Thursday, February 2, 2012

Is Google Evil?

That's the question posed by an article I want people to read today. See my last post for the details and a variety of expert opinions on Google's new privacy policy and the outcry it induced. For today's purposes I want to go straight to an article I found by the President of the Internet Security Advisors Group, and author, named Ira Winkler. The article is entitled "Is Google Evil? The Jury is Out."

I figure if anyone can shed some light on this subject its him.

He writes, "...there is plenty to get upset about regarding Google's new policy. Google has managed to wriggle into just about every area of our lives. It all started with Google search, of course, and that seemed innocuous. But later you could sign up for a Gmail account, and suddenly any searches you did while signed onto Gmail could have an identity assigned to them -- and Google roughly knew what was on your mind. Google Docs was another chance to gather data, and the social network Google+ really ups the ante. Every post is captured, and Google has access to information such as who is in your circles -- not only that you know those people, but what your relationship is to them, because you've defined your circles so carefully (family, friends, colleagues, fellow alumni). Google Calendar reveals where you are going to be. Google Maps gleans where you are considering going. Google Latitude knows exactly where you are right now. Picasa stores pictures, and if you carefully tag them, you have provided more information about where you have been and whom you have been with. Google Chrome keeps track of your browsing habits and history. Google Checkout and Google Wallet know what you are buying and where you are. The Android operating system can track every aspect of your cellphone usage, including the apps you have loaded. YouTube searches can reveal proclivities that you might not want other people to know about.

Until now, we could think of all of these as stand-alone services. Each had information about us, but the threat of privacy invasion seemed manageable. It's a different story when it all gets consolidated. Now, for all practical purposes, a single entity has the ability to put together your past, present and future. Who calls you on your Android phone can be combined with what you are searching. The interests you repeatedly post about can be combined with your location. Your appointments can be cross-referenced with your acquaintances' appointments.

What we know is that Google tries to monetize the information it has about the users of its services by selling advertising that is carefully targeted to their interests. Facebook and other companies do similar things. Some people have been sized up pretty well just based on their searches. Others have not. Wired recently ran a short piece on
how Google currently can be inaccurate in its current analysis of a user's searches. After consolidation, though, there will be little ambiguity.


And this is where my presumption that Google is not evil runs up against a big problem. Because I have to believe that Google always intended to combine the data from all of the businesses that it built or acquired. I have too much respect for the company to think otherwise. I saw the potential for this three years ago; isn't it likely that Google did as well? But there is currently nothing in the law stopping a company from getting people to offer up their personal data under one privacy policy, even though the company fully intends to change the policy and use the data for other purposes.

Now, you could argue that any company that did that had to induce people to use its services under false pretenses. And that sounds, well, evil.

In the wake of Google's policy change, eight members of Congress sent the company a list of questions about the new policy's effects on privacy. Google responded on Monday, basically saying that its approach to privacy has not changed . My expectation is that in the end Google will make some small concessions, and the lawmakers and various privacy advocates will play those up so we'll all think they're looking after our welfare. To my mind, that's not nearly good enough. If Google is really going to live up to its corporate mantra of "Don't be evil," then it should undo this latest move and support regulation that would stop other companies from making similar changes. Because, unlike lions on the savannah, a company's worst impulses can be constrained.

Read more here.

Again, I think we're running up against the question of just what privacy rights do we have in the digital age? What is legal for companies to do with information that we ostensibly "give up" on the net? Sure, Google promises to use all this information to make our internet experience that much more seamless, efficient and enjoyable. Of course, as I have painstakingly documented on this blog for years now, there are all kinds of examples how this is not always the case...whether its the government and law enforcement wanting increasing amounts of access to every aspect of our lives, or whether its advertisers, insurance companies, or the pharmaceutical industry looking to market to us in increasingly invasive ways.

As the author also pointed out, it wasn't long ago that Google promised IT WOULDN'T consolidate all these as Google becomes more and more ubiquitous, so to is there access to everything we do. As Winkler points out, "Should it ever cross the line, then all of that information it has could be used for truly nefarious and malicious purposes, including extortion and harassment."

Interestingly, it was Supreme Court Justice Sotomayor that brought this very topic up in the recent GPS tracking case when she said made a case for revising the “third-party” doctrine (i.e. we lose Fourth Amendment protection when we disclose certain information). She wrote, More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers.”

It becomes clearer and clearer that this core question over data control and digital privacy must be asked and answered sooner rather than later. As Winkler correctly points out, "My thought is that regulators and privacy professionals should rethink the concept of privacy protection. When companies are allowed to set their own privacy policies and retain the right to change them at will, do privacy policies mean anything at all? The Google case suggests that voluntary privacy policies, always subject to change, provide no protection."

No comments: