Law in the Internet Society

IN PROGRESS...

The Many Privacy Problems with Google's Entry into Broadband Telecommunications, and Why Users Won't Even Notice

-- By SethLindner - 06 Nov 2009

Recent Google Acquisitions

Two acquisitions over the past two years indicate Google's interest in entering into the VoIP telecommunications industry. Google's first move was its acquisition in 2007 of a company called GrandCentral, a web-based call forwarding system that provided users with a single phone number from which calls could be routed to multiple other phone numbers based upon user-configurable preferences (like who was calling and when). In April of 2009 the service was launched as Google Voice. In addition to the call forwarding features of GrandCentral, Google Voice adds call screening, blocking of unwanted calls, and voice transcription to text of voicemail messages. Currently Google claims to have more than 1.4 million users of Google Voice, of which about 570,000 are active users.

Although the Google Voice service probably seemed useful to those with many phone numbers, it wasn't exactly what people think of as a VoIP service because all phone calls still needed to be routed to a permanent phone number. So, even though Google Voice was free to use, it really wasn't a complete replacement for existing telephone services. This is where Google's recent acquisition of a company called Gizmo5 comes in.

Don't Look Too Closely -- Google's Privacy Policy

I imagine that the eyebrows of even those with the utmost trust for Google were raised upon learning that Google Voice provides written transcriptions of voice mail messages and recorded phone calls.

"Wait a minute. Google knows exactly what someone told me in my voice mail?"

Yes, if you use Google Voice, Google does know the content of your voice mail. You're just surprised because their proving it to you by sending you a transcript.

"Okay, so even if they DO know what's in my voice mail, I'm sure Google won't share that information about me to anyone, right? Let me take a quick look at their privacy policy to see what it says about all this."

Google's privacy policy is what I would call attractively deceptive. The attractive part is what Google wants you to see. The first line reminds us that Google believes that privacy is important. Shortly thereafter, we see a link to the U.S. Department of Commerce's Safe Harbor Program. That sure sounds safe. Reading further, we see that our "personal information" will only be processed for the purposes described in the policy and that our "sensitive personal information" will only be shared with outside individuals/companies with our consent. Further, the policy states that something called "aggregated non-personal information" may be shared with third parties, but that such information does not "identify [users] individually". Up until now, this seems pretty attractive.

Here is the deceptive part. If we look at how Google defines "personal information", "sensitive personal information", and "aggregated non-personal information" and what uses Google explicitly reserves, we see some startling possibilities. Let's begin with "personal information", which is defined by Google as information that "personally identifies you, such as your name, email address or billing information." This type of information can be "process[ed] . . . on behalf of and according to the instructions of a third party" although it seems as though "personal information" cannot be "shared" with third parties without user consent. This begs the questions of We as users have no control over who this is or how the data is processed. And even if Google doesn't directly give away our names or addresses, it does allow targeted advertising.

Google Voice has its own privacy policy and even more clever deception. For instance, if you delete something from your Google voice account, the deletion will take immediate effect in your account view.

"Whew! Good thing I got rid of THAT message. I could be in big trouble if it got around."

Unfortunately, the information is not deleted from Google's offline backup systems. In other words, it is there forever, permanently, and you've given Google permission to keep it. In effect, the only thing Google does when you delete the information is to keep you from being able to access it anymore. I'm sure Google would argue that these backups are necessary for system stability, but the danger is that most users will simply forget that Google still has it, once it is removed from their view.

"A Higher Sense of Privacy" -- User Reactions to Google Voice

I was curious to see what the buzz on the internet was about privacy issues raised by Google Voice, so I did a search for "google voice privacy." One article discussed some of the advantages and disadvantages of Google Voice, noting that the possibility of advertisements was a disadvantage, although Google hadn't yet included any ads on the Google Voice site (as it has for Gmail). Then came a reader comment that really scared me:

"I don't see Google opening [Google Voice] up to ads, or at the very least, no targeted ads, as I feel that phone calls are a bit more sensitive than emails, and come with a higher sense of privacy. If they launched targeted ads, I think there would be a backlash, and a dropoff in usage."

I'm worried by this statement because I think this user almost completely correct. Most users probably don't want to see advertisements in Google Voice that appear to be targeted to the content of their phone calls. And I think most users believe that phone calls should be entitled to greater privacy protection than other forms of communication. The problem is that just because Google doesn't show ads on the Google Voice site doesn't mean that they aren't using your phone transactions and the content of your transcribed calls as inputs to their vast data mining operations. It only means that users are less likely to realize that this is what is happening. Unless Google is simply providing the Google Voice service out of the goodness of its heart, we can safely assume that Google intends to make money from its users conversations (the $30 million Google just spent in the Gizmo5 acquisition combined with the vast number of companies with whom Google has had to work to make Google Voice a reality is strong evidence that Google's cost of providing the service is significant, even if it pays next to nothing for the bandwidth).

Navigation

Webs Webs

r4 - 19 Nov 2009 - 20:54:56 - SethLindner
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM