An Open Letter to Google: Concepts for a Google Privacy
Lauren Weinstein
lauren at vortex.com
Tue May 9 06:44:28 PDT 2006
Initiative
An Open Letter to Google:
Concepts for a Google Privacy Initiative
Lauren Weinstein
May 9, 2006
http://www.vortex.com/google-privacy-initiative
Preface: The overall situation relating to U.S. and global
privacy issues is deteriorating rapidly. Recent Congressional
moves toward legislating broad, government-mandated data
retention laws ( http://lauren.vortex.com/archive/000175.html )
are particularly alarming. The manners in which we
collectively choose to address these sorts of issues are
likely to have drastic impacts not only on our own lives, but
also broadly on the shape of society, both today and in the
future.
Greetings. When I was recently invited to speak at Google's Santa
Monica center ( Video at http://lauren.vortex.com/archive/000168.html ),
I was impressed by the quality of the facilities, but even more so
by the caliber of the Google employees I met during my visit.
Google's capabilities are extraordinary. While I have been publicly
critical of some Google policies, my concerns have been focused not
on Google today, but rather mainly on how Google's immense data
processing, storage, and related infrastructures might be abused
in the future, particularly by outside entities in a position to
force Google's hand despite Google's own best intentions.
As discussed in my talk, I consider Google to be an incredibly
important and admirable resource with vast potential to do good.
But by the same token, it is largely this very power that increases
the risks of serious abuses of Google capabilities being forced upon
the organization, and Google will likely be unable to mitigate many
of these unless it takes major proactive steps on an immediate and
ongoing basis, particularly including privacy-related efforts.
Increasingly, Internet users are becoming highly sensitized to both
perceived and real risks to their privacy associated with their use
of the Net. While the real risks we face in this arena are serious
enough, people's confidence (or lack thereof) in products and
services will in many cases be shaped primarily by perceptions, and
often significantly less by the underlying realities. This
highlights the critical fact that to be truly successful, efforts to
reduce privacy risks must not only have genuine and ongoing positive
privacy effects, but also need to be clearly perceived by users and
the broader public to be in place and fully supported as primary
goals of the organizations involved.
Web-based search engines are an obvious current focus of many privacy
concerns, but as more traditional "desktop" applications migrate to
tightly coupled topologies with user data stored on remote servers
not under users' direct local control (e.g. for PC searches,
document preparation, e-mail, etc.), these issues and related
potential risks are rapidly spreading across the entire computer and
Internet spectrums.
Fears that users' private information may be increasingly subject to
intrusive perusal by law enforcement or other authorities (often with
minimal and/or questionable cause) are further damaging user
confidence in such services, with a range of issues related to data
retention being an important element at the heart of these
concerns. To the extent that potentially sensitive data is stored
for extended periods, particularly in non-anonymous forms, it is
inevitable that outside demands for access to it -- on ever broader
scales -- will be accelerating. While individual court cases will
of course vary in their results, the court system cannot be relied
upon to always render appropriate decisions regarding such matters,
particularly in today's political and legislative environments.
I believe that Google, by virtue of its Internet industry leadership,
technical and human resources, and corporate culture, is in a unique
position. Google can demonstrate how world-class privacy protection
policies and technologies can be developed and deployed in ways that
enhance user confidence in current and future Google services -- by
proactively protecting users' private data without interfering with
service operations, innovation, R&D, or the legitimate concerns of
law enforcement. Google could be the acknowledged global leader in
this area, becoming synonymous with the concept of integrating new
and advanced privacy capabilities into world-class Internet services
and products.
Obviously the confidence such efforts would engender in Google's
users would be healthy for Google's bottom line, but more
importantly it will provide genuine and continuing real benefits to
the Google user community itself (i.e. the entire world). Where
non-proprietary information is involved, further benefits to society
could be achieved through making publicly available (via published
papers, conferences, etc.) those aspects of resulting
privacy-related R&D technologies that could be deployed by other
entities to the benefit of the global community.
I recommend that Google establish a team explicitly dedicated to the
development and deployment of privacy-related efforts as outlined
above. Such a team would be tasked with establishing the framework
of these projects in a consistent manner, and ensuring to the
greatest extent practicable that all current and future Google
products and services would be integrated (from the outset when
possible) with these privacy technologies and policies. The team
would need access to other individuals within both the development
and operational aspects of Google, and ideally would report directly
to high-level management.
To be effective, such a team would need to be significantly
interdisciplinary in its makeup and scope, including a variety of
skills. Some of these would include a broad range of CS capabilities
(including specialized mathematical disciplines related to
encryption, among many others). Experience in dealing with the
particular and complex interplay between technology and societal
issues will also be an important component of such a team.
Google's growing scale and influence suggest that the sorts of
privacy efforts suggested herein could be among the most important
non-governmental privacy-related endeavors for many years to come,
and could have vast positive impacts far into the future not only
for Google and its users, but throughout the commercial, nonprofit,
and government sectors.
This document represents a very brief conceptual outline, offered
with only the best interests of both Google and the world at large
in mind. Google and the broader Internet are at a critical
crossroads in many respects, and I believe that Google has the
opportunity to do enormous good by initiating the types of efforts
that I've described.
I would welcome the opportunity to discuss these concepts with you in
more detail and to work with Google toward their realization, as you
may deem appropriate.
Thank you very much for your consideration.
--Lauren--
Lauren Weinstein
lauren at vortex.com or lauren at pfir.org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
- International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
More information about the cypherpunks-legacy
mailing list