There’s an important privacy debate taking place on the global policy front. This latest round has been triggered by Google’s attempt to consummate its proposed merger with DoubleClick. Of course Microsoft, Yahoo, and the advertising community are raising antitrust concerns over the marriage of the two biggest players in internet advertising. Yet it’s the privacy concerns that are gaining the most traction among policy makers and enforcers worldwide. This is good news. It means that Google, Microsoft, Yahoo, and privacy watch dogs worldwide are all engaged in a renewed dialogue about how to protect citizens’ privacy in an era in which all our searches are captured, all our cookies are collected, and both the ads that were presented and the ads we clicked on are stored and mined for an indefinite period of time.
It’s been fun and edifying watching Google’s PR engine at work. Eric Schmidt, Google’s CEO, has been evangelizing the need for “international privacy standards.”
Google’s most powerful PR tool to-date is the comforting and accessible video series featuring Maile Ohye, a personable young woman who is a senior support engineer, giving a chalk talk about what information Google captures when you search, how it uses that information and how you can control it. The two videos in the series to-date are designed to be very comforting. In the first,1 she explains that, while Google captures your search queries, IP address, and cookies, and connects the dots in order to make your searches more relevant, they will X out your IP address and your stored cookie info after 18 months. (This is the same cookie retention policy that Microsoft is now espousing). This nice young woman makes your feel relieved about the fact that Google is X’ing out the information that connects your search terms to you, just the way your favorite merchants X out your credit card info. The second video2 shows you how you can view and control your search history, by “pausing” the collection of your personal search information and/or deleting items you don’t want anyone to be able to see or to use algorithmically to determine what you might be interested in, in the future.
There are many threads to the privacy debate. I’ve been thinking about these three:
1. Fears of Big Brother – Control over what is captured, how long it’s kept, and who can see/use it.
2. Fears of Big Business – Control over what advertisers can do and how invasive they can be; Control over what our suppliers can do and how invasive they can be.
3. Empowerment – The ability to control the experience you want to have and to enable trusted parties to use information that you’ve entrusted to them to provide better solutions and a more context-appropriate experience that may delight, rather than dismay.
Fears of Big Brother
On September 26th, the New York Times ran an interview with science fiction writer Cory Doctorow in an article entitled: “A New Short Story Imagines Google as a Bad Big Brother,” by Andrew LaVallee.3 They included the following excerpt from Cory’s short story, “Scroogled4” which was published in the September issue of Radar Magazine:
"Evening," Greg said, handing the man his sweaty passport. The officer grunted and swiped it, then stared at his screen, tapping. A lot. He had a little bit of dried food at the corner of his mouth and his tongue crept out and licked at it.
"Want to tell me about June 1998?"
Greg looked up from his Departures. "I'm sorry?"
"You posted a message to alt.burningman on June 17, 1998, about your plan to attend a festival. You asked, 'Are shrooms really such a bad idea?'"
The interrogator in the secondary screening room was an older man, so skinny he looked like he'd been carved out of wood. His questions went a lot deeper than shrooms.
"Tell me about your hobbies. Are you into model rocketry?"
"No," Greg said, "No, I'm not." He sensed where this was going.
The man made a note, did some clicking. "You see, I ask because I see a heavy spike in ads for rocketry supplies showing up alongside your search results and Google mail."
Greg felt a spasm in his guts. "You're looking at my searches and email?" He hadn't touched a keyboard in a month, but he knew what he put into that search bar was likely more revealing than what he told his shrink.”
I recommend that you read the entire story. It’s great as well as chilling. In the New York Times’ interview, Andrew Lavallee asks: “Are there signs...of Google doing ...things that concern you?”
And Cory Doctorow replies: “There are lots of ways in which Google knowing more about you makes Google better for you. But without much regard to what's happening in the world around us, in an era in which the national security apparatus has turned into a kind of lumbering, savage, giant toddler, it behooves us to not leave things within arm's reach that it might stick in its mouth. And that includes things like my search history. And I'd prefer that Google not be storing a lot of that stuff, especially today, especially after Patriot [Act] and so on. They're inviting abuse, I think, by doing that. The steps you don't save can't be subpoenaed. And by saving them, Google is inviting a subpoena.”
What Information Is Being Tracked and How Is It Being Used?
What most people care about in the great privacy debate is what personally identifiable (as opposed to aggregated) information is available to whom. The idea that cookies or personally-identifiable IP-addresses are destroyed after 18 months misses the main point. Many people don’t want any tracking of what they’re doing online by anyone. These are the people who take pains to disable cookies and to only frequent sites and utilities that give them the ability to remain anonymous. Yet online advertisers need that information in order to provide targeted ads. As more and more advertising moves to our mobile devices with location-based services, the more and more targeted the advertising will become (“Patty, the shoe store a block away has those red heels you liked in your size right now—and you have 20 minutes before your next meeting”). So, if advertising is going to be personalized, you need to be able to opt in and out at a very granular level.
Google and Microsoft, et al. are offering the “we’ll only keep your identify associated with this search query for 18 months” assurance because they know that people are concerned about the ability of government organizations (Big Brother) to snoop on patterns of our activities over time.
Fear of (Big) Business or Nefarious Parties
But we’re also concerned about the nearer term privacy invasions when companies we don’t know or trust use information we didn’t realize they had to intrude upon our lives to make us offers we don’t want or need or at inappropriate times. (Not to mention more nefarious snoopers and what they might do with our personal data and activity patterns.) Don’t I own the information I generate? Why should a company I don’t know or trust be able to put an offer on my cell phone, or send me an email offer I didn’t authorize? That’s spam. It’s an invasion of my privacy and my right to control my experience.
Advertisers are a powerful lobby. They will do whatever it takes to ensure that they can get their messages to us. We DO need privacy protection to keep anyone from being able to buy their way into our personal space without our invitation. When we watch television or read magazines or use a search engine, we realize that advertisers pay for the privilege of presenting us their messages. When we are reading our email, sending Instant Messages to friends, or using our phones, most of us only want to be alerted to ads from suppliers with whom we have a relationship and to those alerts, offers, or news to which we have opted in.
What Control Do Users Want Over Their Information?
So the fact that Google lets me control my search history is useful to me. It means that, if I care, I can delete irrelevant (or incriminating) items from my search history. And my search results and the ads I see are more relevant because they get better and better over time. That’s a choice and a trade off that I have made.
Make Opt Out the Default; Let Me Opt In; Don’t Identify and Track My Searches, Activities, and Transactions Without My Permission
Here’s my bottom line. I have opted into personalized search for Google, and I know I can control it. I expect the merchants with which I have dealings to maintain a history of our transactions together. And I demand that that transaction history is private to me (and/or my firm, if it’s a business transaction). I own that information. It’s mine. Nobody should be allowed to sell, mine, or otherwise use my personally identifiable trail of activities unless I explicitly opted in. Not 18 months from now, but now.