Online Safety

How business models are aligned or not with users' privacy interests, will be spotlighted at the Senate Judiciary hearing Tuesday on "Protecting Mobile Privacy" featuring Google and Apple officials as witnesses.

• Expect the term "privacy conflict of interest" to become more common and important as companies who don't work for users, hurtle into the future increasingly tracking, analyzing and using users' private information and behavior without users' meaningful consent.

While the Senate Subcommittee on Privacy will hear from both Google and Apple witnesses on how their companies handle users' WiFi location data, their testimony will provide stark contrast in the companies' privacy conflicts of interests.

Google vs Apple concerning alignment with users' interests:

First, 97% of Google's ~$30b in annual revenues comes from advertisers, whereas ~99% of Apple's ~$87b in annual revenue comes directly from customers who buy and use Apple's products and services.

In a remarkable admission for a senior public company executive, Google Chairman and longtime former CEO Eric Schmidt told Gigaom: "At Google, we give the impression of not managing the company, because we don't really. It sort of has its own borg-like quality if you will. It sort of just moves forward."

If the executives ultimately responsible for "managing the company" to ensure it proactively respects users' privacy, vigilantly guards against security and data breaches or property infringement, is not really "managing the company," it now makes sense why Google has so many privacy scandals, and security and property infringement problems.

Generally protecting privacy, security and property rights are not engineering goals unless company management and managers have internal control and management focus, systems, processes, and procedures to ensure they are a priority to engineering teams.

Google's lack of interest in management execution is evident in Google's:

New "smoking gun" incriminating and damaging evidence from court documents in the Skyhook vs. Google court case, likely increases Google's antitrust and privacy risk on multiple fronts. (For background on the Skyhook case see here, here.)

A must-read piece by Mike Swift of The Mercury News, details how, in May 2010 just after the WiSpy scandal broke, Google's Larry Page (who is now CEO), had an email exchange with senior executives that made clear how strategically important building a WiFi location database was to Google's Android and mobile strategy.

• This new "smoking gun" evidence has very broad and serious implications for many different antitrust and privacy investigations into Google because it shows Google's senior leadership were fully aware of what the company was trying to accomplish in its WiFi location database efforts, and more importantly, it confirms Google's strong business motive and intent to more aggressively to dominate WiFi location services.

Implications of the new evidence:

Antitrust:

The current media and Congressional interest in the new revelation that Google and Apple have collected WiFi location information has largely missed an exceptionally salient point -- Google and Apple have very different privacy track records stemming from their very different attitudes toward privacy.

Google Privacy Scandal #11:

The Wall Street Journal essentially confirmed the huge flaw in the FTC-Google privacy settlement that I recently spotlighted; see Julia Angwin's excellent privacy article: "Apple, Google Collect User Data."

The WSJ investigation confirmed the fact that Google (and Apple too) are tracking their mobile device users' movements and locations based on "unique device identifiers" without users' knowledge or authorization.

The confirmation of this fact, confirms my point that the FTC-Google privacy settlement has a huge loophole in that it does not include "unique device identifiers" to be private information, a ridiculous distinction because a "unique device identifier" is obviously as private as a name or IP address, which the FTC already considers "covered information." FYI: the proposed bipartisan Kerry-McCain privacy legislation considers "unique device identifiers" to be private information.

If the FTC is truly serious about enforcing its fair representation laws and sanctioning deceptive and unfair privacy practices when they find them, it should modify its draft privacy settlement with Google to include "unique device identifiers," as covered private information, in the final settlement with Google that soon will be codified by the court.

Expect Google's bull-in-a-china-shop entry into social, to try and neutralize FaceBook, to bring lots more major unwanted privacy attention to the privacy-challenged social media business model, and to contribute to the eventual bursting of the Internet investment Bubble 2.0.

• The hot air that is inflating the social media Bubble 2.0 is that people somehow want to forfeit their privacy to socialize more efficiently, and that social media business models can indefinitely monetize privacy arbitrage against users' interests without consequence.
  • (See Part I of this series here.)
• Ironically, the investment fate of social media, and Bubble 2.0, will depend less on what social media companies do, and more of what the leviathan Google does in social media.
  • The venture capital community has long been painfully aware of the Google-leviathan's  outsized effect on every other VC investment, because they always ask start-ups "What if Google Does It?"

I.   Privacy Baseline is on the Move: Bipartisan Interest in Privacy Protection Strengthening

Anyone following social media or Google would be remiss to not notice the flurry of recent bipartisan, bicameral, and bi-branch interest in increasing privacy protection of online users in just the last few weeks.

Google's ignominious Federal rap sheet only grows longer.

• Friday the DOJ effectively charged Google with misrepresentation to the public.
  • Google represented that its cloud service for Government was certified under the Federal Information Security Management Act (FISMA) since last July, when in fact it was not FISMA-certified for the product that Google claimed it was.
• This latest Google misrepresentation revelation came in a DOJ filing to the Federal Court which is hearing Google's case against the Department of Interior of the U.S. Government:
  • "On December 16, 2010, counsel for the Government learned that, notwithstanding Google's representations to the public at large, its counsel, the GAO and this court... Google does not have FISMA certification for Google Apps for Government."

I.   What does this mean?

Ironically after Google's Larry Page pledged in the first line of his 2004 IPO letter -- that "Google is not a conventional company. We do not intend to become one." -- Google under his new CEO leadership is in fact rapidly becoming much more of a "conventional" company.

Three Big Early Signs from Mr. Page's CEO-ship:

When the world's most powerful company gets a new CEO for the first time in a decade, everyone naturally has a lot of questions.

• When new Google CEO Larry Page decides to become accessible to people outside the insular Googleplex, here are some key questions to ask Mr. Page about: priorities, management philosophy, privacy, antitrust, intellectual property, and social responsibility.

Priorities:

Popular bipartisan interest in safeguarding consumers privacy in the U.S. and Europe confronts Google with a core strategic problem because Google's targeted advertising business model is no "privacy by design" and no "privacy by default."

• Google bet wrong and big in assuming that since technology made it so much easier to track and profile users for targeted advertising, users would just accept the new loss of privacy and users and governments would never enforce user demand for choice to protect their privacy.
• Google's all-in company bet on openness, transparency, and sharing, was also a strategic bet against robust privacy, security, and property protections.
• In choosing to brand itself as the penultimate "White Hat" player promoting "openness," Google has effectively designed its business, architecture, and brand to be the main "Black Hat" player on privacy.

Google's No Privacy By Design model is unique.