To continue on the theme of technology and security, this week I will discuss one of the most talked about pieces of news this past week: Google’s decision to aggregate the data that has been collected about you from its various services.
What is all the fuss? In a nutshell, all the services that Google offers (google search, google docs, google news, youtube, gmail, etc) have been quietly recording your activity. This has been going on for a few years. As of March 1st, Google has aggregated the data from these various platforms into a single data set, effectively creating a profile of your behavior across all their platforms. Their intention is to better focus their ads and search results to cater to your personal tastes.
However, Google now knows more about you then you think.
Google knows all
So what exactly does google have on you? The list is long, but I will try to summarize. Google has a record of what questions & topics you’ve googled, what you’ve watched on YouTube, what news you’ve read over googlenews and the names of any books you’ve read or downloaded via googlebooks. They know the documents you have opened in googledocs and they very likely have a record of the content of these documents. They also know what you have tried to have translated with google-translate. They have a record of the places you have looked up on googlemaps. If you use google+ then they will know who your friends are, what you are into, what you re-post and the conversations you follow. If you use gmail, google knows who you’ve emailed, who has emailed you and everything you’ve ever written about over that platform, from birthday wishes to life plans, from job applications to conversations with your family.
To be clear, the company has been recording this data for each service for some time, this is not a new phenomenon. But this is the first time all this data will be pooled. We can now observe how wide google’s online reach is, and how deep this company can peer into your life.
It’s been no secret that the ads in the gmail sidebar have long been generated based on a key word search through your emails. And it was always eery when these ads happened to reflect almost exactly what you were busy typing about. But now these ads could also reference a tv show you watched last week, a city you looked up on googlemaps, a business plan you recently wrote and sent to a potential investor over google docs, or the research you did about a medical condition. The creepy just keeps on coming.
The sad and frustrating truth is that this is in some way the payment for all the free services we have been enjoying from Google over the past decade. “Nothing is free in this world”. Online, this is no exception. It used to be we “paid” for free online services with our eyes and ears, granting companies new platforms to advertise to us. However since the emergence of Facebook, with their business strategy based on the collection, analysis and sale of personal data, we have seen more and more companies using this same model. It has become a key tool for these online community-based companies with a high number of users to generate ever more income.
With this week’s decision, and the backlash, we can see the problems with this strategy. For a company who has promoted “Don’t be Evil” as its motto, this new revelation has shone a harsh light on the company’s business practice and strategy. In a small act of protest, I have decided to use a different email platform as my primary email address from now on. I recommend others follow suite. I had once been an advocate for gmail and other google services, but this has changed. They have lost a fan in me.
Google’s policy change last week also caught the eye of the regulators in Europe, privacy advocates and organizations, civil liberty groups, as well as a number of prominent IT industry figures. For more on what these stakeholders have to say about google’s policy change see this GIGAOM article.
Act first, apologize later
The main criticism I have for Google, and that of many of their contemporaries like Facebook and Twitter, is that they don’t seem to seem to hold much regard for their users. They take an “act first, apologize later” approach to their changes in policy or other activity concerning personal data. They have rarely asked permission from their users before implementing dramatic changes. And up to now, they have been able to get away with it, in part because they can afford any lawsuits that result and because, so far, these revelations have not made a significant dent in their user-base.
In 2010, Google was found to have used their their StreetView trucks to capture personal data including passwords and emails off the public WiFi connections of the homes they were driving by. A totally illegal and immoral activity. And the company did this knowingly, only to issue an apology afterwards once this action came to light.
Google says it is using the data it collects to better advertise to you. We know Google, the company, probably couldn’t care less what blogs you read or what video’s you think are funny. They are dealing with massive data sets, collected from millions of people. But what is scary is that there is a record of almost all your activity. And this record is owned not by you, but by a company in San Francisco. And the biggest problem is that you have no say as to what the company does with this data, how they protect it from leaking out or who they decide to share it with.
So what could you need to do to protect yourself from big bad Google? Here are some ideas:
I, for one, want one of those snuggies. But to continue…
Privacy is dead
We are currently living through period of unprecedented information sharing across the globe. While so much can be gained from this, so much of our private space and info seems to be disappearing. We are still not sure what the long-term impact of this will be. The CEOs of Google and Facebook have often scoffed at privacy advocates, saying “privacy is dead” and “if you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place“. (For a list of similar quotes from the ex-CEO of google Eric Schmidt, have a look here.) However, there is a reason for privacy laws. As I described in my entry about the Shy Internet Users, there is something to be said for individual privacy and protection of personal information.
Defining the rules
It is my belief that the security of social and non-social communication platforms should be as strictly enforced as snail mail was in the past. It is illegal to open and read another person’s mail. It should be illegal for companies to mine our personal info from multiple platforms (especially email) or gather additional information about us without obtaining clear and overt consent beforehand. We will need more government bodies and policy makers to step in and make it difficult for these companies to get away with misusing our personal information. As we have seen, we can’t expect businesses or the market to regulate itself on this one.