| |
| META TOPICPARENT | name="FirstPaper" |
|---|
| |
<
< | The Expanding Bounds of Identifiability | >
> | Google knows roughly who you are, roughly what you care about, roughly who your friends are. What else will it know? | | | | |
>
> | The Infrastructure | | | | |
<
< | The Tools | >
> | We tell our search engines things that we would never tell our closest friends, assuming that we are cloaked in the web’s anonymity. With Google’s expanding ability to collect, keep, and analyze data, this asset may be evaporating. Google’s new privacy policy applies uniformly to products like Gmail, Calendar, and Google search. On its face, the unification promotes transparency by limiting the number of privacy policies that Google users must review to inform themselves of the rules to which they are subjected. However, the new policy also allows the services to share user data with each other. This creates a communal pool of user data that can be used to personalize the user’s experience, but also to identify the user’s interests, concerns, and true identity (if the last of these has not already been explicitly provided to Gmail during the sign-up process).
Google’s ability to collect this data is based on the array of services it provides, free of charge, to its users. It is a central hub to which millions users connect like so many spokes, seeking to reach out to each other via Gmail or Google Docs (which require an account to access), or to sort through information using Google search (which does not require an account to access, though the pull of improved personalized results may encourage users to log in). In exchange for these services, millions of users are willing to forfeit their control over the flow of their data, and allow Google to act as a centralized data repository. Because the services can now share data with each other under the new privacy policy, a rich tapestry of each user’s activity can be created and stored on Google’s servers. | | | | |
<
< | On 3/1/2012, Google’s new privacy policy went into effect. This policy will apply uniformly to Google products like GMail, Calendar and Google Search, and will unify the 70+ policies that currently govern data sharing in the individual products. Google claims this change will create a more optimized, individually tailored internet experience. On its face, the unification promotes transparency by limiting the number of policies which Google users must review to inform themselves of the rules to which they are subjected. However, the new policy also allows communication between the products such that a user’s actions while using one product can be reflected in the user’s experience of other products. For example, watching a video tour of a law school on YouTube may result in a Phoenix Law advertisement above the user’s GMail inbox. While this seemingly innocuous feature could marginally improve the user’s experience, it also gives rise to a problem increasingly characteristic of online services. | >
> | The Problem | | | | |
<
< | Individually, Google’s services can only collect a limited amount of data by which those who have access to the server log can identify the user. When the services begin to share such data, the users’ unique combinations of activity make them more identifiable. | >
> | The rate and direction of technological development make it difficult to predict what voluntarily provided data could be used for in the future. Users may expect the online information they provide to be divorced from their flesh and blood, but that is no longer the case. Being stupid with information on Facebook can now get teachers and fired. In a telling statement about how Google may treat the data it collects, then-CEO Eric Schmidt quipped, “if you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.” This is a troubling proposition for those of us who have cruised web pages out of sheer curiosity, and now have to worry about how that search history could be interpreted, and what the consequences could be. In 2009, searching “airport security” or “homemade plastic” on Google could land you on a terrorist watch list.
Landing on government watch lists was the result of using one Google service incautiously. With the synergistic effect of data sharing between services, the data users produce could become even more dangerous in the future. Consider the potential uses of this data if an insurance company were able to get its hands on it. If a user has been searching “cancer symptoms” and purchasing painkillers or energy supplements through Google’s one-click Checkout service, the insurance company may promptly raise the user’s insurance rates. Google Checkout, after all, requires an account, which requests real-name identification. I admit that this is purely hypothetical, and perhaps Google is not so invidious. However, it is worth asking—what does the information that I provide to Google say about me? | | | | |
<
< | This is technical
nonsense. Many of these services require signing in, and the new
privacy policy specifically covers sharing data among these services
only when the user is signed in. So there is no identifiability
question involved at all. | >
> | The Solution The Questions | | | | |
<
< | Beyond making them identifiable, these users also create a rich pattern of behavior from which anyone who has access to the server logs can create a predictive algorithm for that user’s future actions. Services like Facebook, whose superficial purpose is social networking, make no effort to hide the fact that the service will collect user information and make predictions about the user’s desires and future activities. Google’s policy, however, states that they may share “non-personally identifiable information” publicly and with its partners.
A non-sequitur.
However, as Google intertwines its available information, and as people’s Facebook surging amounts of site activity provides more data to Facebook’s servers, there is a growing pool of user information that can predict the user’s characteristics to a mind-boggling extent. Even those who only have access to the publicly listed information on Facebook are able to extract unlisted information. A group of MIT students in 2009 designed an algorithm that predicted a male user’s unlisted sexual orientation based on his Facebook profile. While they had obvious problems in confirming their algorithm’s results, the program correctly identified 10 out of 10 users’ sexualities of which the students had independent verification. With the amount of information that users currently provide to Google, the predictive algorithms that Google could create have the potential to deduce much more about the user than the user ever intended to reveal.
So it would be correct
to say that the changes at Google were designed to make Google's
treatment of user data derived from its services more unitary, like
Facebook's. You could just have said that, without additions of
dubious accuracy. And Google does not require "real name"
identification, unlike Facebook, which you don't
mention.
