May 25, 2010
Dear Mr Schmidt,
Please accept all my sympathy in your relentless and misunderstood efforts to enforce our personal data rights. People are so fickle and ungrateful. Only a few months ago you were greeted as a savior as you courageously stood up to the Chinese government and left China rather than to submit to its censors. Now public opinion is turning against you even as you refuse to hand over our personal data to "German data protection officials", as Kevin J. O'Brien reports (*). They know not what they do. You are our last defense against the shades of the Stasi.
Your own admission of having "inadvertently collected 600 gigabytes of data from unsecured Wi-Fi networks around the world" does not help. Uninformed people may think this is a lot but today one can walk out of the door unnoticed with 600 GB hidden in one's pockets. How bulky are twenty USB sticks (1)? Has anyone a clue on how much personal data Google is managing within Gmail alone?
Your public relation point man was quick to rephrase this as he declared Google "had collected snippets of activity on the WiFi networks" to Joseph Menn, Daniel Schäfer and Tim Bradshaw (**). How dangerous can be mere snippets? Although come to think of it, this very same word is used for what each Google search result brings up, apparently enough to cause big trouble. Haven't German newspapers filed an antitrust complaint against Google for stealing "article snippets" from them (2)? And didn't Dan Wallach show local snippets to be behind a security issue back in 2004 (3)?
Remember by the way to thank the British regulator. According to Kevin J. O'Brien again (***), "given that Google's recording equipment had changed frequency channels every five seconds, [he] said, it was unlikely that extensive information on individuals had been collected". But make sure this guy never get close to the NASDAQ lest Google shares suddenly fall to a cent a piece. He seems to ignore computers work faster than human beings and can easily deliver 5 MB of information in those 5 seconds (4).
No matter how much was collected on each one of us, you were right to move quickly and "destroy[...] all Wi-Fi data relating to collection in Ireland", as relayed by Maija Palmer and Tim Bradshaw (****). This Irish commissioner must imagine it is easier to eliminate data than firearms. You would think of course he knew more about weapon decommissioning. I can hear you chuckling at the thought those R&D engineers of yours who are bent on data mining have their own personal copy by now. Can it be otherwise short of requiring your employees submit to a strip search each time they leave work? They did not join Google for this type of search.
Unfortunately not every data protection official is as pliable. "In Hamburg, prosecutors opened [a] criminal investigation". Visibly they do not realize that a move by German state officials will be interpreted as one more heavy-handed money saving measure. Why pay millions to informers to track down tax evasion if one can threaten Google into handing over a treasure trove of confidential information for free?
Besides Germany, officials "in Spain, France and the Czech Republic" are all ganging against you, claiming to enforce European privacy laws. How hypocritical! The truth is government surveillance brooks no limits in trampling on our privacy, whether to defend us against terrorism or do the bidding of old media companies. Fortunately you promise "to do more to educate users about privacy concerns", as Maija Palmer duly noted (*****). Why not extend to Europe the mission of your front, the Digital Due Process Coalition, against governmental privacy violations?
Still I admire your fairness in spite of the abuse. It pays. Notice how Peter Schaar, member of the Article 29 Working Party, jumped to your defense and wrote "everything was a simple oversight, a software error. [...] The data was collected and stored against the will of the project's managers and other managers at Google". He got it right and Kevin O'Brien told it to us as it is (******). It was all the fault of a machine running amok. You don't even need to let a few heads roll as AOL did four years ago to bury its own blooper.
As you stated, "the WiFi data collection had not resulted in any real harm". As long as you do not have to prove it, it ought to close the subject. Privacy depends on industry and you are in the right industry. As for "Simon Davies of Privacy International, the UK-based privacy watchdog", instead of threatening to "complain to the police", he should go work for a hedge fund. If you read what he said three years ago, you have to admit he covered his position beautifully.
At least you enjoy a far better climate in the United States than in Europe. It must be all these contributions to President Obama. Take for instance the draft on strengthening consumer privacy currently being floated in Washington (5). A connoisseur like you knows how to judge architecture by how it handles openings. Sure enough House Representative Rick Boucher's text provides plenty of them, for abundant light and refreshing drafts.
For instance, it shows the usual leniency for data trafficking among affiliates, defined as entities on which one lacks "corporate control". Having googled the latter, I found a document on the OECD site according to which "at present, there is no unanimous definition of corporate control" (6). Very convenient, isn't it? My source proceeded to invoke the US Securities Act and declare it is enough to gain "the power to exercise a controlling influence over a company's [...] specific policies [...] through a contract or other means". How difficult is that for a company like yours?
You will appreciate of course the intricate carvings which decorate "notices", substituting the acanthus with the fig leaf. You will also recognize a favorite European motif, the so-called opt-in. American tourists who have bought a French train ticket online already know this gargoyle is toothless. If SNCF can brazenly bundle opt-in with online reservations, will Google be scared? Finally you will be dazzled by the trompe l'oeil effects. If one restricts personal data collection for advertising purposes but allows it for improving the product or service, what happens in case of double use? It looks like a real door opening from inside the crafty painting of a barred window.
Be careful though. Representative Boucher seems to take exception to the use of "preference profiles". The more I looked, the more I recalled one of my favorite design, i.e. to give the user the ability to access and edit his or her profile online each time this user is presented an ad which targets him or her based on profile data. For a compulsive shopper like you, what with DoubleClick and AdMob, that could prove troublesome.
Fortunately the draft creates a difference between the information that "led to the delivery of the advertisement" and the profile "that may have led to the delivery of the advertisement". This word "may" opens the smallest of cracks but a clever lawyer should be able to defend another usage of trompe l'oeil on a monumental scale. Just put up a benign faux profile for users to admire. It may have been used for all we know, may it not?
We learnt architecture at the feet of old Greek masters. Why not return the favor?
Turn the modern Greek government into an affiliate. In no time you could solve tax evasion there and have Angela Merkel eat from your hand.
- (*) ............ In Germany, a Criminal Inquiry Is Opened on Google's Data-Gathering, by Kevin J. O'Brien (New York Times) - May 20, 2010
- (**) .......... Google faces US and German probes over harvested WiFi data, by Joseph Menn, Daniel Schäfer and Tim Bradshaw (Financial Times) - May 18, 2010
- (***) ....... In Europe Google Is Facing New Inquiries on Privacy, by Kevin J. O'Brien (New York Times) - May 21, 2010
- (****) ..... Watchdog warns Google on erasing data, by Maija Palmer and Tim Bradshaw (Financial Times) - May 21, 2010
- (*****) ... Google debates face recognition technology after privacy blunders, by Maija Palmer (Financial Times) - May 20, 2010
- (******) . Anger in Europe Over Google and Privacy, by Kevin J. O'Brien (New York Times) - May 17, 2010
- (1) the 32GB USB Flash Drive is widely available today
- (2) An Antitrust Complaint for Google in Germany, by Eric Pfanner (New York Times) - January 19 (2010)
- (3) Google Desktop Security Issue, by Dan Wallach, December 20, 2004
- (4) well within the capacity of a Wi-Fi network with a 10 Mbit/sec bandwidth.
- (5) see US Congressman Rick Boucher's draft
- (6) see "chapter IV" of an otherwise unidentified document available from the OECD