Google's Leadership on Privacy

For some time, I've been trying to better understand Google's worldview on privacy issues. The culture of companies fosters different privacy values and sensitivities, and the signals sent by those at the top shape how the organization itself conceives of and addresses privacy issues. In wrestling with this, I read every article discussing Google and privacy in the New York Times and the Wall Street Journal, resulting in a paper titled, Beyond Google and Evil, How policy makers, journalists and consumers should talk differently about Google and privacy.

In last week's New Yorker, which is doing the rounds, Ken Auletta writes (subscribers only) about the growing pains the company has. But it also includes this strange discussion of privacy. Auletta writes:

At the same time, Brin and Page can seem indifferent to users' anxieties. In 2007, at Google's annual Zeitgeist conference, a gathering of Google business partners, public intellectuals, traditional-media executives, and technologists, Brin declared that "the No. 1 privacy issue we deal with is that there is some information about someone on the Web . . . sometimes it's not true and people just publish stuff." The No. 2 privacy issue, he said, was "various things where people get their machine hijacked or somebody . . . breaks into various accounts of theirs." Concern about the information collected on cookies he dismissed as "sort of Big Brother-type fears"--in other words, paranoia. Page agreed: "Sergey is just saying there are practical privacy issues that are different from the ones debated."

If the corporate culture is shaped by how principals frame and discuss issues, how reassured should we be about Google's privacy worldview? Why do we trust this company with our documents, communications, etc, if concerns about massive data collection are conceived of as mere paranoia?

Let me put this a different way: if it were your job to design privacy into Google products and policy, how much support would you feel that you had from the top? What priorities are expressed by that statement, and how would it shape your response?

Tags

More like this

As a cs researcher, I've had contact with lots of people at Google, including a few higher ups. My experience, and as far as I can see, the experience of my colleagues is always like this... When questioned about privacy, the response from Google people is always the same: Whatever. Get over it.

The view seems to evince a basic misunderstanding about the role that organizations play in the privacy dilemma. Privacy is a systemic issue where the barriers that before protected us are being eroded by the technology and business advances driving innovation. So long as "big brother" wants our hearts, minds and money -- and so long as they control our personal information, they (Google included) are on the hook for causing this erosion. To the extent they de-emphasize their role, they are in denial about their responsibility. It is a systemic issue that needs "top-down" attention to be dealt with appropriately.

The sensitive data I store is 100% safe on line or off no matter where is it goes and who sees it.
Its strongly encrypted and NO ONE has a key.
One HAS to think of the internet as a big party with everyone telling anyone anything. There is no privacy at a big party.

Chris
I read your article in First Monday a few days ago. We trade privacy for the perceived benefits that Google bestows on us albeit naively. "Do no evil" does not mean that anyone at Google believes the meek shall inherit the earth.

Honestly, I think he's right to dismiss cookies, in particular. The fears of massive usage tracking and whatnot via cookie mostly haven't panned out. Remember: cookies are stored locally, by definition, so they're easy to block or delete, if you're that concerned about privacy, and many tools exist to allow you to do exactly that.

The real privacy risks are as follows:

1) people voluntarily putting stuff online that they shouldn't, because they honestly didn't stop to think about the possible implications (see: the underage college kids who get kicked out of the dorms because they posted Facebook pics where they're drinking alcohol)

2) information that has to be shared in order to conduct a business transaction that gets stolen because of lax security

In light of those facts, I think that Brin's response indicates an entirely appropriate security focus.

Not mentioned at all is what people are mostly concerned about when it comes to Google -- not "cookies", but stored search histories. Arguably, that falls under the category of "various things where people get their machine hijacked or somebody . . . breaks into various accounts of theirs". If people are interested in that, they should be asking about stored search histories, not about "cookies". I don't blame the guy for utterly dismissing the latter, nor do I think his response to a question about cookies indicates negligence on Google's part.

Yeah. I am pretty much waiting for posts like this one, babbling about the horrors of **cookies!!** to show up on Swallowing the Camel's site, along side "Nasa's secret space program to build colonies on Venus, Mars and the Moon, so that the rich people can survive the environmental apocalypse, while leaving the rest of us to die!" I'll give you a hint. This is a non issue for sane people, for the same reason that giving your real name and phone number is a non issue for most people when shopping at Safeway. The people that "think" its an issue... One wacko that buys nothing but Organics, and is convinced the government is out to get him, and one wacko that claims to have co-wrote a book with the supreme UFO nut, Bob Lazar. In other words, paranoids, and conspiracy theorists.

What the hell is the problem with some company trying to target ads to you, which you can bloody block, both in email, and in browsers, if you don't want to see them? And who cares if they know you like buying zip lock bags, or visit gamer sites? What, other than stupid annoyances, is going to happen? Hell, I already get idiots sending me stuff for people over 60, and I am half that age, because some moron linked my name with the fact that old people live here (my parents). It just proves that the people collecting the stuff are idiots anyway, so its not like I need to worry about them screwing up my life over it.

