Google & Privacy

The much knowledgeable computer hardware geek Chris has written a blog post on Google and Privacy. A subject that has taken up most of my free time for the last few weeks. A subject that I have been most inclined to write about, but never actually got down to scribble something. A subject that I have worked on for the last few years. So now that I have something to rant about, I’ll let my thoughts flow. The article discusses Google owned applications such as Gmail, Adsense and Gtalk etc more from a ‘single point of failure’ perspective than from the privacy angle. Privacy breach is not limited to someone getting into your account and stealing away your information. Privacy breach is misusing Google for google-hacks and collecting, processing and disseminating personally identifiable information without consent. Being a techie or geek helps you being safe on public networks such as Internet. It protects you from virus, trojans and known malicious activities on the Internet. It helps you filter between legitimate emails and phishing attacks. But does it help you protect your privacy to a safe limit? The answer from my experience is NO.Chris writes about popular Google owned applications but misses out on a larger problem revolving around search histories and trends maintained by the company. Like most of the other search engine companies Google also collects, aggregates and maintaines history of search done by a user. It is the polpularity of Google, and hence the magnitude of data aggregated is what is bothering most of the privacy supporters. The fact that Google puts never expiring cookies on user computers and maintains search history of each user in a personally identifiable way is something that does not bother me. What bothers me is the fact that all this is available to the law enforcement agencies with a simple warrant. From a rather famous case as highlighted by NYT a couple of years ago:

At a North Carolina strangulation-murder trial this month, prosecutors announced an unusual piece of evidence: Google searches allegedly done by the defendant that included the words “neck” and “snap.” The data were taken from the defendant’s computer, prosecutors say. But it might have come directly from Google, which – unbeknownst to many users – keeps records of every search on its site, in ways that can be traced back to individuals.

I couldn’t agree more with Daniel J. Solove in an article where he points out:

The Supreme Court has held that the Fourth Amendment does not protect against the government accessing records maintained by third parties. In United States v. Miller, 425 U.S. 435 (1976), for example, the Supreme Court held that people lack a reasonable expectation of privacy in their bank records because “[a]ll of the documents obtained, including financial statements and deposit slips, contain only information voluntarily conveyed to banks and exposed to their employees in the ordinary course of business.”

Coming back to Chris’s point, I feel Gmail, Adsense and Gtalk logs alone provide minimal threat to the user privacy. It is the aggregation of user’s information that pose a bigger threat. It is the latest Street View that provides a bigger threat. The problem is not limited to what user wants to share that can constitute identity theft attack, but also extends significantly to the unknown (to the user) information that is captured by crawlers and cameras. Google probably needs information to improve their services, but it definitely does not need all that personally identifiable information that it stores in its massive database.