People trust Google. Or perhaps it isn’t trust, perhaps people are willing to set aside trust in order to obtain ease of use and convenience. I’ll admit, I fall in to that camp in regards to certain things. I make use of GMail. I use their calendaring to sync up my calendar between my different devices. I’ve stayed away from Google Reader, but that has more to do with the fact that I really like the NewsFire™ app that I use on my MacBook. Let’s face it, Google is everywhere, and even if you only casually use the internet, it’s likely that you make use of their services – even if only their search engine. They make it easy by providing so many resources for free. Well, they don’t cost the user any money, but they do have a price: information.
Information, data, the bloodstream of the Internet. This might not seem like such a big deal, a company that tracks your searches so that they can better tailor search data, making it more accurate and efficient. This doesn’t sound awful. Sure, they can associate search results with IP addresses – but with multiple users sharing an IP, and dynamic assignment of IP addresses this certainly doesn’t rate very high on the paranoia scale (except perhaps with the tinfoil crowd). Of course all the monitoring and improving searches isn’t done out of simple altruism. They collect the data so they can design ads specifically targeted to search results. Advertisements are the primary revenue source for Google. It’s the money generated from ads that allows them to offer free services. It is the free services that allow them to collect large amount of data to help generate more ad revenue. The great circle of data profiteering.
None of this seems particularly bad or shadowy. They are a company, they were created to make profit. Profit is what allows them to keep innovating, creating new and wonderful things for everyone to play with. I don’t begrudge a company wanting to turn a profit; it’s the very heart of capitalism. It’s also not that shady that a company keeps its methodology and the technology driving their online presence behind closed doors. Keeping other people out helps keeps your secrets in. Those secrets are what allow a company to gain an edge over the competition. Give all your best stuff away and everyone can be just like you, and that’s certainly no way to profit (all open source arguments aside – open source is a completely different business model. I don’t classify either as right or wrong, they have different driving principles). None of that seems suspect.
The problem begins with the Google services outside of search (though, through these services, search also becomes a bigger piece of the pie). Once you become involved in Google services you have a login. You have something that ties you to specific data. The non-threatening theory is that by knowing you, your search habits, your interests, Google can give offer marketers a way to very narrowly target ads to those people most likely to click through. For a long time advertisements were about reaching as many people as possible, basically getting your message to every single venue hoping that in all the millions of eyeballs you manage to attract the few who are likely to be interested. Google, however, has been changing this by allowing marketers to focus their efforts on those most likely to be interested without having to waste time on those who are unlikely to have a need, or are absolutely uninterested in their product or service. The collection of data changed the way advertisers think. The pinning of data to specific individuals opens up new doors for advertisers and allows their campaigns to have an extremely narrow and personalized focus, targeting the specific part of the market for whom their product is intended to reach. Designer advertising, and it’s all possible through the collection of massive amounts of data.
The most troubling part of this is the using of e-mails to collect data for targeting advertising. As you receive or send e-mails (or conversations as Google likes to think of them), Google bots are scanning your messages for keywords and other relevant data that will allow them to pull from their pool of ads those that most match the content of your messages. Talk about a trip to London in an e-mail, ads will pop up for plane rates to London, possible attractions, restaurants, etc. Google has announced they are making changes to it, in theory, to make those ads even more relevant. Now, when there are no ads that closely associate to your current e-mail, instead of pulling up some random advertisements, they now will pull up ads that are related to content in other of your current e-mails. This is an advancement that will help Google to attract more advertising partners. The worst part for users is the data mining of their e-mails, of their private thoughts.
“To show these ads, our systems don’t need to store any extra information – Gmail just picks a different recent email to match. The process is entirely automated: no humans are involved in selecting ads, and no email or personal information is shared with advertisers.” said Google employee, Steve Crossan. (original link to full blog post)
This brings us back to the issue of trust. We have Google’s word that it’s an automated system, that there is no one reading your data or selling it, or making it available. It’s all an automated system to help target advertising, no human eyeballs peer in on the process. We have Google’s word. But can we trust that word? Big business has not exactly always had the public’s best interest at heart. It’s not unheard of for a company to mislead people, to misdirect them, and even in some cases outright lie to the public. This isn’t merely paranoia, this is just the way that some businesses have operated behind closed doors. There is no proof that Google has done anything nefarious with our data. There is very little reason to suspect that Google has any interest in “being evil”. To do so could open themselves up to multitudes of lawsuits if anyone found out. It would be a large risk to take and would threaten a profit generating machine that Google has made work amazingly well. When the risk is large it’s not worth taking without a sufficiently large payoff. Quite frankly, as it stands, the risk is too great when compared to potential rewards – it’s not in Google’s financial interest to betray users privacy beyond what they’ve already been doing for years (and letting the public know this is what they are doing with their data).
