A haemorrhage of personal privacy

June 12, 2007

My Eye BallThis weekend, a report was released by Privacy International, a London-based watchdog group, which criticized Google for creating “the most onerous privacy environment on the Internet.” The report has received quite a bit of flak for being biased, poorly researched, and incendiary, and Danny Sullivan at Search Engine Land has an excellent breakdown of the report’s problems.

While Privacy International has probably overstated the case against Google in particular (or at least hasn’t done its research well enough to make a good argument), the overall message of the report is still worth noting. In fact, while the report does point to Google as the worst offender, not one of the 23 Internet companies it reviewed received a top ranking, and the companies that received the highest ranking among those reviewed (“Generally privacy-aware but in need of improvement”) still have some significant problems with the ways in which they handle user data. Privacy International suggests that this is evidence of what it calls “a haemorrhage of personal privacy” on the Internet.

Matt Cutts, a Google engineer and blogger, responded to the report by essentially stating that Google isn’t as bad as AOL, Microsoft, or Yahoo, because, while it collects scads of personal data about its users, it doesn’t share it with anyone. Well, it doesn’t share it with just anyone. So far it hasn’t shared information about user queries with the US Department of Justice (which Yahoo, Microsoft, and AOL all have). And Google has been fairly responsive to issues of user privacy, such as the concerns raised by the European Commission-backed Article 29 in its recent letter to Google.

But I think the important issue here is not that Google, however admirably, hasn’t shared personal data. It’s the fact that it keeps it in such massive quantities that we should be worried about. Cutts points out AOL’s accidental public release of information about user queries as an example of why Google isn’t as bad as the other guys, but to me this just reinforces the importance of reliable safeguards for this data. Just saying that it hasn’t happened yet is not all that reassuring.

In a June article in Harvard Business Review, Jonathan Zittrain points out that one of the dangers of Web 2.0 applications — applications such as most of Google’s services, which are completely web-based rather than requiring users to download software — is completely dependent on the companies that provide the access. He opposes this to traditional software, which is more hospitable to user control. He gives the case of TiVo v. EchoStar as an example of what can go wrong with this:

TiVo introduced the first digital video recorder in 1998, allowing consumers to record and time-shift TV shows. In 2004, TiVo sued satellite TV distributor EchoStar for infringing TiVo’s patents by building DVR functionality into some of EchoStar’s dish systems. TiVo won and was awarded $90 million in damages and interest — but that was not all. In August 2006 the court issued an order directing EchoStar to disable the DVR functionality in most of the infringing units then in operation.

Zittrain says that the shift to web-based applications is turning personal computers into appliances, which users have little control over themselves:

Indeed, what some have applauded as Web 2.0 — a new frontier of peer-to-peer networks and collective, collaborative content production — is an architecture that can be tightly controlled and maintained by a central source, which may choose to operate in a generative way but is able to curtail those capabilities at any time.

This is a good way of framing the issue of privacy. When we use applications like Google, we turn over control of a great deal of what we should probably be considering private information. And we trust that Google (or Microsoft, or Yahoo, or AOL) will use it responsibly. But on what is that trust based? Do we have any basis for believing that Google will protect user privacy if it isn’t in its business interest?

I don’t think there’s an easy answer to the Internet privacy question. I use a lot of Google applications, and I find them incredibly convenient. And I suppose Google knows what I search for, what my schedule is each day, and what news I read. As one commenter on Cutts’s blog wrote, “I use Google products quite happily, knowing that some of my personal information is accessible as a result, and that this is the price I pay for the use of the tools.” To what extent are we willing to sacrifice privacy for convenience? And are we even capable of assessing what the potential dangers to our privacy might be?

Image credit: “My Eye Ball” by VerseVend. http://flickr.com/photos/versevend/415000494/in/photostream/ Some rights reserved under Creative Commons License.
About these ads

4 Responses to “A haemorrhage of personal privacy”

  1. michelle Says:

    Thanks for posting what I was thinking–I’m wary of Google because they have a sort-of monopoly on people’s information with how easy and attractive they make submitting your personal e-mail, calendar, news interests, etc. I don’t think they’re evil, but definitely wonder what they’re up to, what their ultimate mission is. I hope they don’t become the information Mafia (“you must pay me to not tell people what I know”)….

    I’m grateful that you write about issues that have been troubling me but I have been either too lazy or too distracted to articulate. :D

  2. Ben Says:

    Meh. I live my life in a bubble anyway.

  3. Bo Says:

    Michelle, I think that Google’s ultimate mission is to make money and to protect its shareholders. That’s the ultimate mission of any for-profit company, “do no evil” notwithstanding.

    Ben, I know that your comment is tongue-in-cheek, but I think that shutting yourself off to issues like this is a response — that I often share — to feeling powerless in the face of monumental problems.

    But I think it’s the act of addressing and complaining about problems that gives you power over them. Take Google. Google cares, above all, about selling ads. And what do advertisers want, above all? As much personal data as they can get about their audience. So of course Google is going to keep as much of this data as it can. But if people complain loudly enough about Google’s practices, which it seems perhaps they have in the case of Article 29, then it won’t be worth it for Google to keep this data because it will hurt its image and make advertisers less likely to buy ad space.

    Really, though, not living in a bubble is probably the central challenge of our times. I’m not sure how to avoid it, but it’s one of the things I’m trying to puzzle through.

    Thanks for the comments, guys. Keep ‘em coming.

  4. Ben Says:

    It was tongue-in-cheek, but really I’m not so concerned with privacy, per se, as I am with the fact that Zittrain refers to: Google owns a lot of my stuff. I’ve stopped POPping my email, for instance, because I like Gmail’s web interface and it’s just easier to be able to access my email from multiple computers, but that means that the only place all those thousands of emails are kept is on Google servers. My 500+ blog posts are stored on Google servers. I’m not so concerned with the pictures I have on Picasa, because I also have those on my hard drive and backed up on Jessie’s laptop. The solution to this problem is simple enough–I just need to backup all my email and blog posts, and then Google can do whatever it wants with its servers without affecting me, but I have to admit that in this case laziness overpowers paranoia.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: