Google does not get privacy
Sundar Pichai, CEO of Google, in an interview with Walt Mossberg at Recode’s Code Conference 2016 1:
We want you to be able to tell Google: maybe the last four hours, just take it off and go off the record. […] you can switch on in-cognito mode. […] I want to save every conversation that I have with my daughter for eternity […]; but some other converations, […] maybe with my general council at Google, I want to be private.
Google has a binary view on privacy. Things are either on the record or off the record—with the default being the former.
For things that are “on the record”, Google’s terms of service they are very explicit about what they can do with it. Namely:
- You grant them “a worldwide license to use, host, store, reproduce, modify, create derivative works […], communicate, publish, publicly perform, publicly display and distribute such content”,
- and, of course, to “analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising […]”,
- and lastly, “this license continues even if you stop using our Services”. 2
But, to many people, privacy isn’t that simple and not binary. Consider the following examples:
- You might keep a journal, which you want to have accessible even many years later.
- Private conversations that you have with your child.
Would you want those things to be “on the record”? While many people trust Google with that data, as Pichai points, it is questionable whether they are fully aware of who is getting what kind of license and access to their content, when they are using their phone or computer.
For people who do not want these things on the record, while still getting the benefit of them being safely backed up and synchronised between multiple devices, Google provides no help; there is no option in between that lets you get benefits of using cloud services but without granting all these rights to Google.
If Google wanted to truly get better at privacy, they would do the following:
- Revise the terms of use and don’t apply the above mentioned license to all the user’s content, but just to content that the user shares publicly or with a certain set of users.
- Make content private by default rather than “on the record” by default.
- Enable end-to-end encryption by default where possible when sharing data between users.
As hinted at in the interview, Google wants to tackle the second point by using machine learning to infer defaults better than using their currently manual heuristics; that’s a good start. They also should do more on email encryption, and they should enable end-to-end encryption by default on their new Allo app—that would bring them on par with iMessage, Whatsapp and, soon, Facebook Messenger. The big one though is the first point; it is possible as Apple demonstrates 3, but it is a shame that Google’s business model gives them limited incentive to follow suit.
-
Longer transcript of what Sundar Pichai said (slightly paraphrased by me for readability):
For me: The onus is on us to give enough value that people trust us. Privacy is something that machine learning and AI at Google will help us to do better. Lots of times, it is hard to do privacy because we rely on manual heuristics and how to go to give you manual controls and settings to do these things. But we do these better. Very soon you will be able to give your name to Google and we’ll pop up your My Account settings and control all of that. About a billion people went through these settings in the last year alone. But all the time we want to get even better, we want you to be able to tell Google: maybe the last four hours, just take it off and go off the record. We can do these kind of things. When you use Chrome, you can use it any way you want, you can switch on in-cognito mode, if you want to; we are doing it the same with the messaging product. We give users choice. All the time, we get smarter to give users sophisticated privacy controls. You know, I want to save every conversation that I have with my daughter for eternity, and because I want to be able to go back, look back and et cetera; but some other conversations, I want to, maybe with my general council at Google, I want to be private. I want to be able to do those things and we want to be smart about it all those times.
-
Expanded extract:
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works […], communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services […] Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection.
-
Licensing terms for Content in Apple’s iCloud terms (highlight mine):
[…] by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.