Language Selection

English French German Italian Portuguese Spanish

Google's Growth Prompts Privacy Concerns

Filed under
Security

Google is at once a powerful search engine and a growing e-mail provider. It runs a blogging service, makes software to speed Web traffic and has ambitions to become a digital library. And it is developing a payments service.

Although many Internet users eagerly await each new technology from Google Inc., its rapid expansion is also prompting concerns that the company may know too much: what you read, where you surf and travel, whom you write.

"This is a lot of personal information in a single basket," said Chris Hoofnagle, senior counsel with the Electronic Privacy Information Center. "Google is becoming one of the largest privacy risks on the Internet."

Not that Hoofnagle is suggesting that Google has strayed from its mantra of making money "without doing evil."

Rather, some privacy advocates worry about the potential: The data's very existence - conveniently all under a single digital roof - makes Google a prime target for abuse by overzealous law enforcers and criminals alike.

Through hacking or with the assistance of rogue employees, they say, criminals could steal data for blackmail or identity theft. Recent high-profile privacy breaches elsewhere underscore the vulnerability of even those systems where thoughtful security measures are taken.

Law enforcement, meanwhile, could obtain information that later becomes public, in court filings or otherwise, about people who are not even targets of a particular investigation.

Though Google's privacy protection is generally comparable to - even better than - those at Microsoft Corp., Yahoo Inc. (Nasdaq:YHOO - news), Amazon.com Inc. and a host of other Internet giants, "I don't think any of the others have the scope of personal information that Google does," Hoofnagle said.

Plus, Google's practices may influence rivals given its dominance in search and the fierce competition.

"Google is perhaps the most noteworthy right now by the simple fact that they are the 800-pound gorilla," said Lauren Weinstein, a veteran computer scientist and privacy advocate. "What they do tends to set a pattern and precedent."

The concerns reflect Google's growing heft. As startups get bigger and more powerful, scrutiny often follows.

Google says it takes privacy seriously.

"In general, as a company, we look at privacy from design all the way (through) launch," said Nicole Wong, an associate general counsel at Google.

That means product managers, engineers and executives - not just lawyers - consider the privacy implications as new technologies are developed and new services offered, Wong said.

She also said that Google regularly seeks feedback from civil liberties groups such as the Center for Democracy and Technology and the Electronic Frontier Foundation, both of which credit Google for listening even if it doesn't always agree.

Google's privacy statements specify that only some of its employees have access to personal data - on a need-to-know basis - and such access is logged to deter abuse.

Google Chief Executive Eric Schmidt says a tradeoff exists between privacy and functionality, and the company believes in making fully optional - and seeking permission beforehand - any services that require personally identifiable information.

"There are always options to not use that set of technology and remain anonymous," Schmidt told reporters in May.

But what is meant by personally identifiable information is subject to debate.

Google automatically keeps records of what search terms people use and when, attaching the information to a user's numeric Internet address and a unique ID number stored in a Web browser "cookie" file that Google uploads to computers unless users reconfigure their browsers to reject them.

Like most Internet companies, Google says it doesn't consider the data personally identifiable. But Internet addresses can often be traced to a specific user.

Here's just some of the ways Google can collect data on its users:

_One of Gmail's selling points is its ability to retain e-mail messages "forever."

_Google's program for scanning library books sometimes requires usernames to protect copyrights.

_The company is testing software for making Web pages load more quickly; the application routes all Web requests through its servers.

_Google also provides driving directions, photo sharing and instant messaging, and it is developing a payments service that critics say could add billing information to user profiles.

Because storage is cheap, data from these services can be retained practically forever, and Google won't specify how long it keeps such information.

Without elaborating, Google says it "may share" data across such services as e-mail and search. It also provides information to outside parties serving as Google's agents - though they must first agree to uphold Google's privacy policies.

Much of the concern, though, stems from a fear of the unknown.

"Everybody gets worried about what they (Google) could do but what they have done to date has not seemed to violate any privacy that anyone has documented," said Danny Sullivan, editor of the online newsletter Search Engine Watch.

Eric Goldman, a cyberlaw professor at Marquette University, believes the focus ought to be on the underlying problem: access by hackers and law enforcement.

"We still need to have good technology to inhibit the hackers. We still need laws that make hacking criminal. We still need restraints on government surveillance," Goldman said. "Google's database doesn't change any of that."

