The googlization of ever.., p.11
The Googlization of Everything, page 11
Google’s privacy policy is not much help in this regard. In fact, it’s pretty much a lack-of-privacy policy. For instance, the policy outlines what Google will collect from users—a reasonable, yet significant amount: IP (Internet Protocol) addresses (numbers assigned to a computer when it logs into an Internet service provider, which indicate the provider and the user’s general location), search queries (which constitute a record of everything we care about, wonder about, or fantasize about), and information about Web browsers and preference settings (fairly trivial, but necessary to make Google work well). Google promises not to distribute this data—with two major exceptions. First, “We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf.” Second, “We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.”4
Google’s privacy policy is a pledge from the company to us. It is binding in that if the company violated its policy, a user could sue Google in the United States for deceptive trade practices (though proving deception is always a difficult burden). However, Google changes its policy often and without warning. So today’s policy—for all its strengths and weaknesses—might not be the policy tomorrow or next year. You might have engaged with Google and donated your data trail to it under the provisions of an early version of the policy, only to discover that Google changed the policy while you were not looking. The policy does pledge that “we will not reduce your rights under this Privacy Policy without your explicit consent, and we expect most such changes will be minor.” But that is cold comfort, because the policy already gives Google substantial power over the data.
If you read the privacy policy carefully, it’s clear that Google retains the right to make significant decisions about our data without regard for our interests. Google will not share information with other companies without user consent, but it asserts the right to provide such information to law enforcement or government agencies as it sees fit.
If another company were to acquire Google, the policy states, the company would inform users of the transfer of the data. But there is no promise that users would have a chance to purge their data from Google’s system in time to avoid a less scrupulous company’s acquisition of it. Although Google’s commitments to fairness and transparency are sincere and important, they are only as durable as the company. If Google’s revenues slip or its management changes significantly, all the trust we place in the company today might be eroded.
To complicate matters more, each Google service has its own privacy policy. The index page for these policies contains a series of videos that outline the terms by which Google collects and retains data. One of the videos echoes the statement that Google retains personally identifiable information for only eighteen months after acquiring it. After eighteen months, information such as IP addresses is “anonymized” so that it’s difficult to trace a search query to a particular user. However, that pledge is not made in the policy itself. Anonymization simply involves the removal of the last few digits of a user’s IP address, and many cases of anonymization by information brokers have been exposed as ineffective at untethering people’s identities from their habits.5 The “cookies” left by many websites on users’ computers contain information that could still be employed to identify a user.6
Although Google’s public pronouncements about privacy and its general privacy statement fail to explain this point, Google actually has two classes of users, and consequently two distinct levels of data accumulation and processing. The larger, general Google user population simply uses the classic blank page with the search box in the center. Such general users leave limited data trails for Google to read and build services around. The second class might be called power users: those who have registered for Google services such as Gmail, Blogger, or iGoogle. Google has much richer and more detailed dossiers on these users. In exchange for access to this information, Google rightly claims that it serves these power users better than it serves general users. They get more subtle, personalized search results and a host of valuable services.
Google does empower users to control the information the company holds about them, but not in subtle or specific ways. Google’s settings page offers a series of on-off switches that can prevent Google from placing cookies in a browser or from retaining a list of websites a user has visited. Power users can delete specific items from the list of website visits.
The default settings for all Google interfaces grant Google maximum access to information. Users must already be aware of and concerned about the amount and nature of Google’s data collection to seek out the page that offers all these choices.
Google’s data-retention policies have come under significant scrutiny, especially in Europe. Most of the changes in its privacy policies in recent years have resulted from pressure by European policy officials. The United States government has offered consumers and citizens no help in these matters. In fact, it has acted to erode privacy. In 2006, the U.S. Department of Justice issued subpoenas to collect general information from the major search-engine companies in an effort to support its unsurprising contention that Internet users often search for pornography. The department wanted to use such data—which would not have been linked to any particular user, but instead would have offered generalized, statistical information about what users like to do online—in its legal defense of a law called the Child Online Protection Act. Of the major search companies, only Google resisted the subpoena, and then not to protect its users’ privacy but to protect its trade secrets. Google’s ability to analyze search queries for patterns is its greatest strength in the market. To give up such data could reduce the company’s chief competitive advantage.7 Google prevailed, and the government abandoned its efforts to collect such information.
