Your email providers don’t require a warrant to read your email

Our email providers give themselves much more convenient access to your data through their terms of service or privacy policies. On one hand, this is level of access may be necessary to prevent disruptions and limit liability but, on the other hand, these permissions we, as users, grant providers like Microsoft, Google, Yahoo and others pretty broad access to our data without requiring them to obtain court orders or satisfy any external legal requirement.

The Verge recently published disturbing news about Microsoft’s respect for its users’ privacy:

It came out yesterday that the company had read through a user’s inbox as part of an internal leak investigation. Microsoft has spent today in damage-control mode, changing its internal policies and rushing to point out that they could have gotten a warrant if they’d needed one. By all indications, the fallout is just beginning.

Your provider is watching you

As disturbing as this is, there is a bigger picture. As The Verge’s Russell Brandom goes on to point out –

But while Microsoft is certainly having a bad week, the problem is much bigger than any single company. For the vast majority of people, our email system is based on third-party access, whether it’s Microsoft, Google, Apple or whoever else you decide to trust. Our data is held on their servers, routed by their protocols, and they hold the keys to any encryption that protects it. The deal works because they’re providing important services, paying our server bills, and for the most part, we trust them. But this week’s Microsoft news has chipped away at that trust, and for many, it’s made us realize just how frightening the system is without it.

People following the Oscar Pistorius trial in the last week would have discovered that private chats can become very public if law enforcement authorities believe they are relevant to an investigation.

Although law enforcement authorities are required to follow various procedures to gain access to messaging and social media users’ communications, the companies operating the chat and email services we use daily don’t have this hurdle in their way if they deem it necessary to access their users’ communications.

The right to privacy in the South African Bill of rights includes the right not to have the “privacy [your] communications infringed”. This right is not absolute and can be (and is) limited by various laws including the Regulation of Interception of Communications and Provision of Communication-related Information Act which is how local law enforcement can obtain access to your communications. What this means is that, for law enforcement at least, there are checks and balances in place to protect our communications both thanks to laws as well as service providers’ requirements.

Unfortunately, those same providers give themselves much more convenient access to your data through their terms of service or privacy policies. On one hand, this is level of access may be necessary to prevent disruptions and limit liability but, on the other hand, these permissions we, as users, grant providers like Microsoft, Google, Yahoo and others pretty broad access to our data without requiring them to obtain court orders or satisfy any external legal requirement.

Microsoft

As The Verge pointed out, if you use Hotmail/Outlook.com, you have granted Microsoft permission to access your data. Microsoft’s Privacy Statement includes these permissions:

We may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers or the public.

Because you agree to the Privacy Statement as a condition of your use of Microsoft’s services, you have consented to these uses of your personal information. These consent enable Microsoft to circumvent any questions about privacy infringement because your legitimate expectation of privacy does not extend to these particular activities. This is the key rationale for a privacy policy and it is the same principle applies to the permissions you grant to other providers (I’ve referred to a couple more below).

Google

Google operates an enormously popular email service, Gmail, which is also probably one of the most secure from the perspective of external surveillance and attacks. While Google holds itself out as its users’ protector from external threats, it also has the option of accessing your data because you have agreed to this when you agreed to its Privacy Policy which includes these provisions:

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users.

We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know.

We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms of Service, including investigation of potential violations.
  • detect, prevent, or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

These three sections are drawn from different parts of Google’s Privacy Policy and, between them, they give Google permission to share fairly comprehensive information it has about you with law enforcement authorities as well as to use that information itself to, among other things, “protect” its services, itself and its users. This is a fairly broad term and this is likely intentional. When you write these sorts of policy documents, you don’t want to be too prescriptive if you anticipate requiring fairly broad consents for a wide range of foreseeable risks and to cater for unforeseen risks.

Yahoo

Yahoo’s webmail service is still very popular. While Yahoo’s privacy policy tends to be pretty good about handling users’ personal information, it also retains fairly broad permissions in its Privacy Policy (I added some emphasis):

Yahoo does not rent, sell, or share personal information about you with other people or non-affiliated companies except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:

  • We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Yahoo’s terms of use, or as otherwise required by law.

Apple

Although not as popular as the other providers, Apple’s tight service and software integration makes its iCloud email service a convenient option, especially because its possible to create an email account on iCloud without requiring another email account first (which is increasingly rare). When you use Apple’s products and services, your consents include the following:

How we use your personal information

  • We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising, and for loss prevention and anti-fraud purposes.