The Legal Barriers
This type of subtle invasion of privacy is one the law will have trouble curbing. If we take Cohen’s functional approach to legal decisions and ask what such a law would have to do, we run into several problems. Much of the information provided to the servers of these sites is useless in its individual bytes, so there is no individual characteristic that can be withheld to deplete the power of these invasive mechanisms. Further, almost every invasive mechanism confers a corresponding perceived benefit: Google’s Docs and Calendar features grant the servers access to the user’s whereabouts and interests, but they also allow the user to access his schedule and documents instantaneously from any terminal of the user’s choice. Facebook’s “Check-In” feature allows the servers to track users’ whereabouts and tastes in products, if the check-in location is a store or restaurant; however, this feature also allows users to meet when they find themselves in the same vicinity. Because the loss of privacy is not always manifested, many users may be unwilling to forfeit the benefits until the consequences hit home.
This is all waste
motion, complexity without purpose. The reason the law "will have
trouble curbing" this activity is that people voluntarily agree to
provide their information in return for the services they receive.
Regulatory intervention therefore requires a showing that people
should not be allowed to make the arrangements they evidently
presently choose to make. This is, and should be, difficult.
Freedom to exchange information is strongly protected against
government intervention by an object called the First Amendment.
This issue will be troublesome for the courts because it is not susceptible to a beloved bright-line rule. The extent to which privacy is invaded is the extent to which user information is impermissibly used to intrude on the user’s persona and communications. This in turn varies directly with the capacity and creativity of the intruder to deduce a greater whole from the sum of the data the user sends to the server. Thus, the question for the court becomes whether the data is being used in an impermissible way beyond the purposes for which the user voluntarily provided it. This will in turn give rise to problems of transcendental nonsense, as questions such as “voluntariness” and “permissibility” could fall prey to purely legal operational definitions.
Lastly, there is a practical problem against which the courts will clash in attempting to resolve such problems through legal channels. One of Holmes’ statements about the law describes it as a habit; the rules of our fathers and neighbors will carry forth by momentum. It takes a gradual chipping away of the existing understanding of privacy to effect a change that recognizes such a right on the internet, a place without a physical location in which that right can be violated. The law is not a speedy tool of change. Only in 2010 did the federal legal system acknowledge a right to privacy in private e-mail, ruling in US v. Warshak that the government must obtain a search warrant before seizing such e-mail. Even then, the court acknowledged this right based on the similarities between e-mail and traditional mail. If the right to privacy that is being violated by the data-gathering social tools of the 21st century is to be recognized at law, it will likely have to be analogized to another, established, right to privacy. This is particularly difficult due to the quickly evolving nature of technology and social tools; the rights they violate may not resemble any particular set of established rights for a long enough period of time for a law to protect them. Perhaps the efficient solution is technological rather than legal, but until some safeguard is implemented, the servers will continue to hone their predictive powers unchecked.
I teach a course or two
on this subject, which you might find it interesting to take. The
present analysis is blowsy, repetitive, occasionally inaccurate, and
out of touch with the arguments on the other side. The problem you
are writing about is real, and I spend more than a little bit of my
professional time working on it. But if you're going either to
understand it or do something about it, you need to back up and
consider the nature of the objections posed at each of your key
points, both in order to learn about the parts of the problem you
don't yet fully understand, and in order to deal more effectively
with the real legal issues, which have less to do with Cohen or
Holmes than you seem to think. | | | \ No newline at end of file | |
>
> | People’s voluntary provision of data is protected by the First Amendment freedom to exchange information. If a user wants to use a Google service, the price is the bit of information that Google then knows about that user. As long as this is voluntary, any sort of government regulation on the exchange is likely to face stern backlash on constitutional grounds. These include such solutions as “Do Not Track” options, much like the “Do Not Call” lists for telemarketers. In the case of the telemarketers, however, the element of initial positive voluntariness on the part of the user was lacking.
The European Union has proposed, among other things, a right to be forgotten. This would allow people to have their data deleted if there is no legitimate ground for retaining it. This puts some power back in the hands back in users who have already provided data to the repository, but with a principle as fluid as “legitimate ground,” Google is likely to retain most of its data, justified by the promise of an improved user experience. This could one day evolve into a reasonably successful solution, but it will require the articulation of a standard that punishes only impermissible use of voluntarily provided data. This is a question with no simple answer: at what point does the voluntarily provided data become impermissibly used? What property rights are there in data that voluntarily dropped into a depository, even if the user did not know it?
By the time users get their insurance raised for Googling “breathing problems,” it will be too late to prevent the abuse of user-provided data. But a successful solution cannot prevent Google from functioning—the exchange of information is critical in our society, and the concept of restricting it in order to protect the user is unsettlingly Orwellian. Currently, searching symptoms on Google can even be empowering to patients who can then walk into a doctor’s office feeling better informed about their condition. A solution that begins to make any progress will have to be one that prevents the flow of information from being used against the users who create it. Is this possible to do, without shutting down the search and sharing services we treasure? And in a disparate, disconnected group of users, where will we get the unified political will? |
|