Google Buzz...Here We Go Again...Yet Another Privacy Debacle

Another day, another Google privacy debacle. For every post - and there have been A LOT OF THEM - regarding Google's latest product that treats privacy as its personal whipping boy, I have to republish my usual caveat:

Anyone that has read this blog knows I have written a number of posts about Google's confrontational relationship with privacy, and the variety of ways this can be demonstrated in a host of its products. I've written about the approaching launch of Google Books just around the corner in which the ACLU, Electronic Frontier Foundation, and the Samuelson Clinic have even launched a Google Book Search privacy campaign to address.

I've written about the loss of "Locational Privacy" and how a host of Google products relate to that growing privacy protection challenge. And I've posted a lot about other examples demonstrating Google's less than stellar record on privacy in the past, from their lobbying efforts in Congress, to cloud computing, and to its increasing usage and expansion of behavioral marketing techniques.

Then, there was last week's news that Google - the world's largest and ever expanding privacy allergic technological empire - had enlisted the National Security Agency (the agency responsible for such privacy violation greatest hits as warrantless wiretapping) for technical assistance. Oh Joy!

But apparently Google wasn't through! I speak of Google's big release of their latest innovation "Google Buzz", and the subsequent outcry from privacy advocates, and the now official apology from Google.

Let's give a little back story. First, the technology itself. As described by out-law.com:

Google Buzz is the search giant's attempt to convert its Gmail service into a social network, but it has alienated many users by mining personal information in other Google-run services to boost Buzz usage.

When it was launched last week Buzz was set to automatically use information from people's Google web mail accounts and RSS-reading Reader service in a bid to kick-start the service.

It automatically signed users up to 'follow' the Buzz activity of the people they communicated with most on Gmail and connected followers to items shared by a user through the Reader service.

The company was accused not only of violating users' privacy but of burying the mechanism to change the settings in an obscure part of the service's menus. It has twice modified the service in a bid to allay users' concerns.

Google first made the option for switching off the auto-follow more prominent, then changed it altogether so that it only suggested people a user might like to follow.

Since last week's initial release of the new "service", Google has received, and now responded to, a whole lot of criticism (i.e. Google now asks Buzz users to manually approve their followers instead of automatically including them on their Buzz lists, and improved the visibility of the privacy controls).

So I guess the first question that comes to mind is how did Google - a company with a seemingly endless supply of bright minds working there - bungle this project so badly?

C-Net's Tom Krazit has the scoop:

Buzz was just tested inside Google before it launched to the general public, said Todd Jackson, Google Buzz product manager. Several layers of Google employees participated in the process, from the initial design team to wider and wider circles of employees. And a source familiar with the product development process said Google put Buzz through its usability lab, where it brings in outsiders to evaluate products in secret before they are launched.

However, either no one brought up the privacy concerns that Buzz users raised within a day of its launch, Google didn't ask the outsiders for the thoughts on Buzz privacy, or Google engineers dismissed those concerns as unfounded. For whatever reason, Google has taken a hit over the Buzz launch from a public that is already skeptical about the search giant's motivations with the enormous amount of personal data it already has accumulated.

...

...the incident exposes a real problem for Google: does its unique culture really understand the markets in which it wants to participate?

Social media has already been a minefield for Google, with stops and starts amid charges that the engineers who built Google don't understand the wider world of social networking. Fairly or unfairly, incidents such as the Google Buzz launch underscore that Google employees--among the smartest and most tech-savvy group of workers in Silicon Valley--may not be the best testing ground for products designed to reach the general public.

Google is famous--infamous, really--for keeping products in "beta" mode for an inordinate amount of time while they work out the kinks. Gmail--the host product for Google Buzz--was in beta for five years, with Google unwilling to lift the qualifier tag until last year amid a push into corporate accounts.

The company also tests products through invitation-only groups, such as it did for Google Voice and Google Wave. Then, over time, it opens those groups to wider and wider circles until the general public is welcome.

