Google's privacy afterthought
- 27 April, 2010 06:12
A few days ago, 10 privacy commissioners from Canada, the United Kingdom, France, Germany, Italy, Spain, Israel, Ireland, The Netherlands and New Zealand wrote an open letter to Google's CEO Eric Schmidt asking for more proactive privacy protections in new applications. The commissioners are not objecting to Google's overall privacy policies, but to the way Google launches new services.
They are suggesting that Google should consider the privacy implications of new launches, or when expanding or changing existing services. The letter is particularly critical of the launch of Google Buzz, where existing information contained in Gmail accounts became part of a social network with limited privacy controls.
When expanding or launching a new service, minor changes can have an outsized effect on privacy by creating unexpected or unwanted side effects. What is private in one context, becomes far too revealing within a broader context or scale. Essentially, the privacy commissioners are pointing out that privacy is not an binary issue but an issue of context and scale.
A photo of me outside my house is innocuous in the context of my photo collection. The same photo, indexed geographically in Google Street View, can have much broader privacy implications. My list of Gmail contacts in my address book is intended to help me address e-mail. Therefore, I feel free to mix and match business and personal entries at will. When it becomes the basis of a social network, I am now mixing business and personal networks, an entirely different privacy context.
Don't get me wrong: this is not a Google-specific issue. It is a broader social issue that we are only beginning to understand. Privacy is as much a function of inconvenience and scarcity -- what is acceptable at small scale and with limited context becomes wholly invasive and socially dangerous at scale. This issue of context and scale is also one that challenges our interpretation of constitutional protections such as "due process", "reasonable search" and "presumption of privacy".
A TSA cop seeing a book in my luggage could make some assumption about my political leanings. It is much more innocuous than the same agent looking at my entire reading list from the last two years on my Kindle. That in turn is dwarfed by a government agency demanding thousands or millions of book purchase records from Amazon.com. Unfortunately, the difference between these types of privacy violations is not easily addressed by data policies or legal arguments. Our technology has outpaced both our social practices and laws.
Google is making an attempt to offer more transparency, at least when it comes to legal requests for disclosure and removal of data. Their new site Google Government Requests shows requests from government agencies across the world. China's data is blank because it considers lawful requests a state secret, an odious practice in my opinion. Perhaps that will change if Google leaves the country, perhaps not. The data for other countries is interesting, even though the details are still limited. Google promises this is a first step and it will develop the site further. Perhaps this should be an industry standard?
Read more about wide area network in Network World's Wide Area Network section.