I’ve wanted to write a post about Google and privacy for a long time. I’m writing this post now mainly because I’ve seen discussion among non-profit organizations about whether they should use Google Apps for Nonprofits or other Google services.
This post is primarily written in response to non-profits who are thinking about using Google Apps, but the material is relevant to anyone who uses Google’s services, including universities, businesses and individuals.
Text Message Service for Activists Subpoenaed
A couple of weeks ago, I read a news item about how a text message service for activists was subpoenaed in New York City. The Government (specifically the New York City Law Department) is requesting all text messages, along with information about their senders, that took place by demonstrators during the 2004 Republican National Convention:
The subpoena, which was issued Feb. 4, instructed Mr. Hirsch, who is completing his dissertation at M.I.T., to produce a wide range of material, including all text messages sent via TXTmob during the convention, the date and time of the messages, information about people who sent and received messages, and lists of people who used the service.
I know this event makes a lot of activists angry, but at the same time I see a lot of nonprofit organizations leaning towards using Google Apps. These kinds of events make me wonder why if people are upset about the government having access to information about activists, why would non-profit organizations want to use services from Google — a company that has very serious privacy issues?
Don’t Be Evil
Google has an unofficial motto: “Don’t Be Evil”. People often say things like, “Google has not betrayed their motto, and we don’t have to worry about them yet.”
I think that most of the employees at Google are probably well-meaning people who believe in what they do, but I don’t think they are looking at the bigger picture. Google doesn’t have to specifically “do evil” to be evil – the act of collecting so much personal data on users is evil in itself.
Google’s mission statement is:
…to organize the world’s information and make it universally accessible and useful.
The idea of building something like a modern day, Internet-based Alexandria is nice, but Google has gone much farther than just becoming a library of useful information. Google has become obsessed with gathering information about its users. That is where they have gone wrong.
How Google Tracks You
Whenever you visit a Web page that contains a Google service, you leave a trail in Google’s logs. That information can be reconstructed to create a very detailed profile of who you are and what you do online.
Google’s share of search in the US is approaching 70%. Even after you leave Google’s search results page Google is often still tracking you.
Google controls almost 70% of all online advertising. Every time you visit a Web page with Google Adsense or DoubleClick advertising on it you leave your footprint in Google’s logs. If you are also logged into your Google Account you are giving them way too much data.
Every time you visit a site that tracks visitors with Google Analytics, you are leaving a detailed trail in Google’s logs.
When you visit a page with a YouTube video embedded in it, you are leaving footprints in Google’s logs. Some of Google’s services, like YouTube, use Flash cookies which remember your personal information even after you clear your browser’s privacy settings.
Google also tracks Internet users with services like Feedburner and Google Reader.
If you use Gmail, or send email to Gmail accounts, Google stores your email and has sophisticated tools to read the contents of your emails in order to serve you ads. This email reading software potentially has the capability to build a sophisticated profile about you.
Google also tracks your IM chats if you use Gmail chat or Google Talk or if you chat with someone who is using those services.
Google Checkout tracks your payments.
Google Docs stores your word processor documents, spreadsheets, school papers, presentations, etc.
Google might claim that they don’t datamine their logs for malicious purposes, but one danger is that the data will be available for a long time.
Indefinite Storage of Data
Google has over 20 years worth of Usenet postings stored—how long will Google store your data now that storage is so cheap? They claim that their logs will be “anonymized” after a certain period, but once the data is collected by Google there is nothing stopping 3rd parties (like the US Government) from tapping into Google’s data and saving it indefinitely.
Even if Google does really delete your data from their backup servers after you push the “delete” button, your non-deleted documents and mail are sitting on Google’s servers.
Secret Government Access
The US Government already has the “right” to full, secret access to Google’s data:
Patriot Act haunts Google service
The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. organizations.
Some other organizations are banning Google’s innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company
…Darren Meister, associate professor of information systems at the Richard Ivey School of Business, who specializes in how technology enhances organizational effectiveness [said,] “If I were a business manager, I would want to be very careful about what kind of data I made accessible to U.S. law enforcement.”
Using their new powers under the Patriot Act, U.S. intelligence officials can scan documents, pick out certain words and create profiles of the authors – a frightening challenge to academic freedom, Mr. Puk said.
For instance, a Lakehead researcher with a Middle Eastern name, researching anthrax or nuclear energy, might find himself denied entry to the United States without ever knowing why. “You would have no idea what they are up to with your information until, perhaps, it is too late,” Mr. Puk said. “We don’t want to be subject to laws of the Patriot Act.”
Montreal security strategist Jeffrey Posluns says Google’s software suite may suit some small businesses because cost savings are significant. But he warns that the deciding factor should be the sensitivity of the organization’s information.
It may be true that the US Government has access to everything you do online through your ISP and through other means. But if you use only one central source to store all the data about you, including everything you do online and everywhere you go (via cell phone GPS) it makes it very easy for privacy laws to be abused.
The current US Government is not bound by privacy laws and doesn’t seem to care about the 4th Amendment. If the Government already has full, secret access to Google’s data, there is nothing to stop them from making copies.