  • We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Apple’s products, services, and customer communications.

Where this leaves you

<

p>Public events like the Oscar Pistorius trial and, before it, the ongoing revelations about state surveillance programs over the last year or so, have reminded us that our private communications are not quite as private as we may have hoped. Our privacy is protected more by obscurity and because our communications, for the most part, are not the sorts of things others would be terribly concerned about.

Our trust and the possibility of severe reputational harm keep the likes of Google, Yahoo, Microsoft, Facebook and others generally honest although, as we have seen with Microsoft, they may be prepared to break that trust if the reason is compelling enough to them. They will invariably point to the permissions we give them in our contracts with them and they’ll be quite right. We have agreed to this and we’ll continue being in agreement with them having this level of access to our data because the alternatives are not nearly as convenient.

Your connected home knows you intimately and, soon, so will Google

Google’s business model, like many other consumer-facing companies’ business models, are changing to become far more context aware. We’re seeing that in apps that know our location and where we are going next and warn us when to leave to make it on time. That just scratches the surface and this trend can be tremendously helpful and useful if we can be sure that our personal information is not being abused or vulnerable to exploitation.

Nest cooling with leaf

Google has just announced that it intends purchasing Nest, a company that produced a connected home thermostat and smoke detector that is very well regarded in the United States. The purchase price is $3,2 billion, apparently in cash. That substantial purchase price is a pretty clear indication of the value Google places on Nest’s technology which gives its customers the ability to monitor and adjust their home environment. One of the implications of this purchase is that Google could soon have far deeper insights into what Nest’s customers are doing in their homes.

Although this is arguably a trend that is only going to grow, the question to ask is whether companies reaching into customers’ most intimate spaces have adequate protections in place to protect their personal data? Here is an one possible integration (no announcements about integrations yet so this is speculation) from Stacey Higgenbotham writing for GigaOm in her article titled “When Google closes the Nest deal, privacy issues for the internet of things will hit the big time“:

As a user of Google Now, the contextual service that tells me when to leave my house to make it to my next appointment in time, I see no reason Google couldn’t also tell my thermostat to cycle down before I actually leave. Or, based on my movements in my home, Google could start screening my calls. If I’m in the bedroom and motionless maybe Google could block the work calls from my colleague Om Malik.

Google’s business model, like many other consumer-facing companies’ business models, are changing to become far more context aware. We’re seeing that in apps that know our location and where we are going next and warn us when to leave to make it on time. That just scratches the surface and this trend can be tremendously helpful and useful if we can be sure that our personal information is not being abused or vulnerable to exploitation. As Higgenbotham points out –

Nest and the products the company builds could help provide ever more contextual clues to Google that it can use to help make your life better and even save you money. But in doing so we need to hold it, and other companies seeking to enter the connected home market, to a well-defined set of standards around data security and privacy. That means the industry and the regulators need to move past this impasse: where the internet of things is awesome but will also kill you because strangers can hack into your home and control your medical devices.

You are a soldier in Google’s Cold War with Facebook for social dominance

The underlying dynamic that likely drives Facebook’s and Google’s amendments to their policy and terms frameworks is that we users tend to place more value on recommendations from our friends and family. Facebook and Google’s advertising and promotional models (as well as a number of other services that personalise ads) are increasingly designed to manufacture these recommendations using our activities on the various services without the need for us to actively apply our minds to what we are recommending and what we choose not to. At the moment, the dominant model is one in which we choose to signify our approval of a brand, product or service by Liking or +1’ing it. These changes start to make those actions less important as a recommendation signal and are made possible through contractual models which include privacy policy frameworks and terms and conditions.

Shifting Publicity Policies

Between Facebook and Google, these two companies have voluntold[1] us that we are now part of their sales teams. It started with Facebook’s announcement on 29 August 2013 that it intends amending it’s Statement of Rights and Responsibilities (I’ll call it the “Statement” below) and the Data Use Policy which included an expanded section describing what personal information it intends using to, essentially, sell products and services using you to make that happen. Before I go into more detail, it’s important to note something about how these policy changes bind you.

