Online Privacy: The Relentless Pursuit For Your Personal Data

Despite growing public concern, companies such as Google and Facebook continue to demonstrate an insatiable desire to gather and market our personal information to advertisers. Today, these companies are even able to manage our online identities by creating the equivalent of an ID card for the Internet.

Despite growing public concern, companies such as Google and Facebook continue to demonstrate an insatiable desire to gather and market our personal information to advertisers. Today, these companies are even able to manage our online identities by creating the equivalent of an ID card for the Internet.

Google’s ex-CEO and current executive chairman Eric Schmidt is known for making Orwellian pronouncements about his company’s ambitions. Some of his statements are so absurd they illicit reactions such as, ‘Did he really say that?’ or, ‘Surely, he must have been joking!’

But Schmidt is not known for his sense of humour. When he said: “Google’s policy is to get right up to the creepy line and not cross it”, it’s safe to assume he meant it and was unaware of the disturbing implications of his words.

Likewise, when Schmidt said: “Most people don’t want Google to answer their questions… they want Google to tell them what they should be doing next”, his messianic belief in Google’s benevolent influence on all our lives was undoubtedly sincere.

Schmidt’s statements are an open admission that Google wants to control the lives and identities of all who use the world’s most popular search engine. This ultimate goal was expressed in the most Orwellian of his ejaculations: “With your permission you give us more information about you, about your friends, and we can improve the quality of our searches… We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”

With this last assertion, Schmidt shot way over the creepy line. But in a sense he’s right about Google’s reach into our lives. There’s little doubt that Google, and its major rival, Facebook, are incredibly efficient gatherers of personal data. Even if you try to remain incognito, they track you using cookies, anonymous identifiers, web bugs and your IP address. If you use the same name and account on many different sites you assist web advertisers – of which Google is by far the biggest – to profile you and serve you the most appropriate advertisements.

“The internet has changed our notions of privacy because we are sharing data on an unprecedented scale,” said Dr Joss Wright, a researcher into internet privacy with the Oxford Internet Institute.

[quote]“A Facebook comment, or picture, spreads rapidly to the whole world and we’re not psychologically built to deal with that. The Internet is like an elephant. It never forgets.” [/quote]

To illustrate the new implications for privacy, Wright describes a scenario involving a 55-year-old company CEO who is about to meet a client for an important business meeting.

“The client Googles the CEO’s name and finds a picture of him as a 17-year-old student with a vodka in his hand and a traffic cone on his head. This changes his perception of the CEO. To prevent this, he would have to consciously delete all his photos from the web, but the transferrable nature of digital files makes this hard, especially for celebrities.”

The hypothetical situation is an example of why privacy is a contextual matter, according to Wright.

“One of my favourite definitions of privacy is ‘control over the presentation of self’. Eric Schmidt totally misunderstood this when he said, ‘if you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place’.

[quote]“But privacy is not about what you should not be doing, but more about self-presentation in a given context. I don’t want delegates at a computer science conference seeing a video of me making baby noises to my two-year child just before I give a speech. It’s not that I have anything to hide, but it’s about wanting control over my personal integrity. We have different social registers for different parts of our lives. Google wants to believe there is just one you, but I talk to my university colleagues, or kids, or parents, in different ways.” [/quote]

An even more alarming aspect to the data analysis is the capacity of computers to draw accurate inferences. “They use the information to target adverts more precisely, but the use of blind algorithms has human consequences,” said Wright. “Research has shown they can tell a person’s sexuality from consumer choices. In a case in England, a gay 17-year-old was targeted by adverts for homosexual dating sites on the family computer. His parents threw him out and he ended up homeless.”

The story is reminiscent of a recent story in the US, where the superstore Target figured out that a daughter was pregnant before her father knew. The store began sending out coupons for baby food and clothing to the family home after logging pregnancy patterns in her purchases. Clearly, a computer programme does not realise that pregnancy can be a sensitive, private issue and the girl might wish to choose her own moment to reveal her secret.

[quote]“The desire to target you with advertising is not malicious. It’s borne of commercial necessities. But when you’re not paying for the service ‘you’re not the customer you’re the product’. Facebook and Google are just giant corporations trying to sell us stuff. We use their service for free, but they are dealing in a currency we are not aware of which is our personal data,” said Wright.[/quote]

In their insatiable desire to grasp more data, Google and Facebook have repeatedly run into opposition from civil rights groups and privacy campaigners.

One of the first major cases involving Google followed the introduction of Buzz, a sharing tool for Gmail users, which automatically included their e-mail contacts in the network. It provoked widespread criticism that Google had invaded the privacy of users and failed to understand that e-mail contacts were not necessarily friends.

Google quickly changed the service so it did not automatically connect people. It later settled with the US Federal Trade Commission over charges of deceptive privacy practices related to Buzz and agreed to 20 years of audits.

But Google’s most egregious abuse of privacy came in 2010 when it launched its Street View service. In preparation for the launch, Google sent its cars around the world from 2006-2010 to photograph streets and neighbourhoods. But Google didn’t just take pictures with cameras. The vehicles were also equipped with antenna that hoovered up about 600 gigabytes of data from users of public wifi stations in 30 countries.

The data contained a huge amount of private information, including snippets of e-mails, photographs, passwords, phone numbers, medical records passwords, chat messages, postings on websites and social networks. 

At first Google insisted the data collection was an accident, then it changed tune and blamed a rogue engineer. But in 2011 it emerged that the Google engineer behind the technology had advised colleagues that internal privacy lawyers should authorise its use.

