Online Privacy

There's been scant analysis of how the Google Book Settlement process has been altered going forward given recent major developments:

• The "hornet swarm" of objections to the Google Book Settlement, and 
• Google's recent preemptive concessions on:
  • Privacy at the the urging of the FTC; and
  • Competition under pressure from competitors and the DOJ. 

To date the discussion of outcomes has been largely binary, will Federal District Court Judge Chin approve or disapprove the proposed Book Settlement?

Why did it take a high-profile FTC letter to Google for Google to finally make public a simple privacy policy for their be-leaguered Book Settlement after privacy has been a major Book Settlement issue for months?

• For that matter, why did it take a high-profile public shaming by Saul Hansel of the New York Times (here & here) for Google to just put a link to its privacy policy on its home page, which is industry standard practice and required by California law?

The increasingly obvious answer is that Privacy International was on target in concluding that Google is actually "hostile to privacy."

However, it is more than that, as this eight-month, fifteen part privacy vs. publicacy series can attest.

"The settlement as it exists now is absolutely silent on user privacy" said Angela Maycock of the American Library Association at a Google Book Settlement panel per the San Francisco Chronicle.

• This should not be surprising because privacy is simply the flip side of the anti-competitive concerns surrounding the Book Settlement.

I posit that privacy protections were not included in the Book Settlement for two big reasons -- the first reason is more privacy related and the second reason is more competition related. 

First, Google is a big adherent of the Web 2.0 movement that believes that transparency is a more important value than privacy.

Google's latest defense of its Book Settlement in Europe has provided an illuminating window into Google's own cultural-self-awareness of Google's dominant market power over books/content.

In August 23 New York Times:

• “We believe that we are helping the industry tremendously by creating a way for authors and publishers to be found,” said Santiago de la Mora, Google’s head of printing partnerships in London.

• “Search is critical. If you are not found, the rest cannot follow."

The strong implication from Google here is that authors were in proverbial "nowheres-ville" before Google "discovered," copied and indexed them -- proving that Google is the real value creator here... not the author of the content/book.

• Google is candidly acknowledging its unique and dominant market power over books because Google is the only entity in the world with the resources, the business model, the low opinion of the value of content on the Internet (it should be "free"), and the legal strategy to illegally copy literally millions of copyrighted books without permission.

What is more valuable the content or the search?

The lead WSJ story today, "Arrest in Epic Cyber Swindle" covering the cybercrime ring theft of over 130 million credit/debit cards, is a stark high-profile reminder of the very real and pervasive Internet problem of lack of cybersecurity. 

• In the face of overwhelming mainstream evidence that lack of cybersecurity is the Internet's #1 problem (see links below), including President Obama's declaration that cybersecurity must be a new national security priority in his 5-29 cybersecurity address, it is perplexing that none of the FCC's National Broadband Plan workshops are on cybersecurity. 
• It is hard to see how the Open Internet's growing security problem can be addressed and mitigated over time, if the U.S. Government's main big picture policy effort addressing the broadband Internet, the National Broadband Plan, does not even collect input from the public or experts on the Internet's #1 problem -- lack of cybersecurity.
• The first step in solving a big problem is acknowledging there is one. 

While the latest net neutrality bill introduced in Congress has no chance of passage as drafted, it is a bay window view into how extreme the net neutrality movement has become and into what they are seeking from the FCC via backdoor regulation.

• The proposed Markey-Eshoo bill, HR 3458, which was drafted in close coordination with FreePress and the Open Internet Coalition, is much more extreme than previous bills in 2008 and 2006.

Why is this bill the most extreme version of net neutrality yet?

First, it is a completely unworkable framework.

• It imposes a beyond-all-reason, effective absolute ban on prioritization of data traffic, essentially eliminating current essential network management flexibility to: protect networks from attack or malware; ensure quality of service; manage congestion, latency, and jitter; and handle unforeseen or emergency situations. Sections: 12(b)(5), 12(b)(6)

• For all practical purposes, it destroys most any private sector incentive or benefit from competing or investing in broadband by outlawing any pricing/business model differentiation/innovation beyond commodity end user pricing. Section 12(b)(2)

It is interesting that since I started this series spotlighting that security is and has been, for all practical and official purposes, a low corporate priority for Google, a Googler now publicly claims: "for Google, there is no higher priority than the safety and security of our users."

• This new public claim was made as part of a press release announcing that Google has joined the board of the National Cyber Security Alliance. 
• While I commend Google for joining the National Cyber Security Alliance, it is telling that none of the relevant official Google corporate links, indicate that security is a high priority for Google: check "Our Philosophy -- Ten Things," "Design Principles," or even "Google's Security Philosophy." 
• We will know when Google makes security a high priority when they actually walk the talk and when their official representation of their corporate priorities (in the main corporate links above) reflect that security has truly become a new higher priority for Google. 

This new claim and development presents a useful opportunity to evaluate Google's stated security philosophy.   

The U.S. Government is relatively quietly proposing a major change in its online privacy policy from a Government ban on Government using "cookies" to track citizens' use of U.S. Government websites to allowing the Government to track some citizen online behavior with some restrictions.

• A Washington Post article highlighted privacy groups concerns about the policy shift. Also see comments by EPIC, CDT/EFF, and ACLU.  

This policy shift is a quintessential example of the shift away from a default expectation of online privacy, to the default "publicacy" approach increasingly taken by many web 2.0 entities.

• ("Publicacy" is the opposite of privacy. "Publicacy" also describes the Web 2.0 movement that seeks to have transparency largely supplant privacy online.) 

I have written about the growing tension between privacy and publicacy thirteen times this year, because I believe it is one of the biggest changes that is occurring online that average users are not aware of, but should be. 

A central policy question concerning the future of the Internet, cloud computing, and the National Broadband Plan is whether there should be Internet priorities or a priority-less Internet?

• The crux of the grand conflict over the direction of Internet policy is that proponents of a mandated a neutral/open Internet insist that only users can prioritize Internet traffic, not any other entity. 

To grasp the inherent problem and impracticality with a mandated neutral or priority-less Internet, it is helpful to ask if the Internet, which is comprised of hundreds of millions of individual users, has a mutual "hierarchy of needs" just like individuals have a "hierarchy of needs," per Maslow's famed, common sense "Hierarchy of Needs" theory.

New evidence of very serious Internet security problems sheds new light on why Senate Chairman Rockefeller has taken such a forceful leadership role on cybersecurity and why President Obama made increasing cybersecurity a national security priority in his 5-29 cybersecurity address.

• Computerworld reported testimony before a Congressional oversight panel that sensitive details about a Presidential safe house, Presidential motorcade routes, and every U.S. nuclear facility were leaked on the Internet via a LimeWire P2P application. 
• This serious Internet security problem with P2P applications was also the subject of a 2007 U.S. Patent and Trademark Office (PTO) report , which documented the severe security implications of P2P file-sharing programs that commonly have technological features that induce sharing of information that people did not want or expect to be shared.

The continued seriousness of P2P file-sharing breaches have prompted House Oversight Committee Chairman Edolphus Towns "to call for a ban on the use of peer-to-peer (P2P) software on all government and contractor computers and networks," per Computerworld.