Whenever services like Google and Facebook explain changes to policy frameworks and their terms and conditions, they explain that they won’t use your personal information in certain ways unless you give them permission to do so. They don’t but this is really just a ruse. You have already given them permission when you signed up to use the service and your permission takes the form of privacy policies that include your agreement that they can amend the policies and other terms and conditions pretty much at will. If they are going to be truly transparent, they should say something along the lines of –

unless you give us your permission to do so (which you have already, so thanks for that)

The underlying dynamic that likely drives Facebook’s and Google’s amendments to their policy and terms frameworks is that we users tend to place more value on recommendations from our friends and family. Facebook and Google’s advertising and promotional models (as well as a number of other services that personalise ads) are increasingly designed to manufacture these recommendations using our activities on the various services without the need for us to actively apply our minds to what we are recommending and what we choose not to. At the moment, the dominant model is one in which we choose to signify our approval of a brand, product or service by Liking or +1’ing it. These changes start to make those actions less important as a recommendation signal and are made possible through contractual models which include privacy policy frameworks and terms and conditions.

How You Are Selling for Facebook

The current Statement currently includes the following clauses dealing “About Advertisements and Other Commercial Content Served or Enhanced by Facebook” –

Our goal is to deliver ads and commercial content that are valuable to our users and advertisers. In order to help us do that, you agree to the following:

  1. You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. You give us permission to use your name and profile picture in connection with that content, subject to the limits you place.
  2. We do not give your content or information to advertisers without your consent.
  3. You understand that we may not always identify paid services and communications as such.

Note that you have already given your permission for Facebook to use “your name and profile picture” in connection with ads and sponsored content. The new, proposed version, goes even further and may (it hasn’t been finalised yet) state the following:

Our goal is to deliver advertisings and other commercial or sponsored content that are is valuable to our users and advertisers. In order to help us do that, you agree to the following[2]:

  1. You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. You give us permission to use your name, and profile picture, content, and information in connection with commercial, sponsored, or relatedthat content (such as a brand you like) served or enhanced by us, subject to the limits you place[3]. This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you. If you have selected a specific audience for your content or information, we will respect your choice when we use it.

If you are under the age of eighteen (18), or under any other applicable age of majority, you represent that at least one of your parents or legal guardians has also agreed to the terms of this section (and the use of your name, profile picture, content, and information) on your behalf.[4]

  1. We do not give your content or information to advertisers without your consent.

  2. You understand that we may not always identify paid services and communications as such.

The other changes to the Statement addressed issues such as software installation, dispute resolution and a reminder that using mobile data could incur charges. The proposed changes to the Data Use Policy are pretty extensive and you have to read through the whole document to get a sense of the overall picture. For example, one of the edited clauses states the following:

As described in “How we use the information we receive,” We we also put together data from the information we already have about you,and your friends, and others, so we can offer and suggest a variety of services and features. For example, we may put together data about you to determine make friend suggestions, pick storieswhich for friends we should show you in your News Feed, or suggest people you to tag in the photos you post. We may put together your current city with GPS and other location information we have about you to, for example, tell you and your friends about people or events nearby, or offer deals to you in which that you might be interested in. We may also put together data about you to serve you ads or other content that might be more relevant to you.

Further down the marked up Data Use Policy, under part IV, one of the paragraphs begins with the following:

When we deliver ads, we do not share your information (information that personally identifies you, such as your name or contact information) with advertisers unless you give us permission.

It then goes on to describe how Facebook personalises ads. It is a very interesting read because it describes, in a fair amount of detail, how Facebook uses your personal information to sell relevant ads. It is a powerful model and the proposed changes to allow Facebook to incorporate more of your personal information into what are effectively personal endorsements is likely to be even more lucrative for Facebook.

The comment period for these changes closed on the 7th of September and we will have to wait and see to what extent these proposed changes will be applied. Of course these changes are not isolated. Facebook made a number of additional announcements recently which reinforce this trend.

The first change was fairly innocuous. On 30 September, Facebook published a post titled “Graph Search Now Includes Posts and Status Updates” which is fairly self-explanatory –

Starting today, Graph Search will include posts and status updates. Now you will be able to search for status updates, photo captions, check-ins and comments to find things shared with you.

Search for the topics you’re interested in and see what your friends are saying, like “Dancing with the Stars“ or ”Posts about Dancing with the Stars by my friends.”

The next announcement which attracted more interest was the announcement on 10 October which was styled as a reminder and is titled “Reminder: Finishing the Removal of an Old Search Setting” –

Last year we announced the removal of an old setting called “Who can look up your Timeline by name?” along with new controls for managing content on Facebook.

The search setting was removed last year for people who weren’t using it. For the small percentage of people still using the setting, they will see reminders about it being removed in the coming weeks.

Whether you’ve been using the setting or not, the best way to control what people can find about you on Facebook is to choose who can see the individual things you share.

