Google: Skynet?

In honor of International Data Privacy Day, Google just released a list of five “Privacy Principles.” Google said it will implement the following ideals when creating new products and services:

• Use information to provide our users with valuable products and services.
• Develop products that reflect strong privacy standards and practices.
• Make the collection of personal information transparent.
• Give users meaningful choices to protect their privacy.
• Be a responsible steward of the information we hold.

These are important principles and they are a great start for a company that collects as much data as Google does.

But these five principles are focused on Google’s own use of data.  It is a “Web 1.0″ model of privacy, where all of the concern is focused on how Google itself uses the data it collects.  Call it a commitment to “Privacy 1.0.”

One important concept is missing entirely from Google’s list: social privacy.

We live in a Web 2.0 world. Data flows through Google in a million ways: through search, through Blogspot, through YouTube, and more.  Even if Google promises to not use any of this data itself, thousands of other people can.  A video of you hosted on YouTube and found through a Google search can have a far greater impact on your privacy than Google’s use of contextual advertising to serve you ads about suntan lotion when you search for “Bermuda.”  Think about it: do you care more about contextual advertising, or a video of you that comes up for any Google search for your name?  But Google’s privacy principles do not address this at all: they are entirely focused on Google.

In other words, even if Google promises that it will not misuse data, that does not mean that Google is respecting your privacy.  Google is part of a larger privacy ecosystem.  In fact, Google is perhaps the largest and most powerful part of the Internet’s privacy ecosystem.  Google’s products (search, Blogger, YouTube, and more) connect more people to more information than any other company in history.  It is crucial that Google recognize its role as the central connection in a massive data ecosystem.  If Google creates a system that allows other people to violate your privacy, Google is complicit.

Take just a few examples that Google’s privacy principles do not even consider.  Each of these has significant privacy implications:

• If the first result for a search for your name is a site with your home address and phone number
• If the first result for a search for your name was a site that displayed your medical history, HIV/AIDS status, sexual orientation, or other private information
• If the first result for a search for your name was a “hidden camera” video of you
• If someone else created a blog about you through Google’s BlogSpot service that listed everything you did every day
• If someone else posted a video of you on YouTube that contained false and defamatory lies
• If a health insurer uses Google to search for your name near “cancer”, “diabetes” and “overweight” before denying you coverage
• If an employer uses Google to search for what you are doing in your off-hours and finds that you are politically active in a way that disagrees with the boss

People can disagree about what Google’s obligation is to address each of those situations.  But Google’s current privacy principles don’t admit that these are important questions, let alone address this social side of privacy.  Call this new form of privacy, “Privacy 2.0“–the concern that your information will be misused by “300 million little brothers” rather than Orwell’s Big Brother.  We’ve previously discussed the same principle as applied to Facebook: the concern is not that Facebook itself will violate your privacy, but rather that Facebook will empower other people to violate your privacy.

Google’s “privacy principles” are entirely focused on the old view of privacy, when the biggest fear was that Google itself would violate your privacy.  It’s easy to protect your privacy from Google that way: just don’t use Google.

But in the Web 2.0 world, it is time for Google to accept that its privacy choices have impacts that go well beyond its corporate use of data.  Google can create a system that allows users to protect their privacy from others.   As the largest and most important information provider, Google has an obligation to at least consider these privacy implications.  Its “privacy principles” don’t appear to even admit that its privacy practices affect a lot more than just its internal data use.  It’s time for Google to catch up with Privacy 2.0.

Did you know that tomorrow, January 28th, is National Data Privacy Day? It’s true! Data Privacy Day is a time for web users the world over to consider issues related information privacy online and ask questions about how they can help make the Internet a safer and more secure place.

Here at Reputation.com, CEO Michael Fertik is showing our leadership in the area of Internet privacy by serving as the keynote speaker for a special Data Privacy Day event sponsored by Microsoft and hosted by the Future of Privacy Forum. The Future of Privacy Forum is a Washington, D.C.-based think tank that seeks to advance responsible data practices.

Joining Michael for the event will be a host of Internet experts, including:

Marsali Hancock, President of the Internet Keep Safe Coalition (iKeepSafe)

Jim Harper, Director of Information Policy Studies at The CATO Institute

Brendon Lynch, Senior Director of Privacy Strategy for Microsoft’s Trustworthy Computing Group

Nat Wood, Assistant Director of Consumer & Business Education for the Federal Trade Commission’s Bureau of Consumer Protection

Jules Polotnesky, Co-chair and Director of the Future of Privacy Forum

If you live or work in the Washington, D.C. area, we encourage you to attend the discussion and offer your own perspective on Internet privacy and consumer protection issues. The event will run from 10:00am-1:00pm at the Newseum – Knight Conference Center at 555 Pennsylvania Avenue Northwest in Washington, D.C.

Yesterday, Hutch Carpenter wrote an excellent blog post on the importance of online reputation management and how business and technology trends over the last 15 years are leading us to a future where we might all have reputation scores based on our digital identities. The post, which combines a lot of different studies that we have talked about here on the Reputation.com Blog (such as the Kaiser Family Foundation study we talked about last week), is very well-researched and we recommend checking it out.

