| |
| META TOPICPARENT | name="FirstPaper" |
|---|
IN PROGRESS... |
|
<
< | The Many Privacy Problems with Google's Entry into Broadband Telecommunications, and Why Users Won't Even Notice |
>
> | Privacy Loopholes in Google Voice, and Why Users Won't Even Notice |
| | -- By SethLindner - 06 Nov 2009
Recent Google Acquisitions |
|
<
< | Two acquisitions over the past two years indicate Google's interest in entering into the VoIP telecommunications industry. Google's first move was its acquisition in 2007 of a company called GrandCentral, a web-based call forwarding system that provided users with a single phone number from which calls could be routed to multiple other phone numbers based upon user-configurable preferences (like who was calling and when). In April of 2009 the service was launched as Google Voice. In addition to the call forwarding features of GrandCentral, Google Voice adds call screening, blocking of unwanted calls, and voice transcription to text of voicemail messages. Currently Google claims to have more than 1.4 million users of Google Voice, of which about 570,000 are active users. |
>
> | Two acquisitions over the past two years indicate that Google may be getting serious about significantly entering the VoIP telecommunications industry. In 2007 Google bought a company called GrandCentral, which ran a web-based call forwarding system that provided users with a single "central" phone number from which calls could be routed to multiple other phone numbers based upon user-configurable preferences. In April of 2009 the service was launched as Google Voice. In addition to the call forwarding features of GrandCentral, Google Voice adds call screening, blocking of unwanted calls, and voice transcription to text of voicemail messages. |
| | |
|
<
< | Although the Google Voice service probably seemed useful to those with many phone numbers, it wasn't exactly what people think of as a VoIP service because all phone calls still needed to be routed to a permanent phone number. So, even though Google Voice was free to use, it really wasn't a complete replacement for existing telephone services. This is where Google's recent acquisition of a company called Gizmo5 comes in. |
>
> | While Google Voice allowed users to essentially consolidate all of their conventional phone numbers into one Google Voice number, it still required users to have a separate land line or cellular telephone to make or receive calls. It appears that this is about to change. Google recently announced that it had purchased a company called Gizmo5 for $30 million. Gizmo5 offers the missing piece to the VoIP? puzzle for Google by providing an actual phone number and software to make and receive calls. Many people speculate that Google will integrate the Gizmo5 features into Google Voice, creating a no-cost centralized telephone system that simultaneously threatens pay services like Skype and cellular telephone services like Verizon and AT&T. |
| | |
|
<
< | Don't Look Too Closely -- Google's Privacy Policy
I imagine that the eyebrows of even those with the utmost trust for Google were raised upon learning that Google Voice provides written transcriptions of voice mail messages and recorded phone calls. |
>
> | Currently Google claims to have more than 1.4 million users of Google Voice, of which about 570,000 are active users. |
| | |
|
<
< |
"Wait a minute. Google knows exactly what someone told me in my voice mail?"
Yes, if you use Google Voice, Google does know the content of your voice mail. You're just surprised because their proving it to you by sending you a transcript. |
>
> | "A Higher Sense of Privacy" -- User Reactions to Google Voice
I was curious to see what the buzz on the internet was about privacy issues raised by Google Voice, so I did a search for "google voice privacy." One article discussed some of the advantages and disadvantages of Google Voice, noting that the possibility of advertisements was a disadvantage, although Google hadn't yet included any ads on the Google Voice site (as it has for Gmail). Then came a reader comment that really scared me: |
| | |
|
<
< | "Okay, so even if they DO know what's in my voice mail, I'm sure Google won't share that information about me to anyone, right? Let me take a quick look at their privacy policy to see what it says about all this." |
>
> | "I don't see Google opening [Google Voice] up to ads, or at the very least, no targeted ads, as I feel that phone calls are a bit more sensitive than emails, and come with a higher sense of privacy. If they launched targeted ads, I think there would be a backlash, and a dropoff in usage." |
| | |
|
<
< | Google's privacy policy is what I would call attractively deceptive. The attractive part is what Google wants you to see. The first line reminds us that Google believes that privacy is important. Shortly thereafter, we see a link to the U.S. Department of Commerce's Safe Harbor Program. That sure sounds safe. Reading further, we see that our "personal information" will only be processed for the purposes described in the policy and that our "sensitive personal information" will only be shared with outside individuals/companies with our consent. Further, the policy states that something called "aggregated non-personal information" may be shared with third parties, but that such information does not "identify [users] individually". Up until now, this seems pretty attractive. |
>
> | I'm worried by this statement because I think this user almost completely correct. Most users probably don't want to see advertisements in Google Voice that appear to be targeted to the content of their phone calls or voice messages. And I think most users believe that phone calls should be entitled to greater privacy protection than other forms of communication. The problem is that Google already knows how to play this game. It knows that we do want to feel like someone is standing over our shoulder. It knows that if we pick up the phone and hear nothing but measured breathing on the other end of the line, we're going to hang up pretty quickly. Google's response, then, will be to encourage us to believe that is offering a service that is both free and private.