More publicly shared profile data coupled with all that profile data being indexed by Facebook’s powerful Graph Search means that even more users’ personal information becomes accessible for use in personalised ads with the only limitation being selective sharing by choosing whether to share updates publicly or friends (this can be further delineated using friends lists if you use them). Assuming Facebook’s proposed changes to its Statement and Data Use Policy are implemented (and they likely will be, in some form or another), you can expect even more personalised ads that include what appear to be more personal recommendations from your Facebook connections. It is both very sneaking and, at the same time, very clever and you have agreed to this (whatever this turns out to be) already.

Yes, You Work for Google Too

Google’s approach is far more nuanced than Facebook’s and users do appear to have an option to opt-out of its personalisation model (and it is an opt-out, you are opted-in by default). The changes were announced on 11 October in a document that summarises the changes that Google will implement on 11 November 2013. In contrast to Facebook’s governance model which still allows for some degree of community involvement, Google tends to announce changes and implement them without much public consultation. Google explains its “Shared Endorsements” model as follows:

We want to give you – and your friends and connections – the most useful information. Recommendations from people you know can really help. So your friends, family and others may see your Profile name and photo, and content like the reviews you share or the ads you +1’d. This only happens when you take an action (things like +1’ing, commenting or following) – and the only people who see it are the people you’ve chosen to share that content with. On Google, you’re in control of what you share. This update to our Terms of Service doesn’t change in any way who you’ve shared things with in the past or your ability to control who you want to share things with in the future.

Feedback from people you know can save you time and improve results for you and your friends across all Google services, including Search, Maps, Play and in advertising. For example, your friends might see that you rated an album 4 stars on the band’s Google Play page. And the +1 you gave your favorite local bakery could be included in an ad that the bakery runs through Google. We call these recommendations shared endorsements and you can learn more about them here.

When it comes to shared endorsements in ads, you can control the use of your Profile name and photo via the Shared Endorsements setting. If you turn the setting to “off,” your Profile name and photo will not show up on that ad for your favorite bakery or any other ads. This setting only applies to use in ads, and doesn’t change whether your Profile name or photo may be used in other places such as Google Play.

If you previously told Google that you did not want your +1’s to appear in ads, then of course we’ll continue to respect that choice as a part of this updated setting. For users under 18, their actions won’t appear in shared endorsements in ads and certain other contexts.

For greater control over your experience with ads on Google, you can also use Google’s Ads Settings tool to manage ads you see. Learn more.

The main change to Google’s Terms of Service is this insertion under the heading “Your Content in our Services”:

If you have a Google Account, we may display your Profile name, Profile photo, and actions you take on Google or on third-party applications connected to your Google Account (such as +1’s, reviews you write and comments you post) in our Services, including displaying in ads and other commercial contexts. We will respect the choices you make to limit sharing or visibility settings in your Google Account. For example, you can choose your settings so your name and photo do not appear in an ad.

Google users can opt-out of this option and a help page explains the process. An interesting part of the process is the following (I highlighted the interesting bit):

Go to the Shared Endorsements setting page. If you are not already a Google+ user, you will be asked to upgrade your account.

Why is this interesting? Because it is a pretty devious way to persuade more Google services users to “upgrade” their Google accounts to Google+ accounts and integrate deeper into the broader Google platform. Driving Google+ user adoption (in other words, persuading users to activate Google+ integration) is how Google is going to make meaningful inroads into Facebook’s dominance on the social Web. It is Google’s metaphorical arms build up in its battle with Facebook for dominance on the social Web and for a larger stake in the social marketing space.

I imagine that even if you opt-out of the Shared Endorsements program, you will still see personalised ad suggestions. Reducing the likelihood of your personal information being used to personalise ads will probably require browsing the Web anonymously or, at the very least, reviewing your privacy settings very carefully and customising them to suit your preferences.

Caught in the Cross-Fire

When the media covers these sorts of changes, the implication tends to be that personalisation is bad and should be resisted at all costs. That isn’t necessarily the case. If you accept that you will be faced with ads in a service you find truly useful and don’t pay for, being presented with more relevant ads is probably going to enhance your experience of those ads. The real question is whether users have meaningful control over their personal information and can opt-out of personalised ads and still have use of these services. I think that answer will increasingly become “no” as more and more functionality becomes dependent on your participation, willing or not.