The real risk, to me, in allowing one source to have so much collected data, targeted information on individuals. The threat that we face is what could potentially be done with all that collected day. We have two potential scenarios that I feel are the most credible, potential threats.
The first is the one most often played out in the media. The ominous shadowy hacker bent on taking over your life, ruining your credit rating, and buying an island in the Caribbean somewhere – or whatever it is these shadowy menaces want to do. All that data sitting in the mysterious “cloud” is a tasty morsel that can attract a lot of people who certainly don’t have anyones best interests at heart other than their own. Like any other thieves they are profiteers. We are trusting that Google’s security is tight, that they are doing all they can to protect our safety. We are trusting that what they are doing is enough. Recent events, however, have shown that Google is as vulnerable to security breaches as any other business. And what they possess makes them a great target for those who would use peoples data for more damaging ends. The flaw that allowed the attack involved a security flaw in Microsoft’s Internet Explorer (which they have just now released a patch for) that allowed hackers to read the e-mails of human rights activists who have been outspoken about Chinese policies. While some level of social engineering was also involved (which is often the case, it has been pointed out numerous times by security expert that the biggest gap in security is often times the end users), this attack showed that it is impossible to defend against every possible exploit as many times the problem exists in the code of others, something that is outside your own control. Yes, Google has released their own web browser, but with Internet Explorer still being the king of the hill it stands to reason it would also see use even from the people of Mountain View.
The second potential threat is our own government (or any government for that matter which has some regulatory control over Google’s actions). Face it, privacy rights are not something the American government has gone out of its way to protect these days. With recent revelations that the FBI, with the telcos assistance, were garnering call information without following proper legal procedures just shows the contempt for privacy issues that exist in some Federal agencies. While new procedures have been put in to place to help curtail this, the fact that it went on unchecked for so long shows how vulnerable groups can be to government influence (especially under the umbrella of protecting against terrorism, the latest buzzword in the law enforcement arsenal). Google has in the past shown it is willing to fight against such things, and only releases any data when legally compelled to do so. However laws can be changed, and rights eroded. We may not want to believe it, but the possibility does exist that the laws can change enough to allow government agencies full access to Google’s data, and their data mining capabilities. The thought police start making their lists and using private communications against us. Sounds like something out of a dystopian novel about the future, but everyday we are seeing our liberties stretched thin “for our own good” and in the name of “national security”.
The point is we need to take a more active role in monitoring our own data, being custodians of our privacy. Big business isn’t going to do it for us, nor are our governments. While they might not have some dark agenda, the fact is we take for granted just how much of our lives are out there, just waiting to be plucked. We need to think about those things we post online, the way we protect our own information, and those whom we trust with our data. Simply running away from Google and moving to some other competitor to host our e-mail won’t solve anything. Google gets focused on merely because they are the big fish in the small pond, but other companies are equally vulnerable to the same potential threats. The first line of defense in our privacy is ourselves. We are too willing to trust, to hand over information blindly, just so long as things are made easy for us. Making those things free just makes it even easier to self-justify throwing all of ourselves online with little thought of who controls the information, who has access to it, or how well it is being protected. We can’t all roll our own e-mail servers, or calendaring solutions – such things are out of the reach of the majority of people. We have to trust someone, but we don’t have to trust them blindly or completely. We have to understand the risks involved and weigh those risks against our needs. Complete paranoia is no better than blind trust. We have to be willing to educate ourselves to the dangers and pitfalls as well as learning about those people whom we hand our data to.
I’m not about to completely jump the Google ship, but more and more things give me pause. I think about diversifying those companies who hold on to my data. Spread it around as to not put all my eggs in one basket so to speak. I also think more and more about those things that I put online, or even the things I share in an e-mail. While I have often advocated encrypting e-mail, encryption does you no good when the other parties you converse with fail to use any type of encryption themselves. Education and understanding are key to minimizing the risks that we face. We have to come to understand that no matter how innocuous some message might be seen, data is valuable. Information controls the world. We can’t ignore how valuable it is not just to ourselves, but to other groups out there whether it be someone trying to gain leverage or financial gain over us, or if it’s merely advertisers hoping to better reach their target audience.