HomestoryCorporateering Campaign › Can Google Be Trusted? No: The Search Engine Must Do More To Protect Private Data

News Story

Can Google Be Trusted? No: The Search Engine Must Do More To Protect Private Data

Few doubt that Internet giant Google is succeeding in its audacious corporate mission "to organize the world's information and make it universally accessible and useful." The problem is that the mission puts Google directly at odds with our privacy rights, and Google appears unwilling to give consumers enough control.

From its beginnings as a search engine, Google has morphed into the company that dominates the Internet experience for many people as it offers applications that range from browser to e-mail to office applications to online medical records to video hosting and mobile phone operating systems. With our medical records, messages, documents, search and video viewing histories, and mobile locations stored in its servers, Google may know more about us than our spouses.
 
So much knowledge concentrated in one corporate entity prompts concerns that the personal data amassed is too easily abused. Realizing this, Google has recently implemented features that pay lip service to critics' privacy concerns but still do not provide real control of our information. That's because selling the digital dossiers the company compiles is at the heart of its business model. Compiling and analyzing this data to offer us up to advertisers is Google's $20 billion-a-year gold mine, which has driven Google stock to more than $500 a share.

You may think of Google as a technology company based in Mountain View. In actuality it's primarily an advertising business. Consumers make a Faustian bargain, often unknowingly, to provide personal information about their habits, desires and behaviors in return for Google's services. Google mines these massive digital dossiers and uses the information to sell ads, a lucrative business that accounts for 90 percent of its $20 billion annual revenue.

Operating with a Silicon Valley engineering ethos, Google doesn't seek permission; if it encounters objections it can ask forgiveness. Consider Google Books. When it decided to digitize the world's books, Google just did it, ignoring copyright law and prompting a still unsettled lawsuit. Often executives will answer privacy concerns by citing the corporate motto, "Don't be evil," insisting that all activities therefore are above criticism. "Privacy," they add, "is important to us."

But Google relentlessly gathers your digital data on an unprecedented scale. Having moved well beyond its search engine origin, Google offers new "cloud computing" applications on a provider's servers – in this case Google's – accessed via the Internet and replacing the need for applications software on your computer. And, as Google ventures into new areas such as mobile phones, the digital dossiers become even more massive.

If you use Google Apps, your word processing and spreadsheet documents are available to Google, because the information is stored at Google, not on your hard drive. Picasa shares your photographs, while Google Health allows for the sharing of your private medical records, which, as you can imagine, can open a Pandora's Box  if they fall into the wrong hands.

Even if you don't use one of Google's new cloud applications, it's virtually impossible to avoid being tracked by the company's search engine or its "advertising partners." Google hosted 65.4 percent of Web searches in October, according to comScore Inc., a marketing research company that provides marketing data and services to Internet businesses.

Google knows what you are searching for, logging each keystroke entered into your computer. Using "cookies" – small bits of computer code sent to your browser – Google also tracks you as you surf the Web. It stores the information about the sites you have visited and its advertising "partners" help it collect ever more specific data about your habits.

If you use Google e-mail, your messages are scanned and stored on Google's servers. Google's Latitude service for mobile telephones uses GPS data to track your location and Google Maps searches show where you're considering going.     

Initially, Google's ads were contextual. For instance, advertisers bought links relating to the subject of a search. Messages in Gmail were scanned and ads relating to the content of the message displayed, so, for example, an e-mail from a lover could come with an ad for companies arranging mail-order brides. Ads on Web sites served by Google relate to the content of the site.

This spring, Google began offering what it refers to as "interest-based" advertising. Using cookies, Google tracks you around the Web and serves ads based on the sites you visit. Go frequently to sites concerned about health and you may see a drug ad when you're on a sports Web site. While we can choose not to be shown ads based on our behavior, if we can follow all the clicks to the right page, we cannot opt out of being tracked.

The company frequently advocates the virtue of transparency -- except when it comes to Google. For instance, we don't know the algorithms Google uses to rank search results or why it changes them. This can have disastrous consequences for a business that suddenly finds itself listed 10 pages down in the search list when the day before it had been on the first page.

More important, we don't know what Google does with the information it collects about us. Information is power, and Google has our personal information, more of it than anybody. But when it comes to information about the Internet giant, Google is a black box.

Where is my digital dossier kept and how is it used? Since Google has data centers around the world, what laws in what countries govern access to my data in those countries? What security provisions cover it?

Google executives have begun to sense the growing concerns about their company's pervasive reach and power. They do not want government regulation. But if they are to avoid the creation of a "Do Not Track" list, analogous to the Federal Trade Commission's "Do Not Call" list, Google must offer us real control of our data.

That means consumers must be able to manage information associated with their computer's unique Internet Protocol, or IP, address, which identifies the computer to the Web. They must be able to see what data Google has accumulated on its servers, delete it if they wish or prevent Google from gathering it in the first place.

Just this month the company offered the new Google Dashboard, which it touted as offering users "transparency, choice and control" of data Google stores. But, it fails to give consumers the ability to stop being tracked and to delete information associated with their computer's IP address from Google servers.

Google should offer a simple "Make-me-anonymous" or "Don't track" button or icon that stops the company from tracking us and allows all our personal data to be deleted.

Granting users the ability to control their data might undercut the company's current business model if enough consumers opted not to share data. But Google needs some goodwill in the market now, and the truth is Google will ultimately have no choice.

The ever-present pressure for Google to grow its staggering profits and sky-high stock price will inevitably lead to further commoditization of our private information in ways Congress will not accept. That is unless the company acts now -- when its founders, whom many see as largely altruistic, are still in charge -- to give consumers real control. No more tricks, just the same simple technological approach to say no to being tracked that Google has developed to track us.
------------------

John M. Simpson is an advocate with Consumer Watchdog -- formerly the Foundation for Taxpayer and Consumer Rights -- a nonprofit based in Santa Monica.