A haemorrhage of personal privacy
June 12, 2007
This weekend, a report was released by Privacy International, a London-based watchdog group, which criticized Google for creating “the most onerous privacy environment on the Internet.” The report has received quite a bit of flak for being biased, poorly researched, and incendiary, and Danny Sullivan at Search Engine Land has an excellent breakdown of the report’s problems.
While Privacy International has probably overstated the case against Google in particular (or at least hasn’t done its research well enough to make a good argument), the overall message of the report is still worth noting. In fact, while the report does point to Google as the worst offender, not one of the 23 Internet companies it reviewed received a top ranking, and the companies that received the highest ranking among those reviewed (“Generally privacy-aware but in need of improvement”) still have some significant problems with the ways in which they handle user data. Privacy International suggests that this is evidence of what it calls “a haemorrhage of personal privacy” on the Internet.
Matt Cutts, a Google engineer and blogger, responded to the report by essentially stating that Google isn’t as bad as AOL, Microsoft, or Yahoo, because, while it collects scads of personal data about its users, it doesn’t share it with anyone. Well, it doesn’t share it with just anyone. So far it hasn’t shared information about user queries with the US Department of Justice (which Yahoo, Microsoft, and AOL all have). And Google has been fairly responsive to issues of user privacy, such as the concerns raised by the European Commission-backed Article 29 in its recent letter to Google.
But I think the important issue here is not that Google, however admirably, hasn’t shared personal data. It’s the fact that it keeps it in such massive quantities that we should be worried about. Cutts points out AOL’s accidental public release of information about user queries as an example of why Google isn’t as bad as the other guys, but to me this just reinforces the importance of reliable safeguards for this data. Just saying that it hasn’t happened yet is not all that reassuring.
In a June article in Harvard Business Review, Jonathan Zittrain points out that one of the dangers of Web 2.0 applications — applications such as most of Google’s services, which are completely web-based rather than requiring users to download software — is completely dependent on the companies that provide the access. He opposes this to traditional software, which is more hospitable to user control. He gives the case of TiVo v. EchoStar as an example of what can go wrong with this:
TiVo introduced the first digital video recorder in 1998, allowing consumers to record and time-shift TV shows. In 2004, TiVo sued satellite TV distributor EchoStar for infringing TiVo’s patents by building DVR functionality into some of EchoStar’s dish systems. TiVo won and was awarded $90 million in damages and interest — but that was not all. In August 2006 the court issued an order directing EchoStar to disable the DVR functionality in most of the infringing units then in operation.
Zittrain says that the shift to web-based applications is turning personal computers into appliances, which users have little control over themselves:
Indeed, what some have applauded as Web 2.0 — a new frontier of peer-to-peer networks and collective, collaborative content production — is an architecture that can be tightly controlled and maintained by a central source, which may choose to operate in a generative way but is able to curtail those capabilities at any time.
This is a good way of framing the issue of privacy. When we use applications like Google, we turn over control of a great deal of what we should probably be considering private information. And we trust that Google (or Microsoft, or Yahoo, or AOL) will use it responsibly. But on what is that trust based? Do we have any basis for believing that Google will protect user privacy if it isn’t in its business interest?
I don’t think there’s an easy answer to the Internet privacy question. I use a lot of Google applications, and I find them incredibly convenient. And I suppose Google knows what I search for, what my schedule is each day, and what news I read. As one commenter on Cutts’s blog wrote, “I use Google products quite happily, knowing that some of my personal information is accessible as a result, and that this is the price I pay for the use of the tools.” To what extent are we willing to sacrifice privacy for convenience? And are we even capable of assessing what the potential dangers to our privacy might be?