Facebook frequently talks about features it is removing and which were only used by a small percentage of users. Most recently one of those features is the option of not being included in Graph Search. The fact that so few users have enabled that option says more about how aware users are of these sorts of “features” and whether they are adequately informed about their value. The answer is overwhelmingly “very few” and “definitely not”. For the most part, users just want to post fun photos and videos and share stuff. They don’t think about how their rights are affected and that only changes when there is significant attention on major changes. To combat this, services like Google and Facebook have adopted the legal equivalent of stealth weapons and make use of nuanced language, misdirection and selective emphasis to deflect attention from the problematic changes.

What we see is a sort of war by proxy between the major social services and in which users could find themselves fuelling various services’ efforts to gain market share without being aware of much more than more personalised ads and begin prodded to “upgrade” their accounts to take advantage of the new flashy options. For so long as users feel they benefit more than they are prejudiced, this deal works for them but the challenge has always been whether users are aware of the extent to which their options are being limited and they are being traded for bigger weapons in this digital battlefield? The answer for the most part is “no” and that is not likely to change any time soon.


  1. It’s a made-up word for what happens when you sort of volunteer and are also told that you are signing up for something, especially when you don’t usually have much choice.  ↩
  2. I have marked up the proposed edits with strikethrough for deletions and bold for insertions.  ↩
  3. Isn’t this an interesting deletion?  ↩
  4. This is a challenging one. If you are under the age of 18 in South African law you may lack the legal capacity to agree to this so the consent Facebook takes may still amount to a violation of children’s rights to privacy.  ↩

Hangout: SME’s and taking your business online

Michael Cowen over at No Picket Fence just interviewed me in a Google+ Hangout about some of the legal challenges facing SME’s (Small and Medium Enterprises). The Hangout was streamed to YouTube live and is also available to watch now, after the interview concluded:

Google+ Hangouts are terrific. They are easy to use, set up and the quality is pretty good. We are going to start using Hangouts to chat about legal issues that may interest you and while you will only be able to watch the Hangouts on Google+ (actually, you can probably watch them streaming live on YouTube and elsewhere if we embed the player – I’ll figure that out), it’s worth joining Google+ and circling Web•Tech•Law on our Google+ Page.

Let us know if there are any topics you’d like to discuss in a Hangout. I’d like to set a Hangout up later this week, time permitting.

Google’s new privacy policy: much ado about very little

Google’s recent privacy policy update has caused great consternation. Some commentators have expressed concern about the new policy’s compliance with various privacy law frameworks (particularly the EU’s data protection laws); the aggregation of users’ personal information and others have made ridiculous claims about the policy being the “end of privacy as we know it“. We took a close look at the new privacy policy, what has changed from October’s version and what this really means for users. It turns out much of the fuss is uninformed, sensationalist and unjustified.

One Privacy Policy to Rule Them All

Essentially Google has taken a number of privacy policies spread across multiple services and consolidated them into a single privacy policy that covers personal information processing across all Google services. This isn’t as simple as it sounds and its benefits are not immediately apparent. One of the disadvantages of having multiple privacy policies governing multiple services is that you can’t be sure that your personal information will be handled consistently from service to service or even that all of the policies process your personal information in a way that doesn’t prejudice you unreasonably. This also potentially means diminished transparency, less informed consent and greater uncertainty – all less than desirable features of a document of such importance. With a unified policy users have greater certainty as to what personal information Google is collecting and what it is doing with that personal information. To add to this, the new privacy policy continues Google’s practice of writing very clear and plain policies (when I am looking for inspiration for legal terms, I often look to Google’s terms for their clarity and emphasis on good, plain language).

Another thing Google does it publish comparisons between policy versions. This is part of the comparison between the October 2011 version and the March 2012 version:

Privacy Policy – Policies & Principles

Google does a terrific job purely from the perspective of transparency. Users are advised in advance what changes are going to be made and are shown not only the new policy document but also the changes from one version to the next. This behaviour doesn’t receive enough attention. Not many companies go to such lengths to be so transparent about these sorts of changes.

Positive Changes

The policy, for the most part, doesn’t change the privacy framework under the previous model. Users haven’t lost control over their personal information and haven’t been forced to be more public than they may wish to be. This approach largely fell away a couple years after the Facebook privacy debacles. In the last year or so Google, Facebook and other services have been more careful with users’ personal information and their privacy policies reflect this.

The new policy clarifies how users can “make meaningful choices about how” Google uses their personal information. Users have a couple of options available should they wish to access and review personal information Google holds; adjust their ad preferences; control who they share their personal information with and even if they choose to export their personal information from Google’s services. The new policy also states that browsers can be set to block or moderate cookies but cautions about diminished functionality in its services if users choose to do so (this is the incentive for users not to moderate cookies).