I’m not saying that the Government copies Google’s data, but this is already a government that believes that “Privacy no longer can mean anonymity” and that has already been caught illegally spying on its own citizens.
What happens when a Government has too much data about you? You might get a special visit to your home if you check the wrong book out of the library, or someone might use the data to silence you or decide that the collected data should be used to build even more comprehensive databases.
Google’s Privacy Policies
Google is known for their very bad privacy policies:
Rights group Privacy International rated the search giant as “hostile” to privacy in a report ranking web firms by how they handle personal data.
…Privacy International singled put Google at the bottom of its rankings for what the group called its “numerous deficiencies and hostilities” to privacy.
Google created a silly video that tries to counter those claims and to convince people that Google protects privacy.
The video doesn’t talk about how extensive Google’s data collection is or that data can be scraped and combined from different logs to reconstruct a lot of information about you. If you have every used a sophisticated analytics program you know how much data can be extracted from the small breadcrumbs that users leave behind when they surf the Web.
When you visit Google’s search results, Google knows which links you click on. When you leave Google.com, Google still has the ability to track you you through Google AdSense, Google Analytics, Google toolbar PageRank lookups, Feedburner scripts/images, and other services. Every time you hit Google’s logs, you leave a trail. It is too much information to give to one company.
The Big Prize
All of that data is a big prize for whoever can gain access. What happens when Google sells? Or when Google partners or merges with companies that you don’t like (e.g., Rupert Murdoch). Or the political situation turns for the worse? Or people from other countries want that information? Everything you ever did online is in Google’s servers, ready to be data-mined by people with bad intentions.
If you are a non-profit organization involved in political or environmental activism and you are using Google Apps, you have potentially just given a current or future US Government an easy backdoor to all of your data.
This post is primarily about nonprofits that use Google, but I think that even individuals should avoid Google’s services like Gmail and Google Talk whenever possible.
Google’s Creepy Obsession With Your Personal Data
Google’s interest in personal data often goes well beyond what could be considered reasonable:
Google’s Eavesdropping Technology
For example, Google has developed a software prototype that uses your computer’s microphone to listen to the sounds of your living room’s TV and serve you ads based on spying on what TV program you are watching.
Google claims that when they eavesdrop on you through your computer’s microphone that you should trust them to filter out any personal data:
“…the fingerprinting technology used in the Google prototype makes it impossible for the company to eavesdrop on other sounds in the room, such as personal conversations, according to the Google team. In the end, the researchers say, the only personal information revealed is TV-watching preferences.
If you have been following the illegal government surveillance programs in the USA, it might make you a little hesitant to trust current or future bad leaders not to use the full ability of powerful surveilleince tools:
“Power corrupts; absolute power corrupts absolutely.”
The US Government is already looking for ways to tap into social networking Web sites in order to datamine more information about you. Google’s data is more comprehensive than most social networking sites…
Google’s idea of eavesdropping on your household through your computer’s microphone is a serious proposal:
“Google research director Peter Norvig predicts that the prototype, which uses an audio identification technique invented outside Google and applied to a uniquely large database of recorded sound, will eventually evolve into a product.
Google Wants Your Hard Drive’s Data
Another example of Google’s obsession with gathering your data is Gdrive — an idea to store the entire contents of your hard drive on their servers:
Google Copies Your Hard Drive – Government Smiles in Anticipation
…”Coming on the heels of serious consumer concern about government snooping into Google’s search logs, it’s shocking that Google expects its users to now trust it with the contents of their personal computers,” said EFF [Electronic Frontier Foundation] Staff Attorney Kevin Bankston.
Google will track your location with your cell phone:
Google has a new feature to determine your physical location through your cell phone. As Google moves into cell phone software and hardware they are going to be able to log a lot of location data about you. Where were you at 11:07pm on January 18, 2011? Google may have the answer in their future logs, just based on your carrying a Google-connected cell phone around with you.
Societies are already becoming too complacent about serious privacy issues like human tracking with cell phones.
Google May Track Your Location Via Wireless
We may use information about the geographic location of the Google WiFi node through which you connect to the network to provide information relevant to that location.
Other Search Engines
Before you run off to use another search engine, consider that the other engines may be just as bad. Yahoo and Microsoft also gather huge amounts of personal information. Microsoft is particularly bad because they also have full access to your operating system. The German military considered it a serious enough problem to have banned Microsoft software.
How to Protect Yourself Against Google
I’m not saying that Google necessarily uses their data for sinister purposes — yet. I believe that people with bad intentions are hungry for Google’s data and that once the data has been collected it is a threat to privacy because of the ability to datamine it in the future.
Non-profit organizations (as well as schools, businesses, and individuals) should be very wary of Google’s services, not because Google employees are necessarily “evil”, but because the very act of collecting so much data is evil.
People often let Google get away with things that would raise serious red flags if they were done by any other company. I think it’s past time that people took a closer, more critical look at Google (as well as other search engines and social networking sites).
The next post in this series will go over some ways to protect your personal data from Google. To be notified when it is published, please subscribe to my RSS feed.
UPDATE: Part 2 is online – Google Privacy: It’s Only Getting Worse