Could I get a little feedback on this? Thanks.
Siva
==================================
The nature of the transaction is simple: I give Google access to my electronic trail. Google gives me dozens of powerful services. No cash changes hands. I am generally pleased. And I have little room to complain if Google services are less-than-perfect.
But in the never-ending quest to improve the "user experience," Google uses the data it collects from me and everyone else who shares my location and interests to fine-tune the results of my searches. That's great for me when I am shopping. But, as we will see later, it's troublesome when I want to learn about the world.
Google needs to keep me just happy enough that I don't stray to competing services. Basically, we are like cattle to Google. Ranchers care about the health and welfare of their cattle. But ranchers need not provide a perfect or lovely setting for cattle. Eventually cattle are sold down the line. I don't want to overstate this point, however. It's not our bodies or souls that get sold down the line. It's the record of our choices, expressions, concerns, and desires. This record is a valuable collection of data. Yet it's only valuable in the aggregate. No one much cares about the details of my searches per se. But as part of an elaborate flow of data that allows powerful computers to profile me via patterns of associations and likenesses to others who share my concerns and interests, I am one small element in a large collection of valuable content producers.
The next step of the transaction is how Google makes its money. It harvests our profiles to target advertisements keyed to the words we search. Precision is the goal here. Google wants advertisers to trust that the people who see their paid placements are likely to be the people who desire their products or services. They have no interest in broadcasting. That's a waste of money. The more Google knows about us, the more effective its advertising services can be. Understanding the nature of this transaction is the first step to understanding the Googlization of us.
But how much does Google know about us? How much does it keep and how much does it discard? How long does it keep that information? And why?
Google's "privacy policy" is not much help in this regard. In fact, it's pretty much the antithesis of a "privacy policy." It's a "lack-of-privacy policy." For instance, the policy outlines what it will collect from users -- a reasonable yet significant amount: IP numbers (numbers assigned to a computer when it logs into an Internet service provider that indicate the provider and the user's general location), search queries (the record of everything we care about, wonder about, or fantasize about), and information about Web browsers and preference settings (fairly trivial but necessary to make Google work well). And Google promises not to distribute this data with two major exceptions: "We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf," and "We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law."
It's important to remember that Google's privacy policy is a pledge from the company to us. It is binding in so far as if the company violated its policy, a user could sue Google in the United States for deceptive trade practices. However, Google can and does change its policy often, without warning. So today's policy - for all its strengths and weaknesses - might not be the policy tomorrow or next year. You might have engaged with Google and donated your data trail to it with an understanding of the transaction as expressed in an early version of the policy only to discover that Google changed the policy while you were not looking. The policy does pledge that "We will not reduce your rights under this Privacy Policy without your explicit consent, and we expect most such changes will be minor." But that is cold comfort, as the policy itself gives Google substantial power over the data.
If you read the privacy policy carefully, it's clear that the policy retains for Google substantial autonomy to make decisions about our data without regard for our interests. Google will not share information with companies outside the company without user consent. But the provision declaring that Google will share information with law enforcement or governmental agencies as it sees fit is much more troubling.
If another company acquires Google, the policy states, the company will inform users of the transfer of the data. But there is no promise that users will have a chance to purge their data from Google's system in time to avoid a less scrupulous company's acquisition. Once more we are reminded that while Google's commitments to fairness and transparency are sincere and important, they are only as good as the current form and condition of the company. If Google's revenues slip or its board of directors changes significantly, all the trust we place in the company today might be for naught.
To complicate matters more, each Google service has its own "privacy policy" page. The index page for these policies contains a series of videos that outline the terms of data collection and retention. One of the videos echoes the statement that Google only retains personally identifiable information for 18 months after acquiring it. After 18 months, information such as the IP number is "anonymized" so that it's difficult to trace a search query to a particular user. However, that pledge is not made in the policy itself.