Understandably, Google officials have practiced responses to questions about data retention and privacy. For instance, Google vice president Marissa Mayer explained to U.S. television host Charlie Rose in early 2009: “In all cases it’s a trade-off, right, where you will give up some of your privacy in order to gain some functionality, and so we really need to make those trade-offs really clear to people, what information are we using and what’s the benefit to them, and then ultimately leave it to user choice.”8 Mayer, who is very disciplined in her answers to questions about privacy, always offers statements very close to this. But Mayer and Google in general both misunderstand privacy. Privacy is not something that can be counted, divided, or “traded.” It is not a substance or collection of data points. It’s just a word that we clumsily use to stand in for a wide array of values and practices that influence how we manage our reputations in various contexts. There is no formula for assessing it: I can’t give Google three of my privacy points in exchange for 10 percent better service. More seriously, Mayer and Google fail to acknowledge the power of default settings in a regime ostensibly based on choice.
THE IRRELEVANCE OF CHOICE
In their 2007 book Nudge: Improving Decisions about Health, Wealth, and Happiness, the economist Richard Thaler and law professor Cass Sunstein describe a concept they call “choice architecture.” Plainly put, the structure and order of the choices offered to us profoundly influence the decisions we make. So, for instance, the arrangement of foods in a school cafeteria can influence children to eat better. The positions of restrooms and break rooms can influence the creativity and communality of office staff. And, in the best-known example of how defaults can influence an ostensibly free choice, studies have demonstrated that when employer-based retirement plans in the United States required employees to opt in to them, more than 40 percent of employees either failed to enroll or contributed too little to get matching contributions from their employers. When the default was set to enroll employees automatically, while giving them an opportunity to opt out, enrollment reached 98 percent within six months. The default setting of automatic enrollment, Thaler and Sunstein explain, helped employees overcome the “inertia” caused by business, distraction, and forgetfulness.9
That choice architecture could have such an important effect on so many human behaviors without overt coercion or even elaborate incentives convinced Thaler and Sunstein that taking advantage of it can accomplish many important public-policy goals without significant cost to either the state or private firms. They call this approach “libertarian paternalism.” If a system is designed to privilege a particular choice, they observe, people will tend to choose that option more than the alternatives, even though they have an entirely free choice. “There is no such thing as a ‘neutral’ design.”10
It’s clear that Google understands the power of choice architecture. It’s in the company’s interest to set all user-preference defaults to collect the greatest quantity of usable data in the most contexts. By default, Google places a cookie in your Web browser to help the service remember who you are and what you have searched. By default, Google tracks your searches and clicks; it retains that data for a specified period and uses it to target advertisements and refine search results. Google gives us the power to switch off all these features. It even provides videos explaining how to do this.11 But unless you act to change them, the company’s default settings constitute your choices.
When Mayer and others at Google speak about the practices and policies governing their private-data collection and processing (otherwise known as privacy policies), they never discuss the power of defaults. They emphasize only the freedom and power that users have over their data. Celebrating freedom and user autonomy is one of the great rhetorical ploys of the global information economy. We are conditioned to believe that having more choices—empty though they may be—is the very essence of human freedom. But meaningful freedom implies real control over the conditions of one’s life. Merely setting up a menu with switches does not serve the interests of any but the most adept, engaged, and well-informed.
Setting the defaults to maximize the benefits for the firm and hiding the switches beneath a series of pages are irresponsible, but we should not expect any firm to behave differently. If we want a different choice architecture in complex ecosystems such as the Web, we are going to have to rely on firms’ acceding collectively to pressure from consumer groups or ask the state to regulate such defaults.
Google officials also don’t acknowledge that completely opting out of Google’s data-collection practices significantly degrades the user’s experience. For those few Google users who click through the three pages it takes to find and adjust their privacy options, the cost of opting out becomes plain. If you do not allow Google to track your moves, you get less precise results to queries that would lead you to local restaurants and shops or sites catering to your interests. Google has to guess whether a search for “jaguar” is intended to generate information about the car or the cat. But if Google understands your interests, it can save you time when you shop. It can seem like it’s almost reading your mind. In addition, full citizenship in the Googleverse includes use of functions like Gmail and posting videos on YouTube, which require registration and allow Google to amass a much richer collection of data about your interests. Moreover, exploring such options can give you a pretty clear idea of the nature of the transaction between Google and its users; but for the vast majority of users, the fate of their personal data remains a mystery.
Opting out of any Google service puts the Web user at a disadvantage in relation to other users. The more Google integrates its services, and the more interesting and essential the services that Google offers, the more important Google use is for effective commerce, self-promotion, and cultural citizenship. So the broader Google’s reach becomes—the more it Googlizes us—the more likely it is that even informed and critical Internet users will stay in the Google universe and allow Google to use their personal information. For Google, quantity yields quality. For us, resigning ourselves to the Google defaults enhances convenience, utility, and status. But at what cost?
