Those who frequent this space are probably already aware that I’m a big believer in the concept of Software-as-a-Service (if you just arrived, you can get some of the background here), the notion of delivering applications such as CRM, email, etc over the network rather than locally installed and managed rich client. In that, I’m no longer in the minority; while everyone knows and points to Google as a major player in the SaaS realm, if the ‘leaked’ Gates/Ozzie memos are to be believed even those with the most vested interest in protecting the rich client space, Microsoft, have seen the light. If Microsoft can get their minds around Software-as-a-Service, it’s smooth sailing ahead, right?
Maybe. But I’m beginning to think as much as network application providers are disrupting the shrinkwrapped application businesses, they may be just as disruptive to current legislation.
Let’s remember back to the launch of Google’s Gmail; amidst the near universal praise for the speed of the interface (not to mention the storage size), there came a great hue and cry about one particular aspect of the application: the scanning of email. The tradeoff here was essentially pretty simple: Google believed that by offering you a slick networked email client, for free, they’d earned the right to scan your email in an effort to serve you relevant advertising. More importantly, they reminded everyone, it wasn’t humans doing the scanning but machines. Such algorithmical entities did not deserve the same scrutiny that humans would, the argument went. And you know what? By and large, people were appeased. I was, as were a large percentage of my friends and family who began switching en masse from Hotmail, Yahoo, and other free email providers to Gmail.
Whether or not that sentiment was justified or not I think has yet to be decided, but at the present time I’m not aware of any incidents proving that Google is doing anything other than what they promised. But the underlying technical concept – the utilization of traffic through the network based application – could become an issue for purveyors of Software-as-a-Service as they become more mainstream.
I was reminded of this while reading Cindy Cohn’s comments here. She said in part:
From a privacy perspective, the question of whether Google’s future lies on the desktop (client-side) or server-side is incredibly important. If information about you is stored on your own computer, it’s generally not available to others unless they are able to hack your machine or serve legal process on you. In contrast, if information about you is stored on Google’s computers, the law generally treats it as Google’s, not yours.
Now I have no intention of telling you that the sky is falling, because it is clearly not. Thousands of customers and millions of consumers are using network applications every day with no issues with respect to intrusion and/or privacy issues. But to the best of my knowledge, the points Cindy raises are indeed valid – particularly with content here in the United States, thanks in large part to the abominable Patriot Act. No, the point here is not to be alarmist, but rather to build awareness.
It’s sort of a truism that power granted is power sure to be utilized, and in the case of SaaS that could be a very troubling thing for potential customers. For those of you in that business, it might behoove you to take a look at that problem now, before it affects one of your customers and becomes tomorrow’s big privacy news story.