The Terrifying Ways Google Is Destroying Your Privacy
In 1999, Scott McNealy, the former head of Sun MicroSystems, reportedly declared, "You have zero privacy anyway....Get over it." He unintentionally let the proverbial cat out of the bag of the digital age.
In 2009, McNealy’s assessment was confirmed by Google’s CEO, Eric Schmidt. In an interview with NBC's Mario Bartiromo, he proclaimed, "If you have something that you don't want anyone to know maybe you shouldn't be doing it in the first place." Schmidt’s words have become Google’s new mantra. Welcome to 21st-century corporate morality.
Now, a decade-plus later, McNealy’s prophetic words have take on a far more sinister significance than he probably intended. They are increasingly becoming the operating assumption of the digital corporate state. Whether going online, using a PC, smartphone, tablet or digital TV, users can no longer assume they have any privacy. In fact, users should assume they have absolutely no privacy.
McNealy's and Schmidt's words both speak to a fundamental change in the definition of privacy. Once upon a time not so long ago, a sealed letter or a personal telephone conversation was considered private, protected communications. Those days are over.
Unless you have the time or the technical know-how to encrypt your digital communications, none of what you transmit – however personal -- through a digital wireline or wireless network is “private.” Rather, through the spectacle of post-modern capitalism, the private has become public, the property of the corporation that owns your keystrokes. The digital revolution has morphed the personal into an electronic commodity; the electronic commodity is the exchange currency of an encroaching, 21st-century digital feudalism.
Two complementary forces are driving this change: short-term corporate self-interest and a self-serving security-state. The ordinary American’s traditional privacy rights are giving way to the demands of the militarized corporate state. They are determining America’s digital economy and future.
On March 1, Google introduced a new program that collects user data from its 60 services. Google stores “cookies” (i.e., code that compiles a record of an individual’s web browsing history) on a growing number of communications devices, whether a home PC, tablet, smartphone and a growing number of TV sets. These cookies track every Web site a person visits or function s/he uses.
Every time you enter a term into Google’s search engine, check out a video on YouTube, send or receive an email through Gmail (including key words in the message) or even make a call or download information on an Android-based phone, even using a third party’s phone from AT&T or Verizon, your input will be captured, stored and processed by Google. Google users can’t opt out of its data harvesting procedure; the company reports that the new procedure does not apply to Google Wallet, the Chrome browser and Google Books.
Google has been accused of hacking both Apple’s and Microsoft’s operating systems to further its data-capture practice. Jonathan Mayer, a Stanford researcher, discovered that Google could track a person’s usage of Apple’s Safari browser on an iPhone and an iPad, undercutting privacy settings. In addition, Microsoft engineers report finding that Google could bypass the privacy settings on its Internet Explorer browser. Google denies both accusations.
Google insists its data gathering practice is done for the ostensible purpose of better serving its users. It claims that by more precisely tracking a user’s inputs it can more efficiently target-market its advertising offerings. Its sophisticated artificial intelligence software enables it to “predict” individual user’s usage patterns. This is, in all likelihood, partially true as Google is estimated to control close to half of worldwide ad placements of the web.
However, Google’s long-term intentions seem more sinister. In 2010 it was revealed that Google partnered with the CIA in a venture called “Recorded Future.” Google’s vast data archive can be harnessed to meet “security” needs. This is especially troubling in light of a controversial bill being pushed through Congress, the Cyber Intelligence Sharing and Protection Act (CISPA). The act would allow sharing of data between companies like Google and the National Security Agency (NSA) to combat alleged cyber-security threats.
This gets scarier in light of a recent DC Court of Appeals ruling upholding a lower court’s decision blocking a Freedom of Information request from the Electronic Privacy Information Center. EPIC sought to determine the nature of the collaboration between the NSA and Google over Chinese hacking of the company’s site. The claims of national security are increasingly trumping a citizen’s right to know and his/her notion of privacy.
Google is not alone in data harvesting of personal – and once assumed private – information. Other high-tech companies, especially social networking sites like Facebook (with Microsoft’s Bing search engine) and Twitter, are redefining, shrinking, the country’s traditional notions of private communications. Once, not long ago, letters and phone calls were private. Today, once a user inputs a keystroke on their device of choice that is connected to the Internet, whether it be a PC, smartphone, tablet or, increasingly, TV set and accessed either through a wireline or wireless network, that data becomes a “public” commodity, owned by the private corporation that facilitates the communications.
In Europe, the issue of data harvesting of “personal” information is compounded by a growing number of cases involving anti-competitive practices. As of 2012, investigations have gone forward in at least 12 countries and at least nine countries have found Google guilty of violating various anti-trust and anti-privacy laws.
A user surrenders her/his personal or private information when s/he uses a Google-enabled or other communications device. To use these services, people are required to surrender their privacy rights to the new corporate lords of the information economy. In this process, they – we! – are becoming digital serfs.
* * *
Google was founded in 1998 and its 2011 revenues were $37.9 billion; more impressive, its market cap is approximately $200 billion. It ranks 73rd on the Fortune 500 list.
Google’s enormous wealth is derived from its breakthrough search technology and how it revolutionized the advertising business. Its patented, underlying technology, PageRank, transformed Internet search. It offers this service for “free,” and according to ComScore, it accounts for about two-thirds (66.4%) of online searches.
