The Google Story – How Google was Started.

Google is a company that was conceptualized in a dorm room by two Stanford University college students in 1996 (Arnold, 2005, p. 1) and has morphed into one of the greatest technological powerhouses in operation today. What began as merely a means to analyze and categorize Web sites according to their relevance has developed into a vast library of widely utilized resources, including email servicing, calendaring, instant messaging and photo editing, just to reference a few. Recent statistics collected by SearchEngineWatch.com reflects that of the 10 billion searches performed within the United States during the month of February, 2008, an impressive 5.9 billion of them were executed by Google (Burns, 2008). Rated as Fortune Magazine’s top American company to work for in both 2007 (“100 Best”, 2007)and 2008 (“100 Best”, 2008), Google obviously has curbed the market on fair and friendly treatment of its employees. But how does it measure up when one considers the ethics in relation to its business practices? The purpose of this paper is to identify and evaluate the ethical concerns specific to privacy faced by this herculean computing company and to determine the effectiveness of their treatment of these issues.

Google opens their corporate code of ethics with a simple sentence – “Don’t be evil” (Google Code of Conduct, ¶1). This statement is consistent with the theory of virtue ethics, placing emphasis on the importance of developing to the highest potential. They may not necessarily be considered evil, but Google does engage in practices that are certainly vague and could be considered disreputable. Google’s questionable corporate policies in relation to privacy have long been a subject of contention amongst consumer privacy groups and computing organizations.

Google’s privacy policy relies strongly on the impression that everything they do is for the sole purpose of improving service. Multiple references are made to their goal of improved service throughout the policy, including statements such as “we use this information to improve the quality of our search technology”, “we use cookies to improve the quality of our service”, and “in order to provide our full range of services” (Google Privacy Policy, ¶6). While these statements may technically be true, one must also consider that these practices are followed in an effort to better the company and not solely for the improvement of service to their users as is often implied. The policy also addresses the possibility of future changes, stating that all amendments to the policy will be immediately reflected in the on-line documentation and that if changes made are “significant” they will provide “a more prominent notice” (Google Privacy Policy, ¶29). The determination of what constitutes a “significant” change is left to Google to determine, requiring existing users to routinely verify the terms of the policy to ensure that no changes have been established that might impose on their assumed privacy rights.

The terms of service statement provided by Google that relates to all of its provided products is concerning. It reads “by submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through the Services” (Google Terms of Service, Section 11.1). A user’s agreement to this statement gives Google full rights to use the content posted through their services in any way that they see fit. Considering the fact that this single document is in essence a blanket statement that applies to every service operated by Google, the effects of this statement are enormous. Essentially, Google is given open license to use any video posted on YouTube, any comments written on Blogger, and any photographs uploaded to Picasa, all entities controlled by Google, Inc. Things that users might consider to be personal instantly become the property of Google at the click of the mouse. Even though the images or comments are posted to the publicly accessible Internet, most do not consider the reality that the use of those images or comments, meant to be shared with family or friends, are out of their control when the upload is complete.

An inherent privacy issue related to Google’s practices is associated with its most basic function – the search. The first time a computer is used to access Google’s website, a cookie is placed on the system’s hard drive which serves as a unique identifier, allowing Google to monitor the search history from that machine. These cookies, according to Google, grant them the ability to store user preferences while tracking trends (i.e. – how people search) (Google Privacy Policy, ¶6). Collected information is stored on server logs and includes such data as IP address, date and time of the search, browser type and browser language (Google Privacy Policy, ¶7). They can also track which links a user selects on a given page and the path that they follow. Google is forthcoming with their placement of cookies (Google Privacy Policy, ¶ 6), but is very unclear about the expiration date of the cookie or how long log files are retained.

The significance of installing a cookie that assigns a unique identifier to each system is that Google is given the ability to read, identify and record every action a users takes when using Google products. The data collected by these cookies, combined with data acquired by content extraction (discussed further within this paper), allows Google to create user profiles based on the subjects they search (Google Search, Google Scholar, Book Search, Blog Search, Image Search, Custom Search), their purchasing habits (Google Checkout), the statements they make within personal communications (Gmail, Google Talk), the activities they participate in (Google Calendar), and the data they store on their computers (Google Desktop).

Google’s release of its Gmail service in April, 2004 caused an