A change I found very interesting is this sentence:

We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

Previously the privacy policy allowed for personal information on an opt-out basis:

Google uses the DoubleClick advertising cookie on AdSense partner sites and certain Google services to help advertisers and publishers serve and manage ads across the web. You can view and manage your ads preferences associated with this cookie by accessing the Ads Preferences Manager. In addition, you may choose to opt out of the DoubleClick cookie at any time by using DoubleClick’s opt-out cookie.

Why People Are Concerned

The primary reason most commentators seem to be concerned about the new privacy policy is the following clauses:

We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.

We may use the name you provide for your Google Profile across all of the services we offer that require a Google Account. In addition, we may replace past names associated with your Google Account so that you are represented consistently across all our services. If other users already have your email, or other information that identifies you, we may show them your publicly visible Google Profile information, such as your name and photo.

We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know. We will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Essentially Google is consolidating the personal information it has from its users across its various services into a more complete, useful and valuable database. Previous the various privacy frameworks and notionally distinct services meant that a user could have varying exposure to personalised ads and to personal information processing. Under the more consolidated model, users can be more readily and more accurately profiled and better targeted with ads. Their experience of Google’s services can also be improved where data can be shared across services (another reason for the change) to enhance users’ general Google experience.

This change reflects increasing integration of Google’s services into a more cohesive set of services not dissimilar to Facebook which has always been regarded as a single, multi-faceted service but one which permits personal information published through one aspect of the service to be used with other aspects of the Facebook service as well as to better target ads.

Some of the clauses are mixed bags. This next clause makes an important point that sensitive personal information won’t be associated with cookies and then glosses over the implications of those cookies and other technologies like pixel tags by explaining their value in setting the correct language preferences:

We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer. When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.

Google has been viewed with suspicion for some time now due to its size and presence in our daily lives. There is no question that Google uses personal information to personalise its ads and users’ experience of many of its services. That said, Google works to be more transparent about its disclosure of personal information to governments (one of the times Google will hand over your personal information is in response to a valid and legally binding request from a government). Contrary to the article in a recent issue of the Star titled, “Big Brother has nothing on Google” (this article is largely a series of exaggerations, some of which are factually questionable), the new policy does not give Google carte blanche to sell user data at will. The policy is fairly clear on this point:

Information we share

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply:

  • With your consent

    We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

  • With domain administrators

    If your Google Account is managed for you by a domain administrator (for example, for Google Apps users) then your domain administrator and resellers who provide user support to your organization will have access to your Google Account information (including your email and other data). Your domain administrator may be able to:

    • view statistics regarding your account, like statistics regarding applications you install.
    • change your account password.
    • suspend or terminate your account access.
    • access or retain information stored as part of your account.
    • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
    • restrict your ability to delete or edit information or privacy settings.

    Please refer to your domain administrator’s privacy policy for more information.

  • For external processing

    We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

  • For legal reasons

    We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

    • meet any applicable law, regulation, legal process or enforceable governmental request.
    • enforce applicable Terms of Service, including investigation of potential violations.
    • detect, prevent, or otherwise address fraud, security or technical issues.
    • protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

If Google is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

While Google has given itself the ability to exchange your personal information across its services for various reasons, it does not mention selling users’ personal information to 3rd party advertisers. If anything, the policy wording tends to rule that out subject to Google’s ability to disclose your personal information for those sorts of purposes if you consent to it or if the person administering the domain your Google account forms part of does something similar (Google leaves it up to those administrators to develop their own privacy framework).

Perspective

Many commentators criticise Google and other companies, ostensibly on the mistaken assumption that they are entitled to a particular range of services or to be subject to terms and conditions or privacy policies they find more favourable. This is a flawed assumption. Google is a “for profit” company and, at the same time, it makes a concerted effort to strike a balance between its commercial interests and its users’. The outcomes of that effort include clearly written policies which inform users what happens to their personal information from the time they submit it to Google. The document’s clarity means that users are more likely to understand it and its implications and give their informed consent to Google. That is what a privacy policy should strive for.

In addition, this policy does not make further inroads into user privacy. The general exception is the extent to which aggregating personal information across Google’s services impacts on user privacy more extensively.

Google has also given users the tools to control their personal information fairly effectively by removing it, blocking its collection or correcting it. I say “fairly” because the policy also mentions that users have control over “many” of Google’s services, not all of them.