THE PROBLEM WITH PRIVACY
Google is far from the most egregious offender in the world of personal data acquisition. Google promises (for now) not to sell your data to third parties, and it promises not to give it to agents of the state unless the agents of the state ask for it in a legal capacity. (The criteria for such requests are lax, however, and getting more lax around the world.) But Google is the master at using information in the service of revenue generation, and many of its actions and policies are illustrative of a much larger and deeper set of social and cultural problems.
In November 2007, Facebook, the social networking site most popular among university students and faculty, snuck in a surprise for its then-almost 60 million users (by 2010 it had 150 million users). With minimal warning, Facebook instituted what it called its Beacon program, which posted notes about users’ Web purchases in the personal news feeds on Facebook profiles. So if a user had purchased a gift for a friend on one of the Web commerce sites that were partners in the program, the purchase would be broadcast to all of that person’s Facebook associates—most likely including the intended recipient of the gift. Facebook ruined a few surprises, but it had a bigger surprise in store for itself: a user rebellion. Within days, more than fifty thousand Facebook users signed up for a special Facebook group protesting the Beacon service and Facebook’s decision to deny users the chance to opt out of it. The furor spread beyond Facebook. Major news media covered the story and quoted users who until then had been quite happy with Facebook but were now deeply alarmed at the inability to control Beacon or their Facebook profiles.12
This reaction caught Facebook executives by surprise. In 2006, when they had released the news feed itself as a way of letting people find out what their Facebook friends were up to, there had been a small protest. But within a few weeks, users got used to it and quieted down. Over time, users did not find news feeds too intrusive or troublesome, and they could turn off the service if they wished.
Facebook executives assumed that their users were not the sort who cared very much about personal privacy. After all, they readily posted photos from wild parties, lists of their favorite bands and books, and frank comments on others’ profiles. All the while, Facebook executives were led to believe that young people today were some sort of new species who were used to online exposure of themselves and others, immersed in the details of celebrity lives via sites like PerezHilton.com and Gawker.com, obsessed with the eccentricities of reality television show contestants, and more than happy to post videos of themselves dancing goofily on YouTube.13
Then came the great Facebook revolt of 2010. By May of that year, users had alerted each other to the various ways that Facebook had abused their trust. Where once the service had allowed easy and trustworthy management of personal information (it was simple to choose who could and could not view particular elements of one’s profile), it had slyly eliminated many of those controls. It had rendered much personal information openly available by default and made privacy settings absurdly complicated to navigate and change. In addition, Facebook suffered some serious security lapses in early 2010. Soon a movement was born to urge friends to quit Facebook in protest. There is no way to tell how many people actually did quit, largely because Facebook would never release that number; moreover, completely deleting an account is very difficult. Facebook membership continued to grow worldwide throughout 2010, as did disgruntlement. Fundamentally, Facebook had become too valuable to people’s lives to allow them to quit. The value, however, is in its membership, not in its platform. Facebook was only slightly chastened by the public anger.14
The cultural journalist Emily Nussbaum, writing in New York magazine in February 2007, stitched together some anecdotes about young people who have no qualms about baring their body parts and secrets on LiveJournal or YouTube. “Younger people, one could point out, are the only ones for whom it seems to have sunk in that the idea of a truly private life is already an illusion,” Nussbaum wrote. “Every street in New York has a surveillance camera. Each time you swipe your debit card at Duane Reade or use your MetroCard, that transaction is tracked. Your employer owns your e-mails. The NSA owns your phone calls. Your life is being lived in public whether you choose to acknowledge it or not. So it may be time to consider the possibility that young people who behave as if privacy doesn’t exist are actually the sane people, not the insane ones.”15
Yet if young people don’t care about privacy, why do they react angrily when Facebook broadcasts their purchases to hundreds of acquaintances? In fact, a study conducted by Eszter Hargittai of Northwestern University and danah boyd of Microsoft research demonstrated that young people in America have higher levels of awareness and concern about online privacy than older Americans do.16 But still, isn’t privacy a quaint notion in this era in which Google and Amazon—not to mention MI5, the U.S. National Security Agency, and the FBI—have substantial and detailed dossiers on all of us? Despite frequent warnings from nervous watchdogs and almost weekly stories about massive data leaks from Visa or AOL, we keep searching on Google, buying from Amazon, clicking through user agreements and “privacy” policies (that rarely if ever actually protect privacy), and voting for leaders who gladly empower the government to spy on us.
