An Open Letter to Google:
Concepts for a Google Privacy Initiative
May 9, 2006
Greetings. When I was recently invited to speak at Google's Santa Monica center (Video) , I was impressed by the quality of the facilities, but even more so by the caliber of the Google employees I met during my visit. Google's capabilities are extraordinary. While I have been publicly critical of some Google policies, my concerns have been focused not on Google today, but rather mainly on how Google's immense data processing, storage, and related infrastructures might be abused in the future, particularly by outside entities in a position to force Google's hand despite Google's own best intentions.
As discussed in my talk, I consider Google to be an incredibly important and admirable resource with vast potential to do good. But by the same token, it is largely this very power that increases the risks of serious abuses of Google capabilities being forced upon the organization, and Google will likely be unable to mitigate many of these unless it takes major proactive steps on an immediate and ongoing basis, particularly including privacy-related efforts.
Increasingly, Internet users are becoming highly sensitized to both perceived and real risks to their privacy associated with their use of the Net. While the real risks we face in this arena are serious enough, people's confidence (or lack thereof) in products and services will in many cases be shaped primarily by perceptions, and often significantly less by the underlying realities. This highlights the critical fact that to be truly successful, efforts to reduce privacy risks must not only have genuine and ongoing positive privacy effects, but also need to be clearly perceived by users and the broader public to be in place and fully supported as primary goals of the organizations involved.
Web-based search engines are an obvious current focus of many privacy concerns, but as more traditional "desktop" applications migrate to tightly coupled topologies with user data stored on remote servers not under users' direct local control (e.g. for PC searches, document preparation, e-mail, etc.), these issues and related potential risks are rapidly spreading across the entire computer and Internet spectrums.
Fears that users' private information may be increasingly subject to intrusive perusal by law enforcement or other authorities (often with minimal and/or questionable cause) are further damaging user confidence in such services, with a range of issues related to data retention being an important element at the heart of these concerns. To the extent that potentially sensitive data is stored for extended periods, particularly in non-anonymous forms, it is inevitable that outside demands for access to it -- on ever broader scales -- will be accelerating. While individual court cases will of course vary in their results, the court system cannot be relied upon to always render appropriate decisions regarding such matters, particularly in today's political and legislative environments.
I believe that Google, by virtue of its Internet industry leadership, technical and human resources, and corporate culture, is in a unique position. Google can demonstrate how world-class privacy protection policies and technologies can be developed and deployed in ways that enhance user confidence in current and future Google services -- by proactively protecting users' private data without interfering with service operations, innovation, R&D, or the legitimate concerns of law enforcement. Google could be the acknowledged global leader in this area, becoming synonymous with the concept of integrating new and advanced privacy capabilities into world-class Internet services and products.
Obviously the confidence such efforts would engender in Google's users would be healthy for Google's bottom line, but more importantly it will provide genuine and continuing real benefits to the Google user community itself (i.e. the entire world). Where non-proprietary information is involved, further benefits to society could be achieved through making publicly available (via published papers, conferences, etc.) those aspects of resulting privacy-related R&D technologies that could be deployed by other entities to the benefit of the global community.
I recommend that Google establish a team explicitly dedicated to the development and deployment of privacy-related efforts as outlined above. Such a team would be tasked with establishing the framework of these projects in a consistent manner, and ensuring to the greatest extent practicable that all current and future Google products and services would be integrated (from the outset when possible) with these privacy technologies and policies. The team would need access to other individuals within both the development and operational aspects of Google, and ideally would report directly to high-level management.
To be effective, such a team would need to be significantly interdisciplinary in its makeup and scope, including a variety of skills. Some of these would include a broad range of CS capabilities (including specialized mathematical disciplines related to encryption, among many others). Experience in dealing with the particular and complex interplay between technology and societal issues will also be an important component of such a team.
Google's growing scale and influence suggest that the sorts of privacy efforts suggested herein could be among the most important non-governmental privacy-related endeavors for many years to come, and could have vast positive impacts far into the future not only for Google and its users, but throughout the commercial, nonprofit, and government sectors.
This document represents a very brief conceptual outline, offered with only the best interests of both Google and the world at large in mind. Google and the broader Internet are at a critical crossroads in many respects, and I believe that Google has the opportunity to do enormous good by initiating the types of efforts that I've described.
I would welcome the opportunity to discuss these concepts with you in more detail and to work with Google toward their realization, as you may deem appropriate.
Thank you very much for your consideration.