Ultimately personal information is the price users pay to use Google’s (and other) services and while the choice to use other services often isn’t as appealing, it remains an option. Users also have tools independent of Google to help protect their privacy. One such tool is alternative browsers like Firefox which includes various settings to help protect users’ privacy. Even Google’s Chrome gives users the ability to better control their personal information.

Much of the new policy is a clarification of the previous version with paragraphs being restructured or otherwise amended to improve them from a usability perspective. All the hype and fuss about the privacy policy seems to be mostly bluster and much ado about very little after all.

Update: I found out about this great video on This Week in Law 147 which presents a great perspective on the policy changes:


Nastassja de la Guerre helped out with a more detailed comparison between the October 2011 and March 2012 versions and an assessment of the impact of those changes. Nastassja is a candidate attorney at Jacobson Attorneys.

Google+ Pages off to a good start for consumers

Google released Google+ Pages for brands publicly last night (South African time) to much excitement on the Web. Google+ has, until now, been reserved for humans posting as themselves and Google has been criticized for not allowing brands to create pages and for insisting that users use their real names and not pseudonyms (Google seems to have reversed course on this and is expected to announce support for pseudonyms soon). The elephant in the room has been brands’ inability to create a presence on the growing platform.

Google+ Pages have a number of similarities to personal profiles including their basic design and functionality. Businesses can publish posts, photos, videos, run Hangouts (a very appealing and engaging video conferencing solution) and participate in comment threads as the brand. I enjoy using Google+ and have seen some pretty high engagement levels there. It is a product designed for engagement.

web.tech.law - Google+

That said, there are some very interesting differences between Pages and profiles which are pretty good for consumers weary of the constant flow of direct marketing material. Susan Beebe, a Dell Corporate PR and Social Business Strategist listed a number of differences in a post on Google+:

  • Pages can’t add people to circles until the page is added first or mentioned.
  • Pages can be made for a variety of different entities whereas profiles can only be made for people.
  • The default privacy setting for elements on your page profile is public.
  • Pages have the +1 button.
  • Pages can’t +1 other pages, nor can they +1 stuff on the Web.
  • Pages can’t play games.
  • Pages don’t have the option to share to ‘Extended circles’.
  • Pages don’t receive notifications via email, text, or in the Google bar.
  • Pages can’t hangout on a mobile device.
  • Local pages have special fields that help people find the business’ physical location.

Of these differences, the most significant difference for consumers is the first in that list: Pages can’t add people to circles until the page is added first or mentioned.

Explicit opt in on Google Plus for Pages

The reason this is so significant is that consumers must explicitly and specifically add brands to their circles (or, to use Twitter terminology, follow the brands) before those brands can publish posts targeted at those consumers. Until that point brands’ Pages remain publicly visible but their posts don’t enter consumers’ streams until they are followed. This model is similar to Twitter in that Twitter users won’t see brands’ tweets in their Twitter stream unless they follow the brand’s Twitter profile. Like Twitter is also appears that a brand could publish a post which tags a consumer not following the brand on Google+ and get their attention that way.

It certainly appears that Google is thinking about building a product for brands that doesn’t overpower consumers’ streams with marketing messaging although an option requiring that consumers add brands to their circles before they can be contacted by brands would protect consumers better.

Evolving privacy paradigms: Twitter, Facebook and Google+

I’ve been using Google+ for a few days now and despite being a “limited field test”, it has a brilliant approach to privacy. If you are unfamiliar with Google+, take a look at this introductory video:

At Google+’s core is the Circles feature. Circles offers users fairly granular control over their contacts and what they share with who. Circles are a little like Facebook’s Lists (don’t worry if you’ve never seen those, they’re not clearly exposed to users) and Twitter’s Lists. Using Circles you can allocate contacts to Circles like Family, Friends, Acquaintances and pretty much whatever you want to call the Circles. Google+ gives you a few read made Circles but you can create your own. Here is another video introducing how Circles works:

Setting up Circles takes a bit of work because you need to go through your contacts and add them to whichever Circles you want to add them to. The interface is really slick and easy to use, a little fun even. Once the Circles are set up you have the option of publishing content to specific Circles or even specific individuals and this is where the brilliance comes in (at least as I see it).

