It certainly seems as if all the bad news slides right off Google. Practically everyone I know uses the search engine, with only the occasional twinge here and there over privacy issues. It’s hard to argue with an important tool that just works so well when you need to do research, whether it’s for work, a personal interest, or something else entirely.
Still, if you’re going to use something so extensively, it behooves you to know the implications. This is why some women don’t want anything to do with diamonds unless they know that they’re not “blood diamonds” fueling violence in Africa. So what is your use of Google fueling?
Well, to judge from some sources, it’s fueling some pretty amazing invasions of privacy – many of them inadvertent. Let’s take a look at one of Google’s newest services: Street View. This version of Google’s online maps takes pictures at street level which often capture recognizable people. So when, as in one CNN story, Maer Israel and a friend played hooky from work briefly in San Francisco, it was picked up by Google’s cameras – and Israel found himself talking to an HR manager a few weeks later.
He wasn’t fired, much to Israel’s mother’s surprise. But the manager said to him “Do you know that there are cameras everywhere?” While those in the UK have lived with this reality for years, many in the US bury our heads in the sand rather than realize we have some of the same issues.
When it comes to being caught on camera, we know that banks have security cameras indoors and at their ATMs; that many retail outlets also have security cameras at least around the cash register areas; that casinos have security cameras nearly everywhere; and that at least some roads and tunnels have cameras to catch speeders and other lawbreakers. These cameras have specific purposes, and we assume that the images on them will only be viewed by someone doing a specific job for purposes of security. Anything else is likely to make us more than a little uncomfortable.
Google’s Street View has caught people doing various things they would probably rather not see announced to the world, from climbing over a front gate to walking out of a strip club to other embarrassing poses, as The Register noted recently. But you’d have to be very forgetful indeed not to realize that this is just the latest in a long string of information that Google has been collecting all along.
It wasn’t so long ago, for example, that some people were up in arms over Gmail. The company uses contextual ads in the email service – which means that private email is read by an algorithm which serves ads that are triggered by keywords in the email. Many were afraid that other humans were reading their email. I use my Gmail address as a back up email address (pretty rarely, in other words) and I don’t even notice the ads.
If you have an account with Google, though, and like me you use a certain amount of personalization, Google has been keeping track of your searches. That’s not all it’s been doing. According to the British activist group Privacy International, for the search giant, “Every corporate announcement involves some new practice involving surveillance.” The organization rated Google lowest of more than 20 major web sites when it comes to the way it handles privacy issues.
What did Google do to earn this dubious honor? Well, Google Street View was specifically singled out, but it was not the only point raised. Privacy International also looked at Google’s dominance in the market, how many people use its services, and the “diversity and specificity” of its products. Then there’s the fact that Google makes it easy to share data between the products – much as Microsoft does. Microsoft, however, came away with a higher privacy ranking that Google did (though none of the sites that Privacy International ranked on this issue did particularly well).
It’s not just Privacy International that is upset with Google over potential privacy issues. Ever since the search engine purchased DoubleClick, consumer interest groups have been up in arms. Three of these groups amended the complaint they originally filed in April with the Federal Trade Commission about the deal. They want to see some strong restrictions imposed on the use and collection of personal data before the FTC gives the nod to the deal.
The groups making the complaint include the Electronic Privacy Information Center (EPIC), the Center for Digital Democracy (CDD) and the U.S. Public Interest Research Group (PIRG). The 21-page supplement, linked here in PDF form, doesn’t exactly contain surprises if you’ve been paying attention, but it is a little uncomfortable seeing all the privacy issues brought together in one place. Among other things it notes that Google “fails to follow generally accepted privacy practices such as the OECD Privacy Guidelines…Google also fails to adopted [sic] additional privacy provisions with respect to specific Google services.” One example of this notes that Google logs searches in such a way that they’re personally identifiable, but doesn’t give users a way to edit or get rid of records of their previous searches.
The complaint also states that “DoubleClick fails to follow commonly accepted privacy practices.” The three consumer interest organizations definitely don’t think this combination bodes well for the future. “The combination of Google (the world’s largest Internet search engine) with DoubleClick (the world’s largest Internet advertising technology firm) would allow the combined company to become the gatekeeper for Internet content. The combined company would hold such a huge amount of market share that other companies would need to ask for or buy from Google/DoubleClick the access rights to this vast amount of Internet data.” Do you really want a gatekeeper that large that is not fiercely protective of the privacy of its users?
The original 11-page complaint made certain “requests for relief” of the FTC that included an investigation of the proposed acquisition and ordering Google to “present a public plan for how it plans to comply with such well established government and industry privacy standards as the OECD Privacy Guidelines.” The supplement makes 16 more requests, including ordering Google to stipulate that it will never engage in behavioral tracking, to stop storing IP addresses, and “to craft, disclose, and implement a security plan that will maintain, protect, or enhance the privacy, confidentiality, or security of all personally identifiable information.”
There are times when bigger isn’t better, and this looks like one of those times.
So how has Google reacted to this tempest? By its own lights, Google isn’t evil, just misunderstood. Nichole Wong, the deputy general counsel who oversees privacy issues at Google, said of Privacy International’s release that “The allegations in the report misunderstood a number of our products. More importantly, when you look at the actual ranking, it misses the point on a lot of things we do very well.”
Additionally, Google bowed to the demands of European Union data protection officials recently by agreeing to keep users’ personal search data no longer than 18 months. Previously, Google might keep such data for as long as two years. In another concession to the European privacy regulations, Google may cut the expiration time on its cookies from 30 years to two years.
Google might also be getting proactive by choosing somewhat different battlefields. The company didn’t open a lobbying office in Washington until a couple of years ago; they now have a staff of 13 in temporary offices, six of whom are lobbyists. One of their stars is Alan Davidson, a Democrat who served as the associate director of the Center for Democracy and Technology, an advocacy group concerned with free speech and privacy issues.
By entering D.C., Google hopes to turn the politicians to its way of thinking on various issues, including privacy. But it has a long way to go; it won’t be getting a permanent office until October, and last year it only spent $1 million on lobbying, as compared to, for example, the more than $19 million spent by AT&T or the nearly $9 million spent by Microsoft.
What are we to make of all this? It looks more to me like Google is regrouping rather than retreating. There is a huge amount of money at stake when it comes to online advertising, and the kind of personal information that Google and DoubleClick collect can be used to make advertising even more targeted and personalized. One thing is certain: one way or another, the issue of privacy online is not going away.