Anne Rubin, 20, a New York University junior who uses Google's search, Gmail and Blogger services, says quality overrides any privacy concerns, and she doesn't mind that profiles are built on her in order to make the ads she sees more relevant.

"I see it as a tradeoff. They give services for free," she said. "I have a vague assumption that things I do (online) aren't entirely private. It doesn't faze me."

Larry Ponemon, a privacy adviser, says research by his Ponemon Institute found Google consistently getting high marks for trust.

By contrast, Microsoft, whose software sometimes crashes and regularly gets violated by hackers, didn't fare as well despite what Ponemon and others acknowledge are improvements in its approach to privacy.

"People confuse customer service with obligations to maintain privacy," Ponemon said. "Google has a product that seems to work. It gets almost like a free ride on privacy."

That's changing.

Google, a perennially secretive company, may share some of the blame. It goes out of its way to strip its privacy statements of legalese so they are easier to read. But the statements remain vague on how long the company keeps data.

In an interview, Wong said Google had no set time limits on data retention; such determinations are left to individual product teams. She said the information helps Google know how well it is doing - for instance, are users getting the results they want in the first five, 10 or 100 hits?

"We keep data that's collected from our services for as long as we think it's useful," she said.

Google says it releases data when required by law, but its privacy statements offer few details. Wong said Google doesn't surrender data without a subpoena, court order or warrant. But she would not offer any details on how many requests it gets, or how often, and federal law bars Google from disclosing requests related to national security.

For civil lawsuits, Wong said, Google warns users before it complies so they can file objections with a court - a fact the company doesn't publicize.

Mark Rasch, who was a Justice Department prosecutor in the 1980s and has since advised companies on getting data from Internet companies, says electronic records will only become more relevant for investigators searching for evidence of intent and knowledge.

"As Google becomes more involved in parts of your lives including chats and blog, then it's going to get lots more subpoenas," he said. "It's a lot more than just a search tool."

Associated Press

More in Tux Machines

Licensing: Facebook Responds to Licence Complaints, Cloud Native Open Source License Choices Analysed

  • Facebook relicenses several projects
    Facebook has announced that the React, Jest, Flow, and Immutable.js projects will be moving to the MIT license. This is, of course, a somewhat delayed reaction to the controversy over the "BSD+patent" license previously applied to those projects.
  • Relicensing React, Jest, Flow, and Immutable.js
    Next week, we are going to relicense our open source projects React, Jest, Flow, and Immutable.js under the MIT license. We're relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don't want to hold back forward progress for nontechnical reasons. This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community.
  • Cloud Native Open Source License Choices
    One of the most common questions regarding open source licensing today concerns trajectories. Specifically, what are the current directions of travel both for specific licenses as well as license types more broadly. Or put more simply, what licenses are projects using today, and how is that changing? We’ve examined this data several times, most recently in this January look at the state of licensing based on Black Duck’s dataset. That data suggested major growth for permissive licenses, primarily at the expense of reciprocal alternatives. The Apache and MIT licenses, for example, were up 10% and 21% respectively, while the GPL was down 27%. All of this is on a relative share basis, of course: the “drop” doesn’t reflect relicensing of existing projects, but less usage relative to its peers. [...] One such community with enough of a sample size to be relevant is the one currently forming around the Cloud Native Computing Foundation. Founded in 2015 with the Kubernetes project as its first asset, the Foundation has added eleven more open source projects, all of which are licensed under the same Apache 2 license. But as a successful Foundation is only a part of the broader ecosystem, the real question is what are the licensing preferences of the Cloud Native projects and products outside of the CNCF itself. [...] Unsurprisingly, perhaps, given the influence of the CNCF itself, Apache strongly outperforms all other licenses, showing far greater relative adoption than it has in more generalized datasets such as the Black Duck survey. Overall in this dataset, approximately 64% of projects are covered by the Apache license. No other project has greater than a 12% share. The only other licenses above 10%, in fact, are the GPL at 12% and MIT at 11%. After that, the other projects are all 5% or less.