Before getting into Google+’s privacy paradigm, its a good idea to revisit the Facebook and Twitter privacy models. Facebook tends to push people to share more publicly. Its defaults for its products tend to be more public than private and Facebook has made a few glaring mistakes where they have gone too far. Whether it be due to enormous public outrage or an evolving sense of how to handle privacy issues, Facebook has improved its practices but most users seem to be unaware of or unconcerned with the more granular privacy controls. The average user has few friends on Facebook and probably doesn’t think too much about the publicity issues and certainly doesn’t bother with lists.

Facebook has similar functionality to Circles and, in one respect, goes a little further than Google+. Yishan Wong wrote a handy description of this in his recent post on Quora critiquing Google+:

In fact, Facebook allows you to do everything Google+’s “Circles” feature do, including post things only to specific friend lists. Further, Facebook’s selective posting feature is more advanced than Google+’s. Not only can you post information to specific Facebook Groups of curated friends, you can do more exclusionary posting than Google+

Despite the functionality being available on Facebook, few users actually use it and Facebook has pretty much buried it a couple layers down in the friends menus. That leaves many Facebook users left with a few choices:

  1. who to friend;
  2. what to share with those friends.

Unless you only friend people who you are genuine friends of or are related to on Facebook, you may find yourself having friended people who you may not be comfortable sharing all your content with so you may elect not to share everything. While this probably hasn’t stifled Facebook’s growth, the model has limitations based on its structure and users’ preference to share more personal stuff on Facebook.

Twitter, on the other hand, has two privacy/publicity options: public or private. Anything tweeted publicly is public and you have no legitimate expectation of privacy. Its a little like standing on a street corner shouting out to whoever may be passing by. The private option is a little like going into a room and selectively allowing people inside to hear you speak. Twitter also has a Lists function which you can use to categorize Twitter users you follow. I have a number of lists on Twitter which include Communications and Marketing people; people I consider to be influencers; as well as other lawyers using Twitter. You can create your own lists and include whoever you may be following into those lists. As with your updates, lists can be public or private. I have a couple lists which I have kept private because they are meant for me, not everyone else. Lists are handy for when you want to focus on a specific group of Twitter users. I may, for example, switch from my general Twitter stream to my Lawyers list to see what those lawyers are talking about rather than try to single out their posts in my general Twitter stream of more than 1 100 people who I am following at the moment.

On Twitter you have two choices when it comes to publishing content: either publish your tweets to all your followers or don’t publish the tweet (you also have an option to Direct Message people on Twitter but its a one to one messaging system). There is no granularity. This binary choice means you may be reluctant to share something you only want certain people to see. That limits how you use Twitter.

Circles borrows from the Facebook friends model and Twitter Lists. Using Circles you can limit your consumption and sharing to specific Circles or you can publish to the Public stream. Unlike with Facebook and Twitter you have quite a bit of control over who to share your posts with. In this example below you can see that I elected to share a post with people in my Acquaintances Circle, Sergey Brin and Robert Scoble. I also have the option of sharing my post with people in my Acquaintances list by email (they are not yet using Google+).

Google+ post with share options

Privacy is about secrecy and about informational self-determination (being able to decide how your information is distributed and manipulated). Jeff Jarvis made the point that if you engage in a social network, the point is to share so privacy as secrecy is less of an issue. On the other hand, the other aspect of privacy becomes even more important because you want to be able to decide who can see what you share. The level of control Circles gives users may alleviate any anxiety about sharing stuff intended for a limited group of people. I prefer to limit visibility of my photos of my children to friends and family and its one of the main reasons why I am fairly selective about my Facebook friends. On Google+ I can share those photos with friends and family in one post and publish an interesting link or a few thoughts completely publicly in the next post. I have more control over who gets to see my posts. Moreover, users also have pretty granular control over their Circles’ visibility (apologies for the cross-linking, I wrote about this aspect of Google+ privacy on my personal blog). This level of control makes Google+ far more attractive to users as a candidate for the one social network for all contexts.

Google has said that Circles are based on real-world interactions in that we tend to segment our contacts contextually. We have colleagues, friends, family, hobbyists and so on. Circles creates the infrastructure to recreate those contextual groups in a social networking environment. It is also important to bear in mind that Google+ is the latest and most publicized of a number of updates Google has rolled out and will be rolling out to make the Google ecosystem itself a social platform. Google+ is also still in a limited field test and isn’t open to the public just yet so it remains to be seen whether it will gain traction with mainstream users. Regardless of whether it does attract a large userbase, Google+ has demonstrated a very different privacy paradigm which addresses many of the criticisms levied against Facebook in the past.