But the US Federal Communications Commission, which fined Google US$15,000 over the affair, said legal advice was never taken. Eventually, Google apologised, saying they were “acutely aware we failed badly here”, in terms of privacy protection.

“The Google Street Car episode was a perfect example of ‘system creep’, which is when technology is used for a purpose other than the original intention,” said Wright. “Google didn’t ask whether it could capture the data because it thought it wouldn’t get caught and if it did, it wouldn’t pay much of a fine.

[quote]“To stop this kind of thing happening we need much stronger regulations. Google’s biggest fine was just €100,000 in France, a drop in the ocean compared to their US$100 billion annual profit. Some of the new EU guidelines suggest taking 1 or 2 per cent of annual income as a fine, which would change their behaviour swiftly,” he said. [/quote] 

[break]

An ID Card For The Internet?

Google fought another battle with privacy campaigners when it prevented account holders on its Google+ social network from using pseudonyms. The quarrel was dubbed the ‘nymwars’, a neologism combining the words ‘pseudonym’ and ‘wars’. Google relaxed their policy after a lot of criticism, but they made it difficult to use pseudonyms. It was only possible for users with an established identity offline in the print media, or an established identity online with a meaningful following.

“It was a side step not a step forward,” said Gus Hosein, executive director of the London-based privacy campaign group Privacy International.

[quote]“We would like to see a policy that allows for multiple simultaneous identities relevant to each circle and each interaction. That’s how the real world works.”[/quote]

But the main development from Google, which was linked to the ‘nymwars’ attempt at controlling users’ identities, was the change in the company’s privacy policies in 2011. Google integrated each individual’s various Google accounts including the search engine, connections identified from Google+, preferences and interests from email and YouTube, and location from Google maps and mobile-phone operating system. This allowed them to amalgamate all their data about an individual.

 “Like the nymwars, this was all about identity management,” said Husein. “In the world of the desktop computer, your operating system doesn’t care about who you are… In essence, you are the master of your domain and can have as many identities as possible. You can even set up multiple users on your computer. Your operating system may know the links between your identities, but it really doesn’t care. But Google does care, and this is the real change that is occurring,” he said.

According to Husein, Google’s new privacy policy was an attempt to move everything off your desktop.

“Where Google is going wrong is that it wants all your identities to be merged into one single identity: you. Previously, you had a Gmail account; and separately at YouTube account, Buzz, G+. Now they want one policy and one identity to rule them all,” he said. 

Husein said Google was amalgamating data for two reasons. The first was obviously to improve advertising hit rates. But the second reason was more insidious. “Google wants to be able to provide an ID card equivalent for the Internet,” he said.

The reason, he said, was that Google was endeavouring to keep up with its main rival Facebook, which has proved far more adept at gathering information about its users. Facebook has established itself as the “identity layer” for the Internet. If someone wants to log in to a favourite newspaper’s website, they can create a username and ID, or simply use their Facebook account. Facebook becomes part of the transaction and can also know what it is you’re up to.

[quote]“Google wants some of this pie. After all, it can better know you for advertising purposes if it is involved in your interactions outside of Google’s services. Sure they know your email use, and your mobile phone usage; but they don’t quite know your wider use of the Internet on domains they do not own. But if they were part of the authentication process, they could know ever more about you,” said Husein. [/quote]

A further controversy is Google’s willingness to hand over personal data to Governments who make legal requests. In the US these demands can be made in secret so you have no chance to object.

According to Google figures, between January and June 2011, it received more than 15,700 government requests for the data of over 25,000 users. In more than 11,400 of these cases Google complied.

The US government has a successful record: 93 percent of its 5,950 data requests were obeyed. Russia (42 requests) and Turkey (73 requests), on the other hand, had no successful applications.

For those outside the US, there are almost no safeguards to prevent this. Whatever the rules in the host country, if you use services hosted in the US, and owned by US companies – such as Google – the US government can demand your data.

Facebook has also repeatedly fallen foul of civil rights campaigners. In November the Federal Trade Commission (FTC) made a settlement with Facebook over charges that the company did not keep its promises to protect users’ privacy. It required that all future changes to Facebook privacy settings and information sharing to be “opt-in” and that Facebook to undergo privacy audits for the next 20 years.

Facebook CEO Mark Zuckerberg admitted the company has made a number of missteps when dealing with user privacy. “I’m the first to admit that we’ve made a bunch of mistakes,” Zuckerberg wrote. 

Google and Facebook do provide tools to manage privacy settings. Google, for example, provides a handy Dashboard for various accounts. It’s possible to go to the Privacy tools page and opt out of tracking, or go to account settings and delete everything. Google also has an “opt out cookie” for people who want to evade its pervasive advertising system.

But, as Wright points out, hardly anyone uses these privacy settings.

[quote] “If you give the tools to people to prevent privacy invasion, very few people do. We are very bad at knowing what causes privacy risks. But when our privacy is violated we feel a visceral sense of personal invasion,” he said. [/quote]

Related: Infographic: Are You Oversharing Personal Information Online?

A psychology experiment at Cambridge University neatly illustrated this blindness to breaches of our privacy. Students were offered Mars bars in exchange for their passwords and a very high number took the treat and conceded access to their intimate personal details.

“The only way to avoid privacy violations is not to use Google or Facebook,” said Wright. “I use the www.duckduckgo.com search engine which stores no personal data and can do anonymous Google searches.”

[quote]But we really need legislation, which sets the tools to private by default. As a result, we would only share photos or information with our own friends and not to the whole world by default.”[/quote]