Why Google won’t do evil

by on September 12, 2008 · 16 comments

In response to Adam and Berin’s excellent introduction to their Googlephobia series, invaluable TLF commenter Richard Bennett succinctly sums up the rap on Google.

There’s no denying that Google has the capacity to do some pretty heinous things with all the sensitive data stored on its servers. But the relevant question isn’t whether Google could do evil, but whether it realistically will. What incentive is there for Google to do anything but keep private data as secure as humanly possible? Sure, Google could earn a nice chunk of change if it were to sell user search queries to the highest bidder. But why would Google put its entire business on the line for a comparatively insignificant short-term gain?

A major privacy breach is Google’s nightmare scenario. If anything happened to cause users to lose trust in Google, they’d go someplace else for email and search. Advertisers would follow suit, causing Google’s stock price to plummet. Google might never be able to recover from a severe privacy fiasco. Obviously, Google is well aware of its vulnerabilities on privacy, which is why Google has incredibly strong safeguards to ensure that sensitive data can’t be uncovered by a rogue product manager with an itchy trigger finger.

Then there’s the liability issue. The multi-billion dollar lawsuits that would ensue were Google to suffer a data breach or an internal leak would deal a serious financial blow to the company, especially because Google’s privacy policy is more than just a comforting statement—it’s legally binding.

We go about our lives everyday with the ever-present risk that companies that we do business with could, in theory, give out our personal details. Comcast could sell its subscribers’ web browsing histories. Bank of America could offer individual financial records for a small fee. AT&T could put its wireless subscribers’ GPS locations online for all to see. But like Google, all of these firms have an overwhelming incentive to not do “bad” things with personal data.

Many users are comfortable enough with Google to use its services frequently without even masking their IP address. And those users who are worried about the small chance that Google might fumble on privacy already have plenty of safeguards that have been discussed in great depth here on TLF. Even if you want to use Google’s services, there are several methods to prevent Google from being able to identify you.

Ultimately, the threat to privacy posed by Google is far less worrisome than the risk of government agencies or hackers doing evil things with our personal information. We should remain vigilant, and call out Google when its practices result in unecessary privacy risks. The growing anti-Google hysteria, however, is seriously overblown.

  • http://zgp.org/~dmarti/ Don Marti

    Online privacy is potentially a “Superfund” problem. If example.com is a corporation that earns $1 million per year, has a market cap of $20 million, and has a 1% chance of an toxic leak that will cost its neighbors $1 billion, it's rational for the company's owners to keep operating it. The expected annual loss from a leak is only $200,000.

  • Ben Finney

    > There’s no denying that Google has the capacity to do some pretty heinous things with all the sensitive data stored on its servers.

    Okay, so we agree that all Google now needs is motivation to do evil; or, phrased differently, lack of motivation to behave virtuously.

    > But the relevant question isn’t whether Google could do evil, but whether it realistically will.

    Since the information they gather is theirs forever — the users certainly have no practical control over it once it's granted to Google — that “will” becomes “will, ever, at any point in the future”.

    > What incentive is there for Google to do anything but keep private data as secure as humanly possible?

    Here you make the fallacy of assuming that Google's *current* model is sufficient guarantee that they will *forever* have incentive to be virtuous with the data we give them every day over time.

    The correct question is: How likely is it that Google's model, leadership, or shareholder pressures, forever into the future, will always be sufficient to constrain Google to act virtuously with the data gathered on all parties that interact with them over their entire history?

  • Ryan Radia

    Google doesn't keep its users' data forever. It anonymizes search logs after 9 months, and if you have a Gmail account, when you hit “Delete” that data will be completely wiped off Google's servers and its backups within a matter of months.

    And it's not eve necessary for Google to care about behaving “virtuously.” To do anything but safeguard privacy would be suicidal, even if Google's business model were to change down the line. Google can't change it privacy policies to the detriment of its users without their explicit permission.

    There are privacy risks to using Google's services, as there are with using any company's services where that company will have possession of personal info. With respect to Google, I think these risks are fairly trivial, but different people have different levels of risk aversion. Fortunately, nobody has to use Google–you don't even have to give Google your IP address to use it search engine (A topic I will be discussing in greater detail soon).

  • Ryan Radia

    Google doesn't keep its users' data forever. It anonymizes search logs after 9 months, and if you have a Gmail account, when you hit “Delete” that data will be completely wiped off Google's servers and its backups within a matter of months.

    And it's not eve necessary for Google to care about behaving “virtuously.” To do anything but safeguard privacy would be suicidal, even if Google's business model were to change down the line. Google can't change it privacy policies to the detriment of its users without their explicit permission.

    There are privacy risks to using Google's services, as there are with using any company's services where that company will have possession of personal info. With respect to Google, I think these risks are fairly trivial, but different people have different levels of risk aversion. Fortunately, nobody has to use Google–you don't even have to give Google your IP address to use it search engine (A topic I will be discussing in greater detail soon).