Now, if someone got your tracking cookies and it showed you went to child pron sites.. I have no sympathy for you anyway, especially since you where stupid enough to not delete the damn things (which is only justice in such a case), but where is the issue here, really? The people you need to worry about have far *better* ways to find out about you than asking Google if your search history indicates you like Anime, or some stupid BS.

Kahegi, the problem is a little more subtle than that.

Let's put it another way: how comfortable are you that someone, anyone, would know your search history, for example? And could trawl the information and possibly use it against you? This can happen for even relatively innocent things.

If a government agency, for example, wanted to target you based on the books you read, that would be wrong, and that is why libraries don't hand out those records. Don't pooh-pooh this; it has actually happened in the US. (The 50s were a great time for this kind of surveillance).

It doesn't even have to involve going to jail. In the McCarthy period, use of personal data (though it wasn't called that then) was a great way to get someone fired, and prevent their employment in the future. Do you want everyone to know every site you ever visited? Or just the juicy ones?

That's the kind of thing that bothers people.

How much of your medical information are you comfy with online? What if you had HIV? Would you want everyone to know you had an abortion? All these things are related to what companies such as Google do for a living.

I disagree with the messaging of Larry and Sergey's "it's just paranoia" statements, but not the ideas behind it. Yes, Google is a big scary company that has a lot of personal information about you. But you know who has access to all that personal information? No one, not even Larry or Sergey, for ethical, technical, company policy, and legal reasons.

Google's problem is it's general inability to communicate that people aren't going to be looking at your personal information unless someone steals your login or hacks your computer. If it could communicate that, I think that people might be able to relax about Google having their information.

@joe--

>But you know who has access to all that personal information? No one, not even Larry or Sergey, for ethical, technical, company policy, and legal reasons.

No one, except the government and civil litigants, that is.

Let me put this a different way: if it were your job to design privacy into Google products and policy, how much support would you feel that you had from the top? What priorities are expressed by that statement, and how would it shape your response?

The problem is you're talking about privacy as if it's one thing. It's not. Privacy, as Sergey and Brin define it is "privacy from other users". They shout out to "privacy from corporations you don't communicate information to", but that's not a big issue. To them, or to reality.

You seem to be talking about "privacy from employees of corporations you do give information to". This doesn't make much sense to me in some respects. Sure you don't want the janitor reading your personals. But if you don't want anyone at the corporation knowing anything about you, why did you tell the corporation anything about you?

In essence, you seem to be seeing a potential computing problem where there only seems to be a corporate procedures problem. Sergey and Brin are right: their #1 problem with privacy that can be solved with computers? Protecting users from other users. I'd feel well supported.

By Jimbo Jones (not verified) on 22 Oct 2009 #permalink

@Jimbo, are you telling me that privacy is more than one thing? Wow, thanks, I didn't know that. I'll consider that next time I teach privacy at Berkeley.

CybrgnX, the sensitive data you store on line may be completely safe, but that doesn't mean there's no sensitive data about you online. How well do your doctor, pharmacist, and insurance company secure your data? (The pharmacy isn't likely to tell you this, but they sell prescription statistics to drug companies.)

When Amazon.com offered me the new Larry Gonick book because I'd ordered the Cartoon Guide to Statistics, I was pleased. But the same software may identify someone as interested in subjects more controversial than statistics and history. There are a lot of people who have good reason not to want it known that they're reading about HIV or kicking a drug addiction.

Very true Vicki.
I believe the John Riecher novels approach this problem by the way the hero uses cash, doe not own anything, uses buses to get around and lives off the the normal methods. So yes there is no way to be truly protected if you do business in any way.

Quite frankly, if a new McCarthyist system arose again, and we *do* have some of those kinds of idiots right now, the very fact that such information "can be" gathered would shoot them in the foot so fast it wouldn't even be funny. The problem isn't when X group secretly collects Y information, its when we are actually dumb enough to think that allowing group X to be the only ones *able* to collect it. Most of the people that would like to use such things have less of a clue about how they work than the people they would like to track. This is a good thing. It means that the moment some crazies "attempt" it, not just the people they are after, but 500 other groups of people will be dredging up information as well, which is worse, against the people trying to collect it.

Call it, "Mutually Assured Disclosure". If anything, better protection means they have the tools to, ironically, hide *everything* from us, while we still can't be sure that we are hiding anything from them at all. You don't trust them to not misuse it? Why the hell would you trust them not to use every tool possible to hide the fact that they are tracking you anyway?

