Thursday, 1 August 2013

Google's Data-Trove Dance Internal Debates Arise Over Using Collected Information and Protecting Privacy


In 2011, Google Inc. GOOG -0.36% Chief Executive and co-founder Larry Page asked executives to develop a new, simplified privacy tool that would act as a kind of sliding scale, allowing users to designate whether they wanted minimal, medium or maximum collection of information about them in all of Google's services, and how much the information would be shielded from being viewed by other users.
After much wrangling and many attempts to build the "slider" tool, whose three main settings were nicknamed "kitten," "cat" and "tiger," the idea was abandoned last year, according to people familiar with the matter. Because Google has so many Web services that operate differently, executives found it impossible to reduce privacy controls to so few categories, these people said. Also, allowing people to select the maximum-protection setting, known as the "tin-foil-hat option," went against Google's newer efforts to get more people to share information about themselves on the Google+ social-networking service, they said.
Many of us spend hours on Google's products, like maps, email and games. What does Google know when it compiles all that data? Tom Gara learns what Google Dashboard knows about him.
Technology companies say they care about user privacy and seek to shield their users from unwarranted government intrusion, but they are collecting and sifting increasing volumes of user data from which they profit. For most consumers, providing personal information for Web services is a worthwhile trade. Others object to having their online lives tracked and analyzed.
The breadth of Google's information gathering about Internet users rivals that of any single entity, government or corporate. The Web search and advertising giant continues to expand its collection and analysis of data, turning its mission to index the world, its people and their interests into a roughly $50 billion-a-year advertising business. Google executives also remain closed about much of its internal data-handling practices, fearing that discussing privacy-related topics might hurt the company with consumers, according to people who have worked on privacy issues at the firm.
But there are signs Google is feeling increased pressure to calibrate how much emphasis it puts on user privacy. Scarred by a small number of past user-privacy missteps that generated global controversy, and under increased regulatory scrutiny in the U.S. and Europe, executives are engaged in wide-ranging internal debates and in some cases slowing product launches to address privacy concerns, according to people familiar with the matter.
Associated Press
Sundar Pichai, Google's senior vice president for Chrome and apps, speaks at the Google I/O conference in May.
Eric Grosse, Google's vice president of security and privacy engineering, said in an interview that the company cares deeply about protecting people's personal information and tries to be "as forthcoming as we can" about how all the intricate mechanisms on the Web work.
Thousands of Data 'Events'
Every hour, an active Google user can generate hundreds or thousands of data "events" that Google stores in its computers, said people familiar with its data-gathering process.
These include when people use Google's array of Web and mobile-device services, which have long collected information about what individuals are privately searching for on the Web. It includes the videos they watch on YouTube, which gets more than one billion visitors a month; phone calls they've made using Google Voice and through nearly one billion Google-powered Android smartphones; and messages they send via Android phones or through Gmail, which has more than 425 million users.
If a user signs in to his or her Google account to use Gmail and other services, the information collected grows and is connected to the name associated with the account. Google can log information about the addresses of websites that person visits after doing Google searches.
Even if the person visits sites without first searching for them on Google, the company can collect many of the website addresses people using Google's Chrome Web browser or if they visit one of millions of sites that have pieces of Google code, such as its "+1" button, installed.
Android-based phones and Google Maps can collect information about people's location over time. Google also has credit-card information for more than 200 million Android-device owners who have purchased mobile apps, digital books or music, said a person with direct knowledge of the matter.
Google doesn't have as much information tied to individual people by name as does Facebook Inc.,FB -2.20% according to some former Google employees. (Facebook says it has more than 1.15 billion monthly active users, though the social network performs fewer functions and thus captures fewer data types than Google.) But Google, by pushing website visitors to use services such as its Google+ social-networking service, has been working to catch up on that front.
The company is continuing to try to learn more about individual users so that it can provide personalized services such as Google Now, which tries to provide information to people before they even search for it, such as alerting them to traffic updates before their scheduled meetings.
Going forward, Google could obtain new types of data through wearable devices such as Google Glass that can capture information around the wearer, and through its efforts at owning the pipes and airwaves that directly connect people to the Internet in cities in the U.S., South Africa and elsewhere.
Google has a "unique responsibility to have serious safeguards around how it uses data, given the vastness of its scope," said Jules Polonetsky, chairman of the Future of Privacy Forum, a nonprofit think tank sponsored by Google and many other technology companies.
In 2,200 words, Google's privacy policy puts few restrictions on how much it can collect or use. More than most peers, Google has been willing to show users some of the information it has collected about them, a feature they can access through their Google accounts or privacy settings. (Very few consumers actually use the tools, according to people familiar with their usage.)
Google also makes available to people a list of information that is used to target ads to them, based on the websites Google knows they have visited and information they have provided to Google services. People have the option of blocking Google from targeting ads to them based on the data.
More Privacy Fights
But more-rigid privacy reviews and launch delays are more common now, say people familiar with the matter. Creating Google Now, a service for mobile devices that was developed starting in 2011 and launched in 2012, was an ordeal, said a person familiar with the process. The Google Now team had to obtain extensive permissions for clearance to siphon out data from different product groups, such as Gmail and Google Search, this person said.
Legal reviews of the product delayed development by weeks, this person said. The product team had to make sure that if a person deleted an email from Gmail, for instance, Google Now would also delete that piece of information, another person said.
Google's engineering privacy group and company lawyers sometimes hold off a launch until such changes have been made, said other people familiar with the process.
"The product is not...God anymore," one of these people said.
Some products holdups occur to make sure that information collected about users when they are signed in to their Google accounts cannot be combined with information collected about the same users when they aren't signed in, according to another person familiar with the process.
The company has long believed in keeping such buckets of data separate from one another, though since 2011 it has increasingly combined information about people's use of Google services while they are signed in.
When a person isn't signed in and uses Google's Web-search engine, for instance, the search information is collected and tied to his or her IP address—a string of numbers associated with his or her computer—and a "cookie" data file stored on his or her Web browser. The company says it anonymizes that information after nine months, stripping off some of the IP numerals.
Privacy watchdogs in some European countries have issued rulings that Google must roll back part of its 2012 privacy-policy changes that made it easier for the company to mix pieces of data about a person that were collected by various services, or that Google must provide users with details about how long it keeps each type of data about them. Some of the agencies say Google needs to give users the ability to agree to the 2012 changes or keep their information separate as it had been before.
Google has said its changes respect European law and that it is engaged in talks with authorities.
Write to Amir Efrati at amir.efrati@wsj.com
A version of this article appeared July 30, 2013, on page B1 in the U.S. edition of The Wall Street Journal, with the headline: Google's Data-Trove Dance.

No comments:

Post a Comment