Its smart strategic thinking and wealth has led it to introduce an ever-growing variety of capabilities, services and products. The Google octopus ranges from its search engine to Gmail, from its digitalized library of copyrighted books to the Android OS, from YouTube to its acquisition of Motorola Mobile, and from the build-out of a 1-Gig fiber network in Kansas City to a smart, self-driving car venture.
Google is a postmodern company, on its way to becoming a 21st-century version of the legendary Standard Oil Company. It is as if, a generation ago, GM had business units in cable television, office products and first-generation computer software. Google has the potential of ending the reign of the vertically integrated company. It could become the cyber GE.
Google’s dark side surfaced in 2010 when it offered a joint proposal with Verizon to the FCC on the future of the net neutrality. The Electronic Frontier Foundation warned in no uncertain terms, “Unfortunately, … [the proposal] included some really terrible ideas. It carves out exemptions from neutrality requirements for so-called ‘unlawful’ content, for wireless services, and for very vaguely-defined ‘additional online services.’ … As many, many, many have already pointed out, these exemptions threaten to completely undermine the stated goal of neutrality.”
It must be noted that Google joined other Internet companies, most notably Wikipedia, in opposing the poorly conceived MPAA-backed anti-piracy bills; the House’s SOPA and Senate’s Protect IP Act. Most dramatically, Google blacked out its site.
* * *
Not long ago, the word “google” morphed from a noun, the name of a company, to a verb that denoted search. Now, the name for an ever-growing octopus of a company has come to signify a mounting threat to competition and online personal privacy.
Last month, the Federal Communications Commission imposed a modest $25,000 fine on the company for "delaying its [FCC’s] search for and production of responsive emails and other communications, by failing to identify employees, and by withholding verification of the completeness and accuracy of its submissions.” Congressman Ed Markey (D-MA) complained that "[t]his fine is a mere slap on the wrist for Google."
EPIC filed a suit in federal court arguing that the Federal Trade Commission (FTC) had failed to enforce an earlier Consent Order against Google to ensure personal online privacy. EPIC contended that Google’s new program to capture and integrate all the personal information it gathers from its various services, including its search engine, Gmail, YouTube and Android-based phones, is a threat to personal privacy. The DC court dismissed the suit.
In the face of these developments, Senator Richard Blumenthal (D-CT) warned that "Google's interception and collection of private wireless data potentially violates the Wiretap Act or other federal statutes, and I believe the Justice Department and state attorneys general should fully investigate this matter." In a separate matter, a U.S. federal court recently held that unencrypted wireless network communications are not exempt from the protections of the Wiretap Act. Calls for a more comprehensive investigation heated up.
Following the dismissal of EPIC’s challenge, the FTC retained Beth Wilkinson, a high-powered outside counsel, to oversee a possible anti-trust prosecution of the company. She is a former Justice Department prosecutor who played a lead role in the conviction of the Oklahoma City bomber Timothy McVeigh. She is only the second outside litigator retained by the FTC to oversee an investigation. As the New York Times wrote, “The case has the potential to be the biggest showdown between regulators and Silicon Valley since the government took on Microsoft 14 years ago.”
At the heart of the FCC’s (and likely the FTC’s) inquiry into Google is the Street View project. Begun in 2007, Street View uses digital cameras to collect and display street-level images. Unknown at the time, Google was also employing Wi-Fi receivers concealed in the Street View vehicles to capture what is known as MAC (Media Access Control) addresses and SSIDs (i.e., user-assigned network ID name) linked to the location. In addition, it intercepted and stored Wi-Fi transmission data, including email passwords and email content.
The company originally downplayed its collection activities, minimizing the scope of its data harvesting and blaming it on a rogue engineer. However, in the face of widespread protests, Google was forced to end the illegal collection of Wi-Fi information.
The standoff between the FCC and Google involved the company’s apparent violation of privacy and wiretapping provisions of the 1996 Communications Act. The FCC’s decision to give Google a pass was based on a technicality, that the Act did not cover Wi-Fi technology. Nevertheless, the FCC report revealed that Google’s data collection was not the act of a rogue engineer but likely a corporate program. It found that Google had intercepted the private communications of millions of Wi-Fi users and that it "clearly infringes on consumer privacy."
The FTC’s current inquiry into Google is not the first showdown between the two entities. In 2011, the FTC brought a suit against Google Buzz, the company’s first social networking effort, for violating its stated privacy policies and for using deceptive tactics. The FTC charged Google with using information collected from Gmail users to grow its then recently established Buzz service. Google’s settlement involved not only paying an $8.5 million fine, but agreeing to undergo regular audits of its privacy practices for the next 20 years. (Under the terms of the agreement, the FTC can fine Google up to $16,000 per violation per day.)
As the pressure mounts on Google in the U.S., a growing chorus of challenges is being raised in Europe and in other countries, including over alleged anti-trust violations, and Google’s new integrated data harvesting practice. EU Justice Commissioner Viviane Reding called it an "Orwellian surveillance apparatus," adding, "My impression is that Google has trampled European data-protection legislation.”
France's privacy watchdog CNIL determined, “Preliminary findings show that Google’s new policy fails to meet the requirements of the European Data Protection Directive (95/46/CE) regarding the information that must be provided to data subjects.” It urged a "pause" in the rollout of Google’s new data harvesting program.
Other investigations of Google’s new data-gathering practice are underway in Argentina and South Korea.