Yesterday, I explained why I was excited about Google getting into the browser game. Of course, no new Google venture is complete without some people taking issue with Google's privacy policies. In this case, the controversy was around Google Chrome's EULA, specifically section 11.1. Now, since everything on the Internet happens at the speed of light, Google has already changed the wording of that clause and applied it retroactively, claiming that it was all a mistake by the lawyers behind the curtain. However, this incident reminds us of just how much data Google collects, not to mention privacy issues online as a whole.
I should begin with the disclaimer that I am not a Google fanboy. I love some of Google's services--I use Gmail, although I prefer to check my mail through Mozilla Thunderbird's interface, and Google Calendar is my favourite calendar application. However, I'm perfectly willing to criticize Google. I try not to be a fanboy of anything, but if I were, I'd be a Joss Whedon fanboy. So I'm going to hijack this post to mention that the Dr. Horrible soundtrack is available for purchase on iTunes. That is all.
The Internet is transforming us into a global village as Marshall McLuhan predicted. More and more information concerning our offline personae is being stored in a digital form and then transferred all around the world, whether we know of it or not. Companies that exist primarily to gather data (like Google, a search engine company) always want more. How much are we willing to give?
When addressing the issue of privacy on the Internet, I've decided to tackle four questions. Firstly, what do we want when we yell "privacy!" on forums and blogs? It's a word, but what does it mean? Next, what criteria should we use to determine which institutions to trust with our private data? And who is to blame when that data gets leaked or shared with third parties? Lastly, let's put on our pragmatist caps and consider the reality of the Internet today: what's feasible, and what will require major paradigm shifts to accomplish?
I Have Everything to Hide
A typical retort to those who lament the loss of privacy in everyday life is, "If you aren't doing anything wrong, then you should have nothing to hide." No one's perfect though, and we all have things we want to hide. That's why most browsers, including Google Chrome, have some sort of stealth mode (or "porn mode") that doesn't record what you're doing. Everyone can have legitimate reasons for keeping secrets. The point of privacy is to present people with choice: an individual should have the choice of whether or not to reveal his or her private information, right?
But what's private to us? Well, if anonymity is your goal, then probably everything except a pseudonym, maybe your gender. The Internet is increasingly critical to offline applications, however, and anonymity is no longer always an option. Sure, it's possible to establish an ephemeral blog with no personally-identifiable information available to the public. However, the site will record your computer's IP address, which in turn can be traced back (in most cases) to you. Even if you use a public computer, you'll probably have to give an email address that could be traced back to you--you could use a fake address, but then you'd have no way of receiving legitimate communications.
As the Internet evolves, it begins connecting our offline personae with our online ones. No longer is the Internet just a network on which we push emails back and forth. Now we're uploading videos, torrenting television programs, tweeting, blogging, using Facebook--much of this relying on our own offline identities to make it relevant. When I update my Twitter status, it shows up on Facebook and on the homepage of my website. People who want to know what I am doing can look at my status.
But if one is not careful, too much information can lead to problems. Put your credit card number in the wrong form, and suddenly someone has stolen your identity. These are real problems that we as a society are going to have to solve. We have to give our private data to someone, but to whom?
Sell Your Soul For a Fiddle
How do you decide if a website is trustworthy? Friends' reviews? Newspaper articles? The number of people on the site? Which services deserve to store our private information, and which ones are untrustworthy for one reason or another?
If you have a bank account, then you probably have access to your finances online. Your bank stores massive amounts of personal information about you from your name to your credit history. What makes a bank more trustworthy than Google? Companies often try to sell themselves by promoting how much experience they've had, how long they've been around. My bank, Bank of Montreal, is Canada's oldest bank, founded in 1817. That's much older than Google, which will be celebrating its tenth birthday in three days! If age is a factor, then my bank must be a more appropriate institution to trust with my data.
Banks don't have the best track record for keeping private information private, however. It seems like every couple of months there's another article in the newspaper about one bank or another misplacing or accidentally leaking the private information of thousands of people. Whoa. When was the last time Google did that? In July there was some concern when a court ordered Google-owned YouTube to hand over some information to Viacom. YouTube's handling of the situation seems to indicate that Google has our privacy on its mind. And that makes sense. Google is a business as much as banks are, and no business wants to become notorious for disclosing private data.
So when our data does get disclosed, who is to blame? In the case of accidental leaks, the company often hits the age-old tome of excuses to produce classics like, "The postal service lost the package containing the data," or "An employee forgot to clean sensitive data off his or her thumb drive before giving it away." We are all human((Except for Stephen Harper, who is a robot)); we make mistakes.
If the court orders the company to share the information with a third party, then we blame the government. And this is an important point: even in so-called free societies, legislation exists that gives the government access to data you store with private companies. If the U.S. government demands that Google hand over some of its data, there is nothing much Google can do about it. Google's lawyers can fight the case in court, sure, but in the end, if the government wins the case, then it's not Google's fault that the government has that power. That is the price Google pays for operating in such deprived countries, much like Google's self-imposed censorship is the price it pays for operating in China.
Thanks to the networked nature of the Internet, this creates headaches for people who don't even live in the United States. Any data you send to Google's servers is going to end up at a machine located in the U.S. at some point, which makes it accessible to the U.S. government. Avoiding such an eventuality requires a great deal of effort((Time better spent drinking tea.)). So the options become just accept the inevitable or boycott Google and its ilk((Yeah, I used the word "ilk." I went there.))
Let's All Go Amish
Boycotting Google is an acceptable, if extreme, method of protecting one's privacy. However, it is impractical to boycott every possible source of privacy infringement. I suppose that one could cut up one's credit cards, debit cards, government-issued IDs, etc. There are people who do this--but they are not a majority. Most people accept that some level of compromise is required to keep up with the relentless march of technology.
Ah, now the real demon comes to light: technology is evil! Mmm ... not so much. We could destroy all of our advanced technology, but that doesn't eliminate our privacy concerns. Also, it would utterly wreck civilization as we know it--you can go ahead and claim that a more pastoral existence is the paradise humanity requires, but that's beyond the scope of this entry. The reality is, we are dependent on our technology, and that dependence comes with a price.
Be careful with your private information, of course. You're going to have to give it out eventually. Be frugal about to whom you give it out. Tools like Facebook are not inherently dangerous; it all comes down to how you use them((And how much common sense you have when accepting offers from widows of deposed Nigerian dictators.))
If you really are bothered by how society treats privacy these days, then make noise. Don't just blog ineffectually about it like I am--write a letter to your representative of government (if you live in a "democracy"), form activist groups, make T-shirts, make pies ... whatever it takes. Fight for change.
Me, I'm more worried about tethered appliances (such as the iPhone) and companies having the ability to remotely terminate products we "buy" as opposed to the data on those devices. But that's an issue for another day.