent from consumers
before serving up "behavioral" ads based on their online history.
As I have also written before, its not by accident that we are told by the same
interests that profit off our information that privacy is dead, and people don't care about it anymore, or that it will "kill
business". Well, that's easy to
say when you are the ones developing the complicated and difficult to find
privacy settings consumers have to deal with - and profiting off our personal
information without our consent.
More to the point is the simple, unavoidable fact that
consumers should have MORE control, not less, over what information of ours is
used, shared, and profited off. This basic principle is at the heart of the
ACLU's DotRights campaign.
There remains an interesting dichotomy in all this: While
people seem to "care" about privacy on one level, they tend to do
very little to actually protect it. Which in my mind, makes easy to use, clear
options to protect privacy so paramount. Once people are given such a choice,
not only will more people choose to "not be tracked", I think more people
will become more AWARE of just how all pervasive such monitoring of nearly
everything we do has become."