  • justin case

    There's more than one way to be evil. Google's forays into the world of online content (e.g. knol, YouTube) puts their might, and their pagerank 10 domain directly in competition with other online content companies, many of whom monetize via Adsense. While the current team at Google does a great job, I think there is a valid concern that at some point in time they will be tempted by the financial incentive to place their own properties higher in the search results than they otherwise deserve.

  • Frank

    I love Radia's effort to distinguish between big, bad government, and nice, gentle private corporations. That really worked in the NSA wiretap scenario–those big companies went toe-to-toe with big gov't to obey the law and keep user data secret. Not.

    Read the Cory Doctorow story, Scroogled. You give zero reassurance that the scenario he describes can't happen here:

    http://www.radaronline.com/from-the-magazine/20

    It's absurd to assume that big companies that gather massive amounts of data won't simply give it up to the government secretly–as all the big telecoms did….except Qwest, which was then promptly denied government contracts.

    The libertarian belief that big gov't and big business are totally separate entities can sometimes approach the delusional. You're coming asymptotically close.

  • Ryan Radia

    When Google was asked by the Justice Department to provide a
    list of user search queries, <a
    href=”http://www.npr.org/templates/story/story.php?storyId=5165530″>Google said
    no–unlike several other search providers. In fact, Google went to court, <a
    href=”http://www.foxnews.com/story/0,2933,188292,00.html”>ultimately prevailing
    against the DoJ.

    Under its <a
    href=”http://www.boston.com/bostonglobe/ideas/articles/2008/06/22/stopping_google/”>legally
    binding privacy policy, Google cannot blindly comply with government data
    requests. Google has the right to hand over personal information only when
    there is a legally binding court order. Google also examines subpoenas to
    ensure they are not overly broad, and is even <a
    href=”http://www.guardian.co.uk/media/2008/jul/15/googlethemedia.digitalmedia”>willing
    to negotiate agreements to protect user data when litigation puts privacy
    at risk. Unlike the telecoms, which are permitted by <a
    href=”http://www4.law.cornell.edu/uscode/18/2511.html”>federal law to engage
    in warrantless wiretapping if they receive certification from the U.S. Attorney
    General, Google has no back door that allows it to violate users' privacy. If worst
    comes to worst, and Google abrogates its privacy policy, users are entitled to seek
    recourse in court.

    Of course, Congress could always grant immunity, <a
    href=”http://government.zdnet.com/?p=3885″>just as it did for the telcos when
    they allowed the NSA to <a
    href=”http://arstechnica.com/news.ars/post/20060412-6585.html”>monitor customers’
    phone calls and transmissions. But if Congress and the executive branch are
    ultimately responsible for violating our privacy, it makes little sense to
    focus the blame on the Googles of the world.

    What we need is a government that doesn’t trample over
    Constitutional protections and a Congress that checks executive power as the
    framers envisioned. Then we wouldn’t have to worry about our search provider
    being pressured to hand over our private data. No federal agency should be
    above the law, and consumers deserve the right to sue whenever a firm breaks its
    contractual obligations.

    Libertarians—at least those who post here on TLF—are fully aware
    of the troubling privacy violations that have been perpetrated by government when
    it works in collusion with private businesses. Yet the root of the problem isn’t
    that some companies have our personal data, but that government has the power
    to compel the production of this data with nothing more than a subpoena—and sometimes
    even less.

    Jim Harper has written <a
    href=”http://techliberation.com/2008/06/06/orin-kerr-not-an-empty-vessel-and-not-responsive-to-my-point/”>numerous
    <a
    href=”http://techliberation.com/2008/05/30/kerr-defends-the-third-party-doctrine/”>blog
    <a
    href=”http://techliberation.com/2008/07/25/reforming-fourth-amendment-privacy-doctrine/”>posts
    and a law
    review article
    against the Third-Party Doctrine, which holds that
    individuals have no reasonable expectation of privacy over personal information
    that has entered into the possession of a third party. And TLFers including
    Adam Thierer and Berin Szoka have discussed in great detail <a
    href=”http://techliberation.com/2008/09/05/privacy-solutions-series-part-1-introduction/”>privacy-enhancing
    technologies that empower users to browse the Web anonymously. So I think it’s
    hardly reasonable to state that libertarians are “delusional” when it comes to
    the relationship between private companies and government.

  • burdickrobert

    There is another link under the category of personal finance but it has nothing to do with finance. If you have difficulties in making payment, you can click the link named wachoviabank.com. You will have an expert helping you to fix your problems and you don’t have to go out of your home to get the service. What you need to do is to choose a button between the two “call us today” and “we’ll call you”. Don’t you think this service shows the attentiveness and consideration of the Wachovia? It’s really good in my opinion.

  • Pingback: no no hair removal carls jr commercial 2013

  • Pingback: total war rome 2 free download

  • Pingback: quality seo services

  • Pingback: garcinia cambogia, about garcinia cambogia, all natural garcinia cambogia, all natural garcinia cambogia extract, all natural weight loss, all natural weight loss supplement, amazon garcinia cambogia extract, amazon garcinia cambogia extract pure, appetit

  • Pingback: Jurk Sale

  • Pingback: premier league fixtures

  • Pingback: url

  • Pingback: AMC Intro Video

Previous post:

Next post: