The expectation of privacy is, pretty clearly, a complicated question. As new Mozilla employee Luis Villa could undoubtedly educate me. Complicated enough, in fact, that the debate over Eric Schmidt’s views on the subject are unhelpful. Not because he’s right, of course: he’s so spectacularly wrong, what’s left to debate? See Scheneier’s pithy three year early reply.
What’s far less clear to me, however, is what constitutes a reasonable expecation of privacy these days. Chris Blizzard pointed out yesterday, for example, that site and address bar searches from Chrome – what you visit on the web, effectively – is sent to Google. True, as Greg Stein reminds us, users can disable this functionality, but how many do?
All of which raises several questions for me. Which, in turn, brings us to the Q&A.
Q: Before we continue, do you have anything to disclose?
A: Not much. While I know personally many individuals on both sides of this debate, there are no commercial affiliations that I am aware of that read on the following discussion.
Q: Do you believe that what Google is doing is wrong?
A: I think it can and probably will continue the gradual erosion of their public reputation, which is phenomenally difficult to recover from as the court of public opinion doesn’t move quickly. Just ask Microsoft. But do I think it’s intrinsically wrong? No.
Q: Why not?
A: It’s all about my expectation for privacy. Do I have the right to expect that my personal internet history should be private? Absolutely. But do I expect that my behavior on the internet, generally, is private? Not at all.
Q: How so?
A: Well, consider that when you visit a website these days – from individual blogs to large retail sites – there’s a better chance that you’re being tracked than not. If you’re among the minority that’s exceedingly privacy conscious and you have cookies and such disabled, you may limit the traces you leave behind, but you don’t eliminate them. Sites will still know a great deal about you. The IP address you came in on, for example, from which can be extracted your geographic location, your service provider and such. If you came in off a web search, you’ll also leave your search keywords behind, as well as the search provider that you used. And on and on.
Just by visiting websites, then, you are implicitly or explicitly surrendering much of your privacy.
Q: Isn’t that different, though, from a site like Google which has visibility across many sites?
A: Absolutely. Amazon, for example, will know less about the sites I visit than would Google, if I use the default Chrome settings or turn on Google DNS. But that in turn raises two questions: first, should DNS and browsing history data be usable? And if so, is Google a worse option than alternative service providers like my ISP or OpenDNS?
Q: Let’s start with the first question, then: should browsing history be usable?
A: I don’t have a real problem with it, provided that a) it’s anonymized and b) does not involve deep packet inspection. No one wants their personal history exposed, and not because – as Schmidt implied – that we’re up to no good. It’s because we have certain – reasonable, according to the case law – expectations of privacy.
But when our individual data is aggregated – provided that this is done safely – the risk is greatly diminished, in my view. It’s no different, on some level, than census or survey work. I might not want to tell a stranger how many people are in my household or what TV I watch, but if the US Government asks the former or Nielsen the latter, I’m frankly less concerned. Particularly in circumstances where I stand to directly benefit from the tradeoff, such as from a free service.
In other words, if Google tried to sell my browsing habits or my email to a third party, I would have a serious problem with that. As would Google, after I sued them for a gazillion dollars. If they want to dump mine in with a larger bucket, and judge that perople from Portland, Maine are spending less time on Boston.com than ESPNBoston.com these days and gives me a fast browser for my troubles, well, I’m less concerned.
I expect to be regarded as significantly outspoken on this topic, however.
Q: Do you think the anonymization will not break down at some point? That some organization, sufficiently tempted would not resort to selling their accumulated data in a less than scrupulous fashion?
A: I think this is not only possible, but probable. But as with any system, there are risks: we need to be realistic about them. I don’t see anyone, for example, trying to ban the sale of laptops because the data on them could be lost or stolen. I don’t mean to be casual or flip about the concern, because it’s very real, but this is hardly the only scenario in which our privacy could potentially be violated. How many times have banks, for example, lost tapes containing our social security number and other personal data? These are serious breaches, but they are notable because they are exceptions rather than the rule. As would, hopefully, misuses of personally identifiable data.
Q: What about the question of whether it’s worse for Google to collect this data than, say, an ISP?
A: I think there are two general camps on this one: one side believes that Google, by virtue of its position, has too much visibility and is accumulating too much power. The other believes that everyone is likely to be doing the same thing eventually, if they’re not already, so the choice is really about choosing the lesser of the available evils. While I understand and sympathize with the former’s arguments, I don’t believe that Google is likely to be a more evil steward of my DNS data than my current ISP, Time Warner, and there’s a reasonable shot – given that Google at least has a privacy policy in place – that they’ll be less evil. So no, I don’t believe it’s worse for Google to be doing than this than someone else, because at least – in theory – Google’s profit motives are well aligned with my needs as a customer.
Q: Could that change?
A: Indeed. Anecdotally, it already is for some people I know, who’ve gone back to Yahoo Mail and other alternatives from GMail because of their concerns about Google’s voracious appetite for data. We can’t properly evaluate Google’s decisions without context, and when you consider the speed at which they are accumulating data about every aspect of our lives, the potential for serious risk is there. So yes, my opinion of Google as a steward of my data could easily change, if they don’t manage users’ expectations for privacy tightly. Which is why Schmidt’s comments are so alarming. Microsoft is still recovering from things Ballmer said about open source five and six years ago; how long will it be before the Google CEO’s comments are forgotten?
Q: If Chrome can collect data, do you think that Mozilla et al should?
A: I think most open source projects should be collecting telemetry, yes, with user consent. If it’s done right, it can be a win/win. Developers get access to better insight of their product usage, user demographics and – with analytics – another revenue stream. Users, in turn, benefit from the aggregated data; one instances monitoring data is not interesting, but put the same data together from hundreds or thousands of customers, and the data has new – and potentially immense – value.
Q: Do users, in general, care about any of this?
A: To the chagrin of the privacy conscious everywhere, by and large, the answer is no: consumers seem to be more than willing to trade functionality for privacy.
Facebook, after all, seems to make privacy changes these days strictly so that they can later apologize for them. The available evidence suggests that consumers, in general, are overwhelmingly apathetic when it comes to privacy related issues. At least when they’re issues related to brands they actually like and identify with.
Q: So the above is all academic?
A: No. First, that assumes that privacy will remain a theoretical issue for the population at large indefinitely, which is a problematic assertion. Second, it implies that there are no customers, and no scenarios, in which privacy becomes a legitimate concern, which is equally incorrect. This is a debate well worth having, because we’re only going to hear more about privacy as the value of data becomes increasingly impossible to miss.
And also because I’m very willing to be persuaded that I’m wrong. There are some very smart people who very clearly don’t agree with me, which is always a sign that it’s time to listen.