Buzz Kill

Everyone is talking about the privacy disaster that was the Google Buzz launch, and oh my goodness it was. I’ve never been so thankful that I don’t use gmail. I’m frankly surprised that they didn’t do a smaller beta first, or that there isn’t a group at Google charged with thinking about the privacy implications of every product release who would have clearly screamed “stop!”

If you want to think about the deep issues at play here, you really want to be reading Arvind Narayanan’s blog in general, and in particular his post on this issue:

When I enabled Buzz and realized what had happened, something changed for me in my head. I’d always regarded email and chat as a private medium. But that’s not true any more; Google forced me to discard my earlier expectations. Even if Google apologizes and retracts auto-follow (not that I think that’s likely), the way I view email has permanently changed, because I can’t be sure that it won’t happen again. I lost some of the privacy expectation that I had of not only Google’s services, but of email and chat in general, albeit to a lesser extent.

What I’ve tried to do in the preceding paragraphs is show in a step-by-step manner how Google’s move changed social norms. The larger players like Google and Microsoft have been very conservative when it comes to privacy, unlike upstarts like Facebook. So why did Google enable auto-follow? By all accounts, their hand was forced: they needed a social network to compete with Facebook and Twitter. Given the head-start that their competitors have, the only real way to compete was to drag their users into participating.

This is what deeply worries me about the current Cloud: for the convenience of universal access to our data, we are giving up control in the long run. We imagine these providers, Google, Facebook, etc., to be good custodians of our data, but their strategy, their needs, may significantly affect the way they do their jobs. Sometimes this is good: users will be protected by these custodians. But often, this will be bad in ways we can hardly imagine.

I mean, think about it: would you have believed it if two weeks ago, someone told you that Google was about to make public the list of the top 25 people you email? Heresy! That would be gmail suicide! And yet it happened. The backlash is strong, the feature will probably change, but in many ways the damage is done, and Google will probably suffer a lot less than one would have expected a priori.

As a computer scientist with a penchant for security, privacy, and autonomy, I hope I’m not the only one who feels I have a professional duty to help people avoid these kinds of situations. Computer scientists who handle other people’s data need a professional code of privacy ethics, and there need to be serious consequences, legal and financial, to this type of negligence.