I recently attended the Google Summit. The issue of privacy and of Google's policies on privacy came up repeatedly. Here are some thoughts on this topic.
----------
This issue is portrayed as one of privacy invasion: My email or my Internet searches are private and Google should not poke its nose in my private information. I would argue, however, that the problem is less one of privacy, and more one of trust.
There is a lot of "private" information that we are willing to trust in foreign hands. My wife knows a lot about my private life. My physician has a lot of intimate information about me. A hurried executive may have her secretary read all her email at work. I trust my cellphone or my laptop to carry a lot of private information.
"Privacy" is a relatively modern concept: Neither the kings of France, woken up by a bevy of people assisting them in their morning toilet, nor his subjects living a dozen to a room had much privacy. But both kings and serfs were sharing their private life with people they knew and trusted. We now share an increasing amount of information without being aware of it, with companies we may not trust. Companies such as Google must create the missing trust, or else they will face increasing obstacles getting to the information they need.
The core issue then, for us and Google, is why do we trust our most significant others, our physician, and our cellphone, but not a Google cloud?
This is a question best answered by anthropologists rather than law or technology experts. Some possible answers come to mind.
1. First rule: Don't break in. We trust our cellphone because it is ours, in our hand. Hence the profound sense of violation when Amazon removes a book from our Kindle: We discovered that Amazon had the keys to our Kindle. Same as the feeling we would have discovering that the person we bought a house from kept the keys to the house. We want to hold (or believe we hold) the keys to our devices.
2. Second rule: Don't spy. We have no problems with people seeing us in a public place, or hearing what we say if we speak loudly in a public place (although courtesy requires they pretend they do not hear us when we do not address them). We have a problem with a hidden camera taking our picture without us being aware of this, or a hidden microphone recording us. A hidden surveillance camera at the entry of a public building violates our privacy; a human-like robot with a camera in place of eyes does not violate our privacy anymore that a guardian at the entrance of that building would.
Access to our information should be obvious and conspicuous. Thus, when I type a search in Google Search, I expect my typed search to be available to Google. When I follow one of the returned links, I do not necessarily expect this information to be available to Google. Logically, I may be aware that Google collects information on followed clicks. Psychologically, I feel that I am now contacting another entity -- I do not need Google to make the introductions.
Having an privacy policy with a lot of fine print is not the answer to this requirement. At any point in time it should be obvious what entity is capturing my information.
3. Third rule: Don't gossip. Each piece of information we receive from a friend in a conversation has implicit sharing rules. If my friend tells me of his marital trouble, this is not to be shared with anybody. If he tells me he is getting married, then this can be shared with all our mutual friends, but not with companies in the wedding industry. If he tells me he is interested in a new job, I may tell potential recruiters, but not his current boss. In other words, we deduce what is the circle of people my friend wants the information to reach and act accordingly, as his agent. When the implication is not obvious, I may ask my friend; or, he may explicitly restrict the "gossip circle" ("Please don't tell xx", "Please keep this confidential"). Leaking information beyond this circle is a breach of trust.
Most companies today are like a gossip that can be always trusted to share information we provide him with all his social circle: Very consistent and reliable, but not a good partner for intimate conversation. We need reliably enforced context and content dependent gossiping rules that are based on a simple principle: When we share information we got from a person, we act as his agent: We should share the information he provided only if this is to his advantage.
4. Fourth rule: Be trustful. I share information with people I trust. The trust may be build on long term relations of reciprocity, such as I have with my spouse and my friends, or a physician I visit regularly. Trust may be build on social, ethical and legal rules: I trust physicians or lawyers, in general, to follow the ethical and legal rules governing their professions. Trust is not a rational attitude, it is a primordial feeling that is essential to social life.
Trust is slowly gained and easily lost. Companies that depend on the trust of their customers (e.g., banks) carefully cultivate their trustworthiness and invest significant efforts to avoid breaches of trust and handle expeditiously any problem that may occur. One way this is done is by having a clear human face that represents the institution and that can convince its customers that he or she cares about them.
While technology can help prevent breaches of trust, trust is not a technical problem. It is a problem of attitude and perception.
The business model of Google is that Google provides to us useful services, and in exchange, we provide Google with access to some private information. Google makes money by aggregating and monetizing information provided by its many customers. The model works because of our collective trust. We know, at some logical level, that Google reads our emails and tracks our web accesses. But this intrusion is sufficiently light-handed for us to be willing to "suspend our disbelief". A few missteps could easily change our attitudes and significantly hurt the business model of Google. I can image people feeling revulsion at the idea that some company reads their email or tracks their clicks -- not trusting anymore the company's handling and use of this information.
Is a geeky company such as Google capable of handing the "touchy-feeling" issue of trust? Can its young, geeky founders be the human face of a trusted company that cares about its customers, not the environment?
