Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2020
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Notes of 11 February 2010
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2010
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/II/GB-100211.html
Google announced the Buzz service in early February 2010. I'd had no prior warning about it, until receiving a call from the media.
I've done an amount of work over the years on enhancements to email. It's highly desirable that we be able to coordinate our various asynchronous communications (snail-mail, email, voice-mail) and synchronous communications (voice-conversations, chat/IM).
(Integration would be nice, but that's a pipe-dream for years to come. Too few of the tools we use are standardised, and too many are highly competitive. Every supplier thinks that they can be 'the first-mover that wins', and hence every supplier views formats and protocols as competitive weapons not as common infrastructure).
Google is doing, as usual, some interesting innovating. Wave may be a bit too vague, and any substantial deployment may be some time away. In the meantime, Buzz is trying to make one.
The initial reactions below relate solely to the privacy aspects of the product. One reason for that limitation is that that's what the reporter asked me about. But another is that Google has an extremely bad record in the privacy aspects of their products. And Buzz leverages off existing services, and vast holdings of personal data. So it's important that Google gets it right - important to Google's users, and important to Google itself.
My first, quick reactions below are based on a fairly cursory scan, using time snatched from other tasks. The comments have to be fairly cursory anyway, for the following reasons:
The two sources I've relied upon were:
Personal data about gmail subscribers has been re-purposed. Specifically, each gmail subscriber's associations with 'other people' are being disclosed to other 'other people'. This has been done without formal notice to them, and without their consent.
If so, those weasel-words abjectly fail crucial characteristics of consent, which are that it be informed, and freely-given. Despite long-running attempts by US corporations and the US FTC on their behalf, 'opt-out' is not consent, and can never be consent.
The actions taken are quite possibly illegal use and disclosure of personal data without consent.
The move is also amazingly naive for a corporation that professes to "know a lot about you". (Although perhaps ignorance about privacy is a corporate strategy. Google's CEO Eric Schmidt recently nailed his colours to the wall, joining Sun's Scott McNeely in the tiny club of people silly enough to say that 'privacy's dead' - "If you have something that you don't want [Google and its customers] to know, maybe you shouldn't be doing it in the first place").
The fact is: people don't have a single identity. And they don't have a single network of contacts. They have multiple identities, and they have different sets of contact networks associated with each of them. For many people, Buzz as it currently stands is an unhelpful jumbling of networks. For others, it's an intrusion. For yet others, it's downright threatening.
Buzz displays some personal data about each subscriber, to other subscribers. This is a new function, and it's been created without notice, and the disclosures have been made without consent. Clarification is needed as to what the reasonable expectation of users was in relation to the personal data in that profile, prior to this action.
If there were previously constraints on access to that personal data, and the additional exposure is material, and the additional exposure was not reasonably anticipated by the subscriber, then Google is likely to be in breach of privacy laws relating to use and disclosure.
Many people are caught up in Google's massive archive, without subscribing. This arises because the Google archive captures all of these things:
In all but case 1, Google has collected, stored, used and in part disclosed, the non-gmail subscriber's messages without their consent.
I'm unclear from what I've read so far whether non-gmail subscribers are caught up in Buzz.
The Google-AU blog says "you're automatically following the people you email and chat with the most", which suggests that non-gmail subscribers are included in the pool (unless of course Google-AU thinks that people from outside Google's walled garden aren't 'people', for this purpose at least).
Hence ... depending on Google's algorithms and data-holdings, it seems possible that non-gmail subscribers may be imputed as 'friends' to gmail-subscribers.
Each gmail-subscriber's contact network is visible to more than just the individual subscriber, so the fact that a particular non-gmail subscriber has significant traffic with a particular gmail-subscriber would be disclosed to (many) other parties.
If my speculation in this section is correct, then Google is committing an even more serious breach of public expectations, and probably data protection laws, than it is in respect of gmail-subscribers. And note that even the 'opt-out' facility appears to have been provided to gmail-subscribers, but not non-gmail subscribers.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Department of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 60 million in early 2019.
Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 11 February 2010 - Last Amended: 11 February 2010 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/II/GB-100211.html