A careful reading of Google's privacy policy reveals what are likely the real dangers. I call this policy attractively deceptive, because once we look beyond the first line reminding us that Google believes that privacy is important, and the statement of compliance with the U.S. Department of Commerce's Safe Harbor Program (that sounds safe), we see some startling possibilities. |
| | |
|
<
< | Here is the deceptive part. If we look at how Google defines "personal information", "sensitive personal information", and "aggregated non-personal information" and what uses Google explicitly reserves, we see some startling possibilities. Let's begin with "personal information", which is defined by Google as information that "personally identifies you, such as your name, email address or billing information." This type of information can be "process[ed] . . . on behalf of and according to the instructions of a third party" although it seems as though "personal information" cannot be "shared" with third parties without user consent. This begs the questions of We as users have no control over who this is or how the data is processed. And even if Google doesn't directly give away our names or addresses, it does allow targeted advertising. |
>
> | Let's first look at how Google handles "personal information," which Google defines as information that "personally identifies you." The Policy plainly allows Google to "process [personal information] on behalf of and according to the instructions of a third party." I see at least two problems here. First of all, even though Google says that it won't directly "share" personal information with third parties without consent, Google still has a whole lot of personal information that it can use for its own purposes. Second, it seems that third parties (advertisers, banks, potential employers?) could learn quite a lot about you just by "processing" your personal information. |
| | Google Voice has its own privacy policy and even more clever deception. For instance, if you delete something from your Google voice account, the deletion will take immediate effect in your account view. |
| | "Whew! Good thing I got rid of THAT message. I could be in big trouble if it got around."
|
|
<
< | Unfortunately, the information is not deleted from Google's offline backup systems. In other words, it is there forever, permanently, and you've given Google permission to keep it. In effect, the only thing Google does when you delete the information is to keep you from being able to access it anymore. I'm sure Google would argue that these backups are necessary for system stability, but the danger is that most users will simply forget that Google still has it, once it is removed from their view. |
>
> | Unfortunately, the information is not deleted from Google's offline backup systems. In other words, it is there forever, permanently, and you've given Google permission to keep it. In effect, the only thing Google does when you delete the information is to keep you from being able to access it anymore. The danger, of course, is that most users will simply forget that Google still has it, once it is removed from their view. This shows again why Google Voice is uniquely dangerous. People will use it without even knowing how much information they are really sharing with Google. And even if they realize that they've shared something they wish they hadn't, there isn't any way to get it back. |
| | |
|
<
< | "A Higher Sense of Privacy" -- User Reactions to Google Voice
I was curious to see what the buzz on the internet was about privacy issues raised by Google Voice, so I did a search for "google voice privacy." One article discussed some of the advantages and disadvantages of Google Voice, noting that the possibility of advertisements was a disadvantage, although Google hadn't yet included any ads on the Google Voice site (as it has for Gmail). Then came a reader comment that really scared me:
"I don't see Google opening [Google Voice] up to ads, or at the very least, no targeted ads, as I feel that phone calls are a bit more sensitive than emails, and come with a higher sense of privacy. If they launched targeted ads, I think there would be a backlash, and a dropoff in usage."
|
| | |
|
<
< | I'm worried by this statement because I think this user almost completely correct. Most users probably don't want to see advertisements in Google Voice that appear to be targeted to the content of their phone calls. And I think most users believe that phone calls should be entitled to greater privacy protection than other forms of communication. The problem is that just because Google doesn't show ads on the Google Voice site doesn't mean that they aren't using your phone transactions and the content of your transcribed calls as inputs to their vast data mining operations. It only means that users are less likely to realize that this is what is happening. Unless Google is simply providing the Google Voice service out of the goodness of its heart, we can safely assume that Google intends to make money from its users conversations (the $30 million Google just spent in the Gizmo5 acquisition combined with the vast number of companies with whom Google has had to work to make Google Voice a reality is strong evidence that Google's cost of providing the service is significant, even if it pays next to nothing for the bandwidth). |
>
> | I think it is safe to assume that Google intends to make money from its users conversations (the $30 million Google just spent in the Gizmo5 acquisition combined with the vast number of companies with whom Google has had to work to make Google Voice a reality is strong evidence that Google's cost of providing the service is significant, even if it pays next to nothing for the bandwidth). If Google continues its current practice of not showing advertisements on the site, I think users need to think seriously about how their information is actually being used. There is no question that Google is making money off of its users, so it is a foolish (but I'm afraid all too common) mistake to believe that just because we can't tell exactly how our privacy is being violated and our autonomy being curtailed, those things aren't indeed happening on a massive scale. |