Although Google's public pronouncements about privacy and its general privacy statement fail to explain this point, Google actually has two classes of users. So it has two distinct levels of data accumulation and processing. The larger, general Google user population simply uses the classic blank page with the search box in the center. Such general users leave limited data trails for Google to read and build services around. The second class might be called the group of "power users." These folks sign in to Google services such as GMail, Blogger, or iGoogle. Google has much richer and more detailed dossiers on these users. Google rightly claims that it serves these "power users" better than it serves the general users. Registered users get more subtle, personalized search results and a host of valuable services in exchange for extremely valuable data and content.
Google does empower users to control the information flow, but not subtly or granularly. Google's settings page offers a series of "on-off switches" that can prevent Google from placing "cookies" in a browser or from retaining a list of Web sites a user has visited information. For power users, Google lets them delete specific items from the list of Web site visits. The problem is, of course, that the default settings for all Google interfaces grant Google maximum access to information. One must already be concerned about the amount and nature of Google's data collection to even seek out the page that offers all these choices.
Google has come under significant scrutiny for its data-retention policies in the United States and in Europe. In the United States, privacy regulations are fairly weak. But in Europe, Google has faced a much stiffer set of regulations.
Understandably, Google officials have practiced their responses to questions about data retention and privacy. For instance, Google vice-president Marissa Mayer explained to U.S. television host Charlie Rose in early 2009, "In all cases it's a trade off, right, where you will give up some of your privacy in order to gain some functionality," Mayer said. "And so we really need to make those trade-offs really clear to people, what information are we using and what's the benefit to them, and then ultimately leave it to user choice."
Defaults and the Nature of Freedom
Mayer, who is very disciplined in her answers to questions about privacy, always answers privacy challenges with statements very close to this. But Mayer, and thus Google in general, both misunderstands privacy and does not acknowledge the power of defaults.
In their 2007 book, Nudge: Improving Decisions about Health, Wealth, and Happiness, economist Richard Thaler and law professor Cass Sunstein describe a concept they call "choice architecture." Plainly put, the structure and order of the choices offered to us can have profound influence over the choices we make. So, for instance, the particular order of foods available in a school cafeteria can influence children to eat better. The positions restrooms and break rooms can have an effect on the creativity and communality of office staff. And, in the most well known example of how "defaults" can influence what is otherwise a "free" choice, studies have demonstrated that when employer-based retirement plans in the United States required employees to "opt in" to them, more than 40 percent either failed to enroll or contributed too little to get matching contributions from their employers. Yet when the default was set to automatically enroll employees, and they were given the option of cancelling the contributions, enrollment reached 98 percent within six months. The default setting of automatic enrollment, Thaler and Sunstein explain, helped employees overcome the "inertia" caused by business, distraction, and forgetfulness. That simple choice architecture could have such an important effect on so many human behaviors without overt coercion or even elaborate incentives convinced Thaler and Sunstein that such an approach - they call it "libertarian paternalism" - can accomplish many important public policy goals without significant cost to either the state or private firms. If a system is designed one way, people will tend to make one choice more than another, despite the fact that they have the freedom to make either choice. "There is no such thing as a 'neutral' design," Thaler and Sunstein write.
So what does Google do with "nudges?" It's clear that Google understands the power of defaults. It's in the company's interest to set all user defaults to vacuum the most usable data in the most contexts. By default, Google places a cookie in your Web browser to help the service remember who you are and what you have searched. By default, Google tracks your searches and clicks. By default, Google retains that data for a limited period of time and uses it to target advertisements and refine search results. Google gives us the power to switch off all these features. It even provides videos explaining how to do this.
When Mayer and others at Google speak about the practices and policies of private data collection and processing (otherwise known as "privacy" policy), they never discuss the power of defaults. They only emphasize the pure freedom and power that users have over their data. Celebrating freedom and user autonomy is one of the great tricks of commercial practice in the global information economy. We are trained to believe that having more choices - empty though they may be - is the very essence of human freedom. But meaningful freedom implies real control over the terms of one's life. Merely setting up a menu with switches does not serve the interests of any but the most adept, engaged, and educated. In an ecological sense, setting the defaults to maximize the benefits for the firm and hiding the switches beneath a series of pages is irresponsible. But we should not expect any firm to behave differently. If we wish to have a different set of defaults in complex economies such as the Web, we are going to have to rely on consortia of firms reacting to pressure from consumer groups or ask the state to regulate such defaults.