today's howtos

Games: Half-Life: C.A.G.E.D., Arcan 0.5.3, Wine Staging 2.17

  • Half-Life: C.A.G.E.D. from former Valve worker should hopefully come to Linux
    Half-Life: C.A.G.E.D. [Steam] is a mod from former Valve worker Cayle George, it's a short prison escape and it should be coming to Linux. Mr George actually worked on Team Fortress 2 and Portal 2 during his time at Valve, but he's also worked for other notable developers on titles like Horizon Zero Dawn.
  • Game Engine Powered Arcan Display Server With Durden Desktop Updated
    Arcan, the open-source display server powered by a game engine, is out with a new release. Its Durden desktop environment has also been updated. Arcan is a display server built off "the corpse of a game engine" and also integrates a multimedia framework and offers behavior controls via Lua. Arcan has been in development for a half-decade while its original code traces back more than a decade, as explained previously and has continued advancing since.
  • Arcan 0.5.3, Durden 0.3
    It’s just about time for a new release of Arcan, and way past due for a new release of the reference desktop environment, Durden. Going through some of the visible changes on a ‘one-clip or screenshot per feature’ basis:
  • Razer plans to release a mobile gaming and entertainment device soon
    NVIDIA, another big player in the gaming hardware and lifestyle space, released an Android-based portable gaming and entertainment console called the NVIDIA Shield that emphasized in-home streaming, and the Ouya console that Razer acquired (and discontinued) ran Android. But Razer decided to use Windows instead of Android on the Edge.
  • Wine Staging 2.17 is out with more Direct3D11 features fixing issues in The Witcher 3, Overwatch and more
    Wine Staging 2.17 is another exciting release, which includes more Direct3D11 features which fixes issues with The Witcher 3, Overwatch and more. As a reminder, Wine Staging is the testing area for future Wine development released, which will eventually be made into stable Wine releases.

KDE: Plasma 5.11 in Kubuntu 17.10, Krita 3.3, Randa and Evolution of Plasma Mobile

  • KDE Plasma 5.11 Desktop Will Be Coming to Kubuntu 17.10 Soon After Its Release
    KDE kicked off the development of the KDE Plasma 5.11 desktop environment a few months ago, and they've already published the Beta release, allowing users to get a first glimpse of what's coming in the final release next month. Canonical's Ubuntu Desktop team did a great job bringing the latest GNOME 3.26 desktop environment to the upcoming Ubuntu 17.10 (Artful Aardvark) operating system, and it looks like the Kubuntu team also want to rebase the official flavor on the forthcoming KDE Plasma 5.11 desktop environment.
  • Krita 3.3 Digital Painting App Promises Better HiDPI Support on Linux & Windows
    Work on the next Krita 3.x point release has started, and a first Release Candidate (RC) milestone of the upcoming Krita 3.3 version is now ready for public testing, giving us a glimpse of what's coming in the new release. In the release announcement, Krita devs reveal the fact that they were forced to bump the version number from 3.2.x to 3.3.x because the upcoming Krita 3.3 release will be introducing some important changes for Windows platforms, such as support for the Windows 8 event API, thus supporting the n-trig pen in Surface laptops.
  • Randa-progress post-hoc
    So, back in Randa I was splitting my energies and attentions in many pieces. Some attention went to making pancakes and running the kitchen in the morning — which is stuff I take credit for, but it is really Grace, and Scarlett, and Thomas who did the heavy lifting, and Christian and Mario who make sure the whole thing can happen. And the attendees of the Randa meeting who pitch in for the dishes after lunch and dinner. The Randa meetings are more like a campground than a 5-star hotel, and we work together to make the experience enjoyable. So thanks to everyone who pitched in. Part of a good sprint is keeping the attendees healthy and attentive — otherwise those 16-hour hacking days really get to you, in spite of the fresh Swiss air. [...] You can read more of what the attendees in Randa achieved on planet KDE (e.g. kdenlive, snappy, kmymoney, marble, kube, Plasma mobile, kdepim, and kwin). I’d like to give a special shout out to Manuel, who taught me one gesture in Italian Sign Langauage — which is different from American or Dutch Sign Language, reminding me that there’s localization everywhere.
  • The Evolution of Plasma Mobile
    Back around 2006, when the Plasma project was started by Aaron Seigo and a group of brave hackers (among which, yours truly) we wanted to create a user interface that is future-proof. We didn’t want to create something that would only run on desktop devices (or laptops), but a code-base that grows with us into whatever the future would bring. Mobile devices were already getting more powerful, but would usually run entirely different software than desktop devices. We wondered why. The Linux kernel served as a wonderful example. Linux runs on a wide range of devices, from super computers to embedded systems, you would set it up for the target system and it would run largely without code changes. Linux architecture is in fact convergent. Could we do something similar at the user interface level?