One thing that popped into my head while I was reading Hutch’s blog post was how closely tied it was to some of the things that Reputation.com CEO Michael Fertik has been saying in interviews for the past couple of years. In fact, if you look back at Michael’s pre-New Year’s ZDNet column, you will see that one of his social media predictions for 2010 is the widespread adoption of the online reputation score as a replacement or alternative to traditional credit scores. If that sounds far-fetched, consider that we have already seen banks and creditors admit to checking social media sites as part of determining an individual’s credit-worthiness.

Again, we urge you to check out Hutch’s well-written blog post. It is a pleasure to see other intelligent commentators beginning to share their insight into the reputation management field. While you are checking out the post, begin considering how your actions online are contributing to or detracting from your personal and professional success. If you don’t have control over your reputation currently, what are you doing to gain control?

Massachusetts Cyberbullies Suspended

Two girls allegedly involved in the bullying that led to the suicide of Massachusetts teen Phoebe Prince have been suspended from school. According to the news report, the school is investigating the incident, and more students may be implicated in the bullying. It is unclear at this time whether any formal criminal charges will be filed against the bullies.

Are We “Locked-In” to Facebook

Because of its sheer size, as well as the widespread functionality of Facebook Connect (which allows you to sign into different websites using your Facebook credentials), some people believe that Facebook is close to achieving “technical lock-in.” Technical lock-in refers to the process by which one technology becomes so dominant in society that people reject others, even if they present a more attractive alternative. An example cited in the article is the Qwerty keyboard.

70% of HR Professionals Have Rejected an Applicant Because of Information About Them Online

According to a Data Privacy Day survey human resources survey sponsored by Microsoft, 70% of HR professionals have admitted to rejecting a candidate based on what they found about them online. The survey also found that these numbers are expected to rise over the next five years and that, currently, people don’t consider managing their online reputations to be a top priority.

I think that bears repeating with italics for emphasis. Despite the fact that the majority of HR professionals and recruiters use the web to check out applicants, most people don’t consider managing their online reputations to be important.

Moral of the story: Don’t be most people.

New Symbol Will Help Consumers Identify Behavioral Advertising Online

According to the New York Times, the Future of Privacy Forum has spearheaded the creation of a new symbol that will help consumers recognize when they are seeing an Internet ad based on behavioral data. The symbol, which is blue with a white lower case letter “i” wrapped in a small cirle, is expected to achieve wide adoption and has been embraced (somewhat begrudgingly) by the Internet advertising industry.

Considering Health Care Reform from a Privacy Perspective

Forbes has a well-written article exploring the ramifications that health care reform will have on digital privacy. A study released by the Ponemon Institute shows that, generally, individuals are uncomfortable with having their private information centralized by any government or agency. This trepidation could spell trouble for lawmakers who seek to have medical information digitized and made accessible over an interconnected web-based network, which is a central part of President Obama’s vision for health care reform.

In yet another story highlighting the tragic consequences of cyberbullying, a 15-year-old Massachusetts girl hung herself after facing psychological abuse and harassment from bullies in school and online. According to ABC News, Phoebe Prince, an Irish immigrant and new arrival to the small Massachusettes town, committed suicide in part because she “had been teased incessantly, taunted by text messages and harassed on social networking sites like Facebook.” The news of Phoebe Prince’s suicide comes not long after a number of other tragic teen deaths, including the suicide of a 13-year-old Florida girl who had been victimized in school for “sexting.”

It is unclear at this point whether any formal charges will be sought against the individuals who bullied the girl, but the district attorney covering the case has said that there is an “open investigation” in place. For many child advocates, this latest incident has renewed interest in the development of cyberbullying legislation, something that was first considered in 2008 following the suicide of teenager Megan Meier. In an editorial for the Boston Herald, Margery Eagan echos the call for more substantial punishment for cyberbullies.

From the article:

When South Hadley authorities find the girls who drove Phoebe Prince to take her own life, they should prosecute them.

Stop pretending they’re just cruel and nasty girls being girls. They’re criminal torturers.

Once upon a time, as the bullied among us know, the torment ended at our front door. We were safe at home, enclosed by four walls, relieved, at least until the next morning at school.

But in wired-up 2010, there is no escape. The taunts come right through the bedroom walls. South Hadley High’s principal said Phoebe Prince was targeted via texts on her cell phone and taunts on her computer and Facebook and other social networking sites. Her tormentors had access 24 hours a day.

While the development of anti-cyberbullying legislation may help states prosecute cyberbullies more severely, truthfully, there is no guarantee that it will reduce the number of  cyberbullying incidents. As we wrote last week, kids and teens spend nearly every waking hour using digital technologies. Spending free time online has become the de facto pastime of our nation’s youth. To this end, the most effective way to prevent cyberbullying is to have an active and ongoing dialogue with your children about their Internet use and to spend time monitoring their behavior on the web for any warning signs of possible abuse.

For more information on talking to your kids about their Internet behavior, along with other suggestions to help stop cyberbullying before it stars, check out our guide on how to recognize and prevent cyberbullying.