p2pnet.net news:- ‘Do no evil’ Google was the only company to completely fail an important six-month investigation into privacy practices employed by key Net-based companies.

But, not one of the organizations included managed ‘green’ status and overall, “the privacy standard of the key Internet players is appalling, with some companies demonstrating either wilful or a mindless disregard for the privacy rights of their customers,” says Privacy International., which produced the scathing study.

The exploitation of new technologies and tools, “will result in one of the greatest privacy challenges in recent decades,” it states. We’re, “witnessing an increased ‘race to the bottom’ in corporate surveillance of customers”.

Some companies are leading the charge, “through abusive and invasive profiling of their customers’ data” and, “This trend is seen by even the most privacy friendly companies as creating competitive disadvantage to those who do not follow that trend, and in some cases to find new and more innovative ways to become even more surveillance-intensive,” says the report.

“Most importantly, we wanted to indicate to the marketplace that their surveillance and tracking activities are being scrutinised,” it declares.

Companies surveyed included: Amazon; AOL; Apple; BBC; Bebo; eBay; Facebook; Friendster; Google; Hi5; Last.fm; LinkedIn; LiveJournal; Microsoft; Myspace; Orkut; Reunion.com; Skype; Wikipedia; Windows Live Space; Xanga; Yahoo!; and, YouTube.

The Net appears to be shifting as a whole toward this aim, “and the opportunity to create market differentiators based on responsible privacy may diminish unless those avenues are explored immediately,” says PI, and consumers are right to feel aggrieved when companies fail to adopt the best privacy tools that are available.

Why Google?

“We are aware that the decision to place Google at the bottom of the ranking is likely to be controversial, but throughout our research we have found numerous deficiencies and hostilities in Google’s approach to privacy that go well beyond those of other organizations,” says PI, continuing:

While a number of companies share some of these negative elements, none comes close to achieving status as an endemic threat to privacy. This is in part due to the diversity and specificity of Google’s product range and the ability of the company to share extracted data between these tools, and in part it is due to Google’s market dominance and the sheer size of its user base. Google’s status in the ranking is also due to its aggressive use of invasive or potentially invasive technologies and techniques.

The view that Google “opens up” information through a range of attractive and advanced tools does not exempt the company from demonstrating responsible leadership in privacy. Google’s increasing ability to deep-drill into the minutiae of a user’s life and lifestyle choices must in our view be coupled with well defined and mature user controls and an equally mature privacy outlook. Neither of these elements has been demonstrated. Rather, we have witnessed an attitude to privacy within Google that at its most blatant is hostile, and at its most benign is ambivalent. These dynamics do not pervade other major players such as Microsoft or eBay, both of which have made notable improvements to the corporate ethos on privacy issues.

In the closing days of our research we received a copy of supplemental material relating to a complaint to the Federal Trade Commission concerning the pending merger between Google and DoubleClick. This material, submitted by the Electronic Privacy Information Center (EPIC) and coupled with a submission to the FTC from the New York State Consumer Protection Board, provided additional weight for our assessment that Google has created the most onerous privacy environment on the Internet. The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third-parties, as well as public disclosure as evidence in litigation or through data breaches. The EPIC submission set out a detailed analysis of Google’s existing data practices, most of which fell well short of the standard that consumers might expect. During the course of our research the Article 29 Working Group of European privacy regulators also expressed concern at the scale of Google’s activities, and requested detailed information from the company.

In summary, Google’s specific privacy failures include, but are by no means limited to:

- Google account holders that regularly use even a few of Google’s services must accept that the company retains a large quantity of information about that user, often for an unstated or indefinite length of time, without clear limitation on subsequent use or disclosure, and without an opportunity to delete or withdraw personal data even if the user wishes to terminate the service.

- Google maintains records of all search strings and the associated IP-addresses and time stamps for at least 18 to 24 months and does not provide users with an expungement option. While it is true that many US based companies have not yet established a time frame for retention, there is a prevailing view amongst privacy experts that 18 to 24 months is unacceptable, and possibly unlawful in many parts of the world.

- Google has access to additional personal information, including hobbies, employment, address, and phone number, contained within user profiles in Orkut. Google often maintains these records even after a user has deleted his profile or removed information from Orkut.

- Google collects all search results entered through Google Toolbar and identifies all Google Toolbar users with a unique cookie that allows Google to track the user’s web movement.17 Google does not indicate how long the information collected through Google Toolbar is retained, nor does it offer users a data expungement option in connection with the service.

- Google fails to follow generally accepted privacy practices such as the OECD Privacy Guidelines and elements of EU data protection law. As detailed in the EPIC complaint, Google also fails to adopted additional privacy provisions with respect to specific Google services.

- Google logs search queries in a manner that makes them personally identifiable but fails to provide users with the ability to edit or otherwise expunge records of their previous searches.

- Google fails to give users access to log information generated through their interaction with Google Maps, Google Video, Google Talk, Google Reader, Blogger and other services.

Microsoft is a, “better privacy performer than Google,” a finding that’s also likely to be contentious, says PI, going on:

Microsoft was awarded ‘orange’ status, two bands better than Google’s position. However it is important, for the sake of clarity, to note that Windows Live Space received the more negative “red” rating, while Google’s Orkut avoided a black rating and was awarded red status.

The true difference between Google Inc and Microsoft Corp can be defined not so much by the data practices and privacy policies that exist between the two organizations, but by the corporate ethos and leadership exhibited by each.

Five years ago Microsoft could reasonably be described as a fundamental danger to privacy. In more recent times the organization appears to have adopted a less antagonistic attitude to privacy, and has at least structurally adjusted to the challenge of creating a privacy-friendly environment.

But, Bill and the Boyz are by no means squeaky clean, says the report. There have been “notable privacy disasters,”it says, particularly with WGA (Windows Genuine Advantage), and, “It is equally true that Microsoft has failed to achieve the level of transparency that it proclaims to embrace (for example in withholding the length of time that data is retained).

“These instances have been compounded by a failure of oversight and management. However Microsoft has at least put in place the beginnings of a framework for responsible privacy practice and has created a corporate vision, cloudy though it may be. The organization appears now to be particularly sensitive in the most part to privacy issues and some parts of Microsoft have even pursued the concept of privacy as a market differentiator. We have no evidence that Google has achieved this level of awareness or development.”

But, “in the words of the executives, continues PI, “ad space is now the only game in town,” and with Microsoft needing to play catch-up with Google, “there is a real threat that the organization could abandon privacy reforms in favor of ad revenue – or at least divert funds away from real protection and toward PR. The 2008 rankings will identify whether this fear will be realized”.

Slashdot it!

Also See:
Privacy International – A Race to the Bottom, June 9, 2007
WGA – New WGA lawsuit, June 6, 2006

If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Go here for the official download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.

---

rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site

---

Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!

This entry was posted on Monday, June 11th, 2007 at 7:49 am and is filed under Freedom. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 9876 times