But when it came to making that decision for Google Buzz, the company decided that social networks only really start to become compelling when a user has a lot of contacts, according to a source familiar with its thinking. Therefore, it wanted to seed Buzz users with as many contacts as possible when they first logged into the system, so they could get up and Buzzing right away.

As I mentioned, apparently Google at least did get the "get your sh** together" memo this time, as the company moved quickly over the weekend to try to contain this public relations disaster by first apologizing to users for features that endangered the privacy of its customers and announcing product changes to address those concerns - such as instead of automatically connecting people, in the future Buzz will merely suggest to new users a group of people they may want to follow or be followed by.

Still, what's astonishing to me is this wasn't done BEFORE the service went live! My god...this should be basic privacy 101 stuff, shouldn't it????

Generally, the reaction by privacy advocates to these changes has been mildly positive.

AS the New York Times reports:

Some critics said the latest modifications to Buzz, which is tightly coupled with Gmail, appeared to have addressed the most serious privacy concern.

“Turning off the auto-follow was a huge improvement,” Danny Sullivan, a longtime Google analyst and the editor of SearchEngineLand, said in an e-mail message.

But Marc Rotenberg, executive director of the Electronic Privacy Information Center, said his organization still intended to file a complaint with the Federal Trade Commission this week pending its review of Google’s changes.

“Even with these changes, there is still the concern that Gmail users are being driven into a social networking service that they didn’t sign up for,” Mr. Rotenberg said in an interview on Sunday.

The privacy concerns about Buzz, and Google’s rapid efforts to address its critics, echo episodes that have bedeviled other social networks, most notably Facebook. None of those events have slowed the growth of Facebook, which recently said it had reached more than 400 million users. Gmail has 176 million users, according to the research firm comScore.

“I think the privacy issues earlier this week with Buzz will blow over and not harm the product in the long term,” Mr. Sullivan said. But privacy will continue to haunt Google, he said, and many people will point to the release of Buzz as an overreach by Google and a reason that the company could not be trusted.

...

Google also said that it would create a new Buzz tab in Gmail’s settings page to allow users to hide Buzz from Gmail completely. The page gives users the option to disable Buzz, deleting their posts and removing their Google profile, which in many cases listed publicly their circle of contacts in Buzz. The new feature could address concerns that disabling Buzz and removing a public profile was a multistep process that confused many users and that some described as a game of whack-a-mole.

Google also will no longer automatically connect public Picasa albums and items shared on Google Reader, another feature that had been widely criticized by some users and privacy advocates.

Click here to read more of the Times article.

So what should we take away from this latest Google privacy debacle? Certainly, the company seems to remain completely tone deaf on the issue of privacy, but at the same time, it did respond quicker and more thoroughly to criticisms.

In all, I think Tom Krazit of C-Net hits the nail on the head:

With all the scrutiny on Google these days, however, it appears that the time is ready for privacy to become as important a part of Google's product design philosophy as the placement of pixels. Google says it takes this responsibility very seriously, but despite including tens of thousands of Googler on pre-launch Buzz testing, the privacy mistakes still slipped through the cracks.

How can Google avoid making these mistakes in the future?

For one, the company needs to make sure it strikes a better balance between internal and external feedback. It's understandable that Google would prefer to test things with its own employees to prevent product leaks, but unless Google wants to invest in ethnographers and social scientists to balance the engineers, it will need to solicit outside feedback to make sure it understands the needs of regular people.

Also, Google does not have a chief privacy officer listed as part of its operating committee, and the word "privacy" does not appear in the job description of any of the dozens of top executives listed on Google's management page.

A company representative said that Google has chosen a strategy where "rather than having a single, isolated privacy department, here at Google we embed the importance of privacy into our products and systems from engineers through executives, guided by trained privacy professionals." However, despite that focus, the privacy controls in Google Buzz were deemed adequate by those people.

That can't happen again: Google simply can't afford to make any more mistakes regarding privacy. Otherwise, it will start to lose the trust of its users, who have been reminded for years that the competition is just a click away.

I think Google would do well to take heed to the advice of Mr. Krazit. Time will tell....