Google admits it is in breach of UK data privacy

The BBC has reported that “Google has admitted that it had not deleted users’ personal data gathered during surveys for its Street View service. The data should have been wiped almost 18 months ago as part of a deal signed by the firm in November 2010. Google has been told to give the data to the UK’s Information Commissioner (ICO) for forensic analysis”.

When it was originally reported that Google had obtained private data from unsecured wireless networks whilst it was gaining images and spatial data for Street View, the company said it was a mistake and agreed to delete the data by the end of 2010.  However, Google has now contacted the UK’s Information Commissioner to say that not all of these data have been destroyed, asking what it should do with it.

As the BBC continued to report “Possessing data that should have been deleted ‘appears to breach’ the undertaking Google signed in November 2010, said the ICO in a statement. ‘The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern,’ it added”.

Google and Facebook: privacy and security

I have long been critical of Google, but two thing have recently begun to make me begin to think again.  First, they have developed an amazing App – Google Translate!  Whilst the translations are by no means perfect, the idea behind the App is brilliant.  At its best, you can speak the phrase that you want translated, and the App will then give you a translation in more than 60 different languages, all as text and some as a sound file.  Using such software, someone can speak a phrase in Indonesian and then the App will translate it so that someone else can hear the phrase in Portuguese or Russian or Czech.  This is really beginning to use the potential of mobile technologies to help people from many different backgrounds communicate with each other.

However, this is not the main purpose of this note.  Anyone who uses Google software cannot but be aware of the changes to Google’s privacy policy that are due to come into force on 1st March.  This is the important thing – Google, for a change, appears to be trying to be much more open than ever before in explaining the reasons why it is adopting new privacy policies.  As they say, “We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google”. In clarifying the reasons for this, Google claims that it will make it easier to work across Google, it will be tailored for users, it will be easier to share and collaborate, that its fundamental principle of protecting user privacy has not changed, and that it helps users understand how Google uses their data.

Google has five core privacy principles:

1. “Use information to provide our users with valuable products and services.
2. Develop products that reflect strong privacy standards and practices.
3. Make the collection of personal information transparent.
4. Give users meaningful choices to protect their privacy.
5. Be a responsible steward of the information that we hold”.

However, are these principles really as sound as they at first sight appear?  Google’s profits have been built around the fundamental notion that it encourages consumers to give information to the company that is of considerable value to Google  in exchange for ‘free’ services, such as the world’s best search engine, e-mails and document sharing.

An alternative perspective is offered by those who see this as a deliberate move to combine information about individuals from across the platforms that it now owns, and use this to generate even greater profits.  As the BBC has commented, “Critics have hit out at Google’s decision to merge personal data from YouTube, Gmail, search, social network Google+ and dozens of other services”.  As the BBC report goes on to note, “Data is a hugely valuable commodity as firms seek ways of making money from users’ web habits with ever more targeted adverts”.

It is not only Google, though, that is combining aspects of its various services, and the information it gleans from them.  As the competition between Google and Facebook hots up, Facebook is also combining the different data it holds about people.  Again, as the BBC comments “Facebook is also moving to merge people’s data, with tweaks to how user information is displayed. Its new feature, Timeline, shares users’ past history on the site in a more readable way. While it does not expose any more information that was previously available on its traditional profile page it does makes it easier to view older posts. Currently the system is voluntary, but Facebook is making it compulsory”.

The forthcoming IPO (initial public offering) of Facebook provides an interesting opportunity to reflect on the balance of power between the top valued companies that have built their businesses on the technologies of the Internet, and an apparently endless desire by people to find out about each other and share information about themselves.  A recent report by Keith Woolcock in Time Business captures this well: “The upcoming IPO of Facebook, the flak surrounding Twitter’s decision to censor some tweets, and Google’s weaker-than-expected 4th-quarter earnings all point to one of the big events of our times: The crazy, chaotic, idealistic days of the Internet are ending. Once, the Prairies were open and shared by everyone. Then the farmers arrived and fenced them in. The same is happening to the Internet: Apple, Amazon and Facebook are putting up fences — and Google is increasingly being left outside. The old Internet on which Google has thrived is still there, of course, but like the wilderness it is shrinking. Often these days, we sign up for Facebook or Amazon’s private version of the Internet. At other times, we use a smartphone and download an App instead of using Google search. Investors are already placing their bets on who the winners of the new Internet will be: Over the past five years Amazon’s shares, despite their recent fall, have risen 370%. Apple’s are up 438%. Google’s, meanwhile, have merely risen by 17% in all that time.  It is still the early days of this long-term trend, but my hunch is that this gap in performance will widen over the coming year — and that Google’s long slow decline has already begun”.

Perhaps I should start feeling sorry for Google after all.  At least I began this blog by encouraging people to start using their great translation App!  Ultimately, though, we should all reflect a bit deeper on what it is we are giving away for free when we sign up for a service that is free for us to use.  We should all also be much more careful about just how much information about ourselves we make available publicly – just in case one day we regret the profit that others have made out of it!

Google and privacy

I am often criticised for my concerns over Google’s ethical claims. Most people seem to like the apparently ‘free’ services that the company offers, and are not greatly concerned about the implications of sharing private information with a corporate giant that claims to do no evil.  I was therefore very pleased to see a report yesterday on the the BBC’s news site that Google is to be audited over privacy concerns relating to its social network Buzz.  Highlights of the article noted that:

• “Google will be subjected to independent privacy audits for the next 20 years over charges that it “violated its own privacy promises”.  The US Federal Trade Commission (FTC) said that the search giant wrongly used information from Google Mail users last year to create its social network Buzz”
• “When companies make privacy pledges, they need to honour them,” said Jon Leibowitz, chairman of the FTC. “This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations.”
• “Buzz’s launch in February 2010 came under heavy criticism from users. According to Google, the system was designed to bring together members’ personal and private lives. One widespread complaint was over a feature that allowed it to publicly list other Gmail contacts a user was most frequently in touch with. While this feature could be turned off, the default setting was to leave it on – potentially revealing a user’s contact with an ex-spouse, employer or similar.”
• “The FTC said “deceptive tactics” were used to populate the network with personal data gained from use of Gmail, and that when users were given the change to opt-out of Buzz, they were still enrolled in some of its features”
• “The FTC said Google violated its privacy policy which stated: “When you sign up for a particular service that requires registration, we ask you to provide personal information.”
• “Reflecting on the latest settlement, Alma Whitten, Google’s director of privacy, product and engineering, said: “We’d like to apologize again for the mistakes we made with Buzz. “While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.”

In another recent report from the BBC, it is also interesting to note that the US Department of Justice has approved a New York court ruling that blocked an agreement between Google and publishers over the publication of books online.  As the report noted, “An agreement between Google and publishers over the web firm’s publication of books online has been blocked by a US court. The web giant has scanned millions of books and made them available online via its eBooks platform. Google had negotiated the deal to settle a six-year-old class action suit claiming infringement of copyright. But the New York court said the deal would “simply go too far”, giving Google an unfair competitive advantage”.

UK government cancels identity cards

I have long emphasised the ethical issues associated with the introduction of identity cards, and so it is good to see that one of the first steps that the new UK government has taken is to cancel their introduction.  The Home Office’s Identity and Passport website now carries the following stark statement:

“The Government has stated in the Coalition Agreement that it will cancel Identity Cards and the National Identity Register. We will announce in due course how this will be achieved. Applications can continue to be made for ID cards but we would advise anyone thinking of applying to wait for further announcements.

Until Parliament agrees otherwise, identity cards remain valid and as such can still be used as an identity document and for travel within Europe. We will update you with further information as soon as we have it”.

Digital Britain

The UK’s Department for Culture, Media and Sport (I still think this is a crazy mixture, but…)  published its final report on Digital Britain on 16th June 2009.  It claims that “The Digital Britain Report is the Government’s strategic vision for ensuring that the UK is at the leading edge of the global digital economy. It is an example of industrial activism in a crucial growth sector. The report contains actions and recommendations to ensure first rate digital and communications infrastructure to promote and protect talent and innovation in our creative industries, to modernize TV and radio frameworks, and support local news, and it introduces policies to maximize the social and economic benefits from digital technologies”.

The key measures it recommends are:

• A three-year National Plan to improve Digital Participation
• Universal Access to today’s broadband services by 2012
• Next Generation fund for investment in tomorrow’s broadband services
• Digital radio upgrade by the end of 2015
• mobile spectrum liberalisation, enhancing 3G coverage and accelerating Next Generation mobile services
• robust legal and regulatory framework to combat Digital Piracy
• support for public service content partnerships
• a revised digital remit for Channel 4
• consultation on funding options for national, regional and local news