Seriously though, the people likely to pull this BS right now just had their polled membership drop to 20% of the population. I have no doubt they *will* panic, given the direction things are going, that they may try something like it, and that the result will make Nixon's sending fools to break into the DNC Headquarters look like Einstein inventing the A-Bomb, as compared to their "Daffy Duck trying to shove the genie of the bottle back in, while screaming, 'Mine, mine, mine, mine, mine!'", attempts. The only thing stupider will be the counter over-reaction against any sort of collection at all if it happens. The village idiots want to know what everyone else is doing. Ooh! Scary! lol

@Chris, #11
Overreaction much? Great if you know that privacy is a more complex issue. I don't really care what you know, though, as I can only respond to what you tell me. What you've told me is that privacy is one thing, in the original post.

And while I'm not trying to attack you at all, your appeal to your own authority is distracting at best. How many teachers have you had that were far from good? I know I've had a few, even in the best of educational institutions.

Realistically, though, your response makes little sense from my point of view. You're a lawyer, used to looking at the issue of privacy from the point of view of injured party vs. injuring party. Which is understandable, and a good thing. But you asked a computer science question of your readers. I happen to be a computer scientist and, as is usual with computer scientists, I expected that my answers may have to make the questioner aware of technical matters. Especially when the phrasing of the question betrays the questioner as thinking about a technical problem in terms other than computer science.

In short; you asked a question. I answered. You didn't like what the answer said about you. There are better ways of reacting than waving credentials around in a sarcastic huff. Which I'm sure you already know.

By Jimbo Jones (not verified) on 23 Oct 2009 #permalink

Google's record on doing the Right Thing is pretty good. The outstanding problem is and will remain the general fear that any large organisation with your data might do bad things. But there is nothing any Google employee, including the executives, can do to fix that. What could they say that would reassure you, without lying?

Last week a colleague's personalised Google search listed a member's only document as a top 3 hit for a search. He was initially bewildered and cried out, and so the rest of us gathered around and we worked through how this scenario makes sense. Google knows from his browsing behaviour that he can read this page (which is because he's a member of the working group) and it knows from public information that the page is very relevant even though it can't read the page (Google probably employs someone who can, but policy forbids them from feeding that information to the search engine). The same search, from the same PC, running the same browser, but without Google's optional software, does not show this link. Google had "invaded his privacy" only in the sense that he'd asked them to watch his browsing habits and give him better search results and they had.

Now, if we hadn't been there to ask the right questions, there's every chance that a distorted version of this event would have been twittered or blogged, in which the fact that he was running Google's software and had authorised it to watch his browsing habits didn't get a mention. Commentators might easily have further embellished the story - Google can show extracts from pages, why not include an extract from the "private" page in their search results. Soon you've got a headline about Google stealing secrets from users - and all because someone intentionally installed a piece of software to give them better search results.

I don't know if you have the technical background to appreciate this, but Google, Microsoft etc. knew immediately that the email plus password lists "leaked" recently couldn't be from inside their organisations, because they simply don't hold this information. Cryptography allows them to verify their user's passwords without ever storing them. Where there is something technological that can reasonably be done to protect their users, these companies are doing it. Education, education, education is the answer to the rest of our problem.

By tlrmx.org (not verified) on 25 Oct 2009 #permalink

I am glad to see denialism is on the paranoid (read: Cautious) side of an issue with me.

Google has a feature (Picasa), I've been shown, where you can upload your photos. You can also associate individuals in those photos with individuals in your contact list. I know a guy who did this for photos from an outing, with many photos of members of that group. Now, when he uploads new photos, facial recognition software will automatically identify individuals based on previously user-characterized photographs uploaded by that person. (Of course, google could use this internally to identify many more individuals in photos uploaded by others, but as far as I know, does not do so for external users).

I asked, and the subjects in the photographs were unaware that he was doing this.

If you teach a privacy course at Berkeley, and also think about other information google collects (search habits, writing style in email, youtube video preferences, traffic analysis, etc.)

Why does this matter? I can imagine some scenarios where it might, in the future, for good and bad. Richard Jewel and Joe the Plumber come to mind. In cases where individuals are hated for apparently legitimate reasons, such information can be legitimately and illegitimately used, not always for good.

Another issue, related to google, G.E., and the government is medical records. HIPPA privacy disclosures simply disclose how your privacy is not protected. It is newspeak. With private companies directly or through contract with government agencies maintaining databases, this is not a good trend (though those who like to study populations for medical research have some benefit). In my view, patients should be required to agree to medical data sharing, anonymized or otherwise, outside of the office they visit.

For example, Minnesota is collecting medical records and contracting with a private firm as a matter of law. See Encounter data collection. I understand this is also done by other levels of government for prescriptions (though the pharmacists have put in provisions so that the data collected cannot be used against them in investigations.)