Google officials also don't clarify the fact that completely opting out of the Google data collection practices significantly degrades the service Google will provide. Google officials make it clear that grabbing and using personal data improves the services. But they are intentionally vague about what that means to users. For those few Google users who click through the three pages it takes to get to adjust their options, it's not hard to figure out the cost of opting out. Playing around with such options can give you a pretty clear idea of the nature of the transaction between Google and its users. But for the vast majority of users who never ask questions about the fate of their data, the nature of the transaction remains a mystery.
...
RSS Feed
Comments (9)
Interesting article, gives us more to worry about...
The thing that I worry most about is once you analyze what I search on, where I go, how much time I spend in email, etc.. You turn that raw data into PII (personally identifiable information) that should be encrypted, protected and treated like PII.
Until bad things happen as a result of the collection of this data, I don't think consumers in general really care and they love the conveniences they get from the enhanced services based on this collection of data.
What I am quite curious to know is the predictions on what are the bad things that are going to happen as a result of this info being collected....
Why exactly is this issue on the top of mind for the FTC?
Nice -- I hope you're planning to dig deeper into the details of Google's practices and policies. Maybe have a look at Google's data mining patents and white papers for this. Also check out Jay Kesan and Rajiv Shah's work on software defaults: http://portal.acm.org/citation.cfm?id=1146670
This is fascinating. I am particularly interested in the idea of "choice architecture" and defaults and how they are used with Google and other technological tools. In my job I am constantly having to think about the way things are presented in order to achieve a certain effect, or encourage people to think in a certain direction (or not think in another direction), but I hadn't really thought of it so much with respect to something like Google.
Your book will be important!
In the post above, you've addressed our passive relationships with Google as users and consumers. I hope you'll also look at impact of Google on our active, participatory roles in culture and democracy, such as through the influence of blogging and microblogging on public debate.
For an example of how there is a way to go in this kind of relationship with Google, see Ian Davis's post "Google’s RDFa a Damp Squib" at http://bit.ly/ocsQY , including the comments. Collaboration with Google rather than unilateral choices by them is a goal.
At some point we need to think about whether not doing evil means withholding use of power.
Made me wonder--as a university person--whether my data trail is actually my university's property, which my university then delivers to Google. I realize as a university user I am a minority audience--but the trend of universities to put students on GMail, for example, raises interesting questions about whose data trail is being tracked by Google--mine? Mine as represented through my university? So there might be interesting attributes related to institutional users and their data trails via their institutions--who "owns" these institutional data trails flowing into Google? The individual or the institution?
This is a compelling and cogent account of an individualistic perspective on the privacy problems at stake here. That's the dominant language of our public life, so you've probably found the best way to translate our inherent unease at the Google-Panopticon into a language of personal interests that policymakers can understand.
But I think that privacy fundamentally is not a bilateral, contract-based issue. It's about the kind of society we want to create (see, e.g., Nehf on the social value of privacy). A collective commitment to privacy may be far more valuable than a private, transactional approach that all but guarantees a “race to the bottom"--as I explain in more detail here:
http://www.concurringopinions.com/archives/2008/02/siva_vaidhyanat.html
In the end, behavioral economics only goes so far. It's supposed to guarantee individuals the right to shape their lives based on how risk-averse they are. But in our age of bailouts and state-funded ER-care for helmetless libertarian motorcyclists, we know who ends up footing the bill for most of those who choose wrong.
PS: Viktor Mayer-Schonberger's new book Delete (Princeton Univ. Press) should be of great interest re control over one's "data trail."
Does Google have a statutorily imposed obligation to monitor your usage and report it to the authorities in the same way that the financial industry; banks and brokers do under the Bank Secrecy Act? Does a user have the ability to opt out of using Google altogether? Is there an element of force or coercion involved? Do users have other choices? Can a user spoof Google?
Frank:
Brilliant insight. Thank you so much. I will revise to incorporate all this.
Siva