One of the most interesting statements in the executive summary is that “For individuals a quiet revolution has delivered seamless connectivity almost everywhere. That revolution ranges from personal pocket libraries of music, audiovisual content and increasingly electronic literature on a scale inconceivable ten years ago; inexpensive broadband which allows efficient and family-friendly working patterns in the knowledge sector of the economy – and broadband at increasing speeds – the next generation of which, already available to nearly half Britain’s homes, allows us to send or receive 200 mp3 music files in five minutes, an entire Star Wars DVD in 3 minutes and the total digitised works of Charles Dickens in less than 10 minutes. It has given us access to a wide range of social networks, allowing us to share experiences and swap and create content. The digital revolution has also led to a huge expansion in the creation and availability of professional content. Today, the typical British consumer spends nearly half of their waking hours engaged in one form or another with the products and services of the communications sector”.  The report goes on to assert that “The UK is already a digitally enabled and to a significant degree digitally dependent economy and society. The Digital Britain Report aims to be a guide-path for how Britain can sustain its position as a leading digital economy and society”.

To my mind, the report is overly up-beat.  It fails satisfactorily to address the real challenges associated with a digital Britain, and especially:

• it focuses primarily on the technological and economic dimensions – and not enough on the social, cultural and political issues raised by these
• there is nothing overtly on the ethical and moral issues raised by this particular vision of a ‘digital Britain’ (‘ethics’ and ‘moral’ are words that are not even mentioned in the report)
• although trying to grapple with some of the issues surrounding unequal access, its solutions are unlikely to have a significant impact on the lives of Britain’s poorest people and communities – the concept of a ‘digital divide’ is only mentioned three times, and there is no mention of words such as ‘inequalities’ or ‘inequality’; ‘equity’ is only mentioned twice.  The market cannot provide effective solutions for the most marginalised – and it should be the role of government to intervene to ensure that as many people as possible can benefit from the potential that such technologies can offer
• insufficient attention is paid to the negative effects of the digital economy – in terms of the ways in which it reinforces power relationships, and enables ever greater ‘control’ and manipulation of the majority by the few.  The anarchic potential of the Internet is also insufficiently explored – and is treated negatively in the only place where it is addressed (“Most consumers, except the minority of the anarchic or those who believe in ‘freedom to’ without its counterbalancing ‘freedom from’, who believe in unsupported rights without countervailing duties, would prefer to behave lawfully if they can do so practically and with a sense of equity” p.110).  “Web 2.0″ is likewise only mentioned once!
• as I have argued elsewhere, one of the implications of Britain sustaining “its position as a leading digital economy and society” is that this will necessarily mean that it will relatively disadvantage those in poorer countries of the world.  Given my own interest in trying to ensure that poor people and marginalised communities can also truly benefit from digital communities, I am concerned by the complete lack of attention that this report pays to issues of ‘development’ – Africa is not mentioned at all, and ‘developing countries’ are only mentioned once to exemplify the impact of mobile ‘phones therein!  I wonder what colleagues in the UK’s Department for International Development have to say about this – another excellent example of lack of joined up government!

The UK government needs to understand that ICTs are about much more than simply the technology and the economy – if we are truly to use them to make the world a better place, we must emphasise the social, political and cultural aspects of their use much more than does this report on Digital Britain.

For other commentary in the UK press see:

• James Ashton in the Times: A blurred vision for Digital Britain
• Matthew Horsman in the Daily Telegraph: Only a sketchy road map of Digital Britain
• BBC News: Digital Britain countdown begins

UK Government announces that it has no plans to create a central database for storing communications data

The UK’s Home Office has recently announced that it no longer has any plans to create a centralised database to store all communciations data.  In its consultation paper presented to Parliament in April 2009, and entitled “Protecting the Public in a Changing Communications Environment“, the Home Secretary Jacqui Smith commented that “this consultation explicitly rules out the option of setting up a single store of information for use in relation to communications data”.  This is excellent news for all those concerned that the government was indeed considering establishing such a centralised database of all digital communication (see my comments in February about this). The consultation paper is a very important document, and lays out clearly the various options facing a government eager to get the balance right between privacy and security.

The consultation paper asserts that “The Government has no plans for a centralised database for storing all communications data.  An approach of this kind would require communications service providers to collect all the data required by the public authorities, and not only the data required for their business needs.  All of this communications data would then be passed to, retained in, and retrieved from, a single data store.  This could be the most effective technical solution to the challenges we face and would go furthest towards maintaining the current capability; but the Government recognises the privacy implications of a single store of communications data and does not, therefore, intend to pursue this approach”.

With reference to third party data, two approaches are identified as possible ways forward:

• “The responsibility for collecting and retaining this additional third party data would fall on those communications providers such as the fixed line, mobile and WiFi operators, who own the network infrastructure”
• “A further step would be for the communications service providers to process the third party communications data and match it with their own business data where it has elements in common; this would make easier the interpretation of that data if and when it were to be accessed by the public authorities”.

In the light of this, the government intends to legislate “to ensure that all data that public authorities might need, including third party data, is collected and retained by communication service providers; and that the retained data is further processed by communications service providers enabling specific requests by public authorities to be processed quickly and comprehensively”.

The government is particularly eager to receive responses on four main questions:

• Q1  On the basis of this evidence and subject to current safeguards and oversight arrangements, do you agree that communications data is vital for law enforcement, security and intelligence agencies and emergency services in tackling serious crime, preventing terrorism and protecting the public? Found on page 22
• Q2  Is it right for Government to maintain this capability by responding to the new communications environment? Found on page 22
• Q3  Do you support the Government’s approach to maintaining our capabilities?  Which of the solutions should it adopt? Found on page 30
• Q4   Do you believe that the safeguards outlined are sufficient for communications data in the future? Found on page 30

As the consultation paper concludes, “The challenge is to find a model which strikes the right balance between maximising public protection and the ability of the law enforcement and other authorities to do their jobs  to prevent and detect crime and protect the public, and minimising the intrusion into our private lives”.

ContactPoint – the UK State is creating a database of all children

Along with many other parents across the UK, I have recently received a letter from one of my children’s schools informing me that legislation has just been passed “requiring Local Authorities to set up and run a nationwide database, known as ContactPoint, which will contain basic details about every child and young person under the age of 18 who is ordinarily resident in England”.

Why should this legislation have been passed?  Why is it compulsory?  Why should everyone have to be registered? In effect, as young people grow older, this database will eventually record information about everyone “normally resident” in the UK. It will provide yet another means through which the State collects private information about individuals, thereby enabling it to impose greater control over its citizens.

The ContactPoint website claims that ” ContactPoint will be the quick way for a practitioner to find out who else is working with the same child or young person, making it easier to deliver more coordinated support. ContactPoint is an online directory, available to authorised staff who need it to do their jobs, enabling the delivery of coordinated support for children and young people. It is also a vital tool to help safeguard children, helping to ensure that the right agencies are involved at the right time and children do not slip through the net”.

But does this require details on EVERY child in the UK to be recorded on a central database?  The passing of this legislation on 26th January gives rise to very great concern:

1. Why should every child need to be registered?  Why does the state need to gain information about the name, address, date of birth, and contact details of all parents to be registered centrally?
2. Given the inability of  the UK government to keep such data secure in the past, there are high risks that this personal information will become accessible to a wide range of people in the future.  Children will therefore be put at risk.
3. There is no evidence that such a database will make any difference to early interventions when  children really do need the State to intervene to protect them
4. Who really benefits from this?  Is it not the companies who have persuaded the Government to introduce such very expensive digital systems?
5. What gives the State any right at all to collect such individual private information.

We must resist this ever great control by the state over its citizens – just because digital technologies enable us to do this, does not mean it is right.

Tim

Is the UK becoming a police state?

The Sunday Times published a front page report today noting that: ‘THE government is building a secret database to track and hold the international travel records of all 60m Britons. The intelligence centre will store names, addresses, telephone numbers, seat reservations, travel itineraries and credit card details for all 250m passenger movements in and out of the UK each year. The computerised pattern of every individual’s travel history will be stored for up to 10 years, the Home Office admits. The government says the new database, to be housed in an industrial estate in Wythenshawe, near Manchester, is essential in the fight against crime, illegal immigration and terrorism. However, opposition MPs, privacy campaigners and some government officials fear it is a significant step towards a total surveillance society.’

This is yet another example of the ways in which the state is using technology to gain unprecedented information about its citizens.  What right does it have to do so?

Even those who believe that the state can legitimately gather such information should be careful -  given the dismal failure of the state so far to keep such information from being ‘lost’ or ‘falling into the wrong hands’, what reassurances do we have that these data will be secure?

We need to encourgae a vigorous and participatory debate about these issues.

Google and privacy

A BBC report raises concerns about privacy issues associated with Google’s new tracking service, Latitude.  This uses data from mobile phone masts, GPS, or wi-fi hardware to update a user’s location automatically.  Although it is an opt-in service, there are fears that not everyone may know that their phone is broadcasting their location.

There is, though, huge potential for such a service – not just as a fun way for friends to ‘keep in touch’, but also possibly for people concerned about relatives with dementia, or others who might get ‘lost’.

As ever, Google is pushing the boundaries in terms of how society uses technology, and the ways in which that technology in turn shapes society.