Friday, July 24, 2009

Google and Privacy

The Electronic Frontier Foundation has some concerns regarding Google's privacy stance especially with respect to the Book Settlement agreement. EFF suggests that Google's ability to track everything a consumer looks at and reads combined with all the other services that Google provider could lead to Google collating a 'digital dossier' on every user. Perhaps hyperbolic but nevertheless they have listed a number of specific remedies (Link):
  • Protect your reading records from government and third party fishing expeditions by responding only to properly-issued warrants and court orders, and by letting you know if someone has demanded access to information Google has collected about you.
  • Make sure that you can still browse and read anonymously by not forcing you to register or give personal information and by deleting any logging information for all services after a maximum of 30 days.
  • Separate data related to Google Book Search from any other information the company collects about you, unless you give it express permission.
  • Give you the ability to edit and delete any information collected about you, transfer books from one account to another without tracking, and hide your "bookshelves" or other reading lists from others with access to your computer.
  • Keep Google Book Search information private from third parties like credit card processors, book publishers, and advertisers.
EFF also suggest concerned readers email Google's CEO Eric Schmidt directly to voice their concerns.

Google has also reacted to privacy concerns - whether directly to EFF or coincidental is unclear - with the following blog post from Dan Clancy on their public policy blog:
Recently, we've heard questions about our agreement and what it will mean for user privacy. Privacy is important to us, and we know it's important to our users, too. We have a strong privacy policy in place now for Google Books and for all Google products. But our settlement agreement hasn't yet been approved by the court, and the services authorized by the agreement haven't been built or even designed yet. That means it's very difficult (if not impossible) to draft a detailed privacy policy. While we know that our eventual product will build in privacy protections -- like always giving users clear information about privacy, and choices about what if any data they share when they use our services -- we don't yet know exactly how this all will work. We do know that whatever we ultimately build will protect readers' privacy rights, upholding the standards set long ago by booksellers and by the libraries whose collections are being opened to the public through this settlement.
On the Google Books blog they are slightly more expansive with a series of question and answers regarding the Books program and their privacy policies (Link):
Important principles from our Google Privacy Policy would apply to this service, as with every Google service. For example, we will never sell personal information about our users. In fact, we will never share individual users' information at all unless the user tells us to, or in some very unusual circumstances like life-threatening emergencies. The Book Rights Registry created under the settlement won't have access to users' personal information, either.

Users will also have choices about the kinds of information that Google receives when they use the service. Most of the new ways of reading books online that the settlement makes possible will not require any kind of registration or account with Google. For example, people who use institutional subscriptions, such as students at subscribing schools, will not have to register with Google to read the millions of books available through the subscription. They only need to confirm their identity to the school’s system – not ours. And of course, regular users of Google Books do not need to set up an account to get the benefits of the settlement. They will be able to see much larger portions of books – often 20% of the book, instead of the current three short snippets – without having an account or giving personal information to Google.
As fellow traveler Adam Hodgkin suggests, "if Google becomes the predominant reading platform for digital editions these will be crucial issues". Reading a book is a personal intellectual exercise and disconnected, in fact and in the mind of the reader, from all externalities; because of this perception, translating the reading experience to an online environment probably does not immediately conjure up concerns over privacy in the minds of the average reader. In other words, most people because all their prior reading experience has been "private' do not immediately understand that it may now be 'public'. Reading may have to carry a public warning. Maybe I'm in agreement with EFF's hyperbole.

1 comment:

Marion Gropen said...

IANAL, but I suspect you'll find that deleting logs before several years have passed is against some sort of compliance law.

And I also suspect that informing the targets of a few types of court ordered searches that the warrants have been executed is also against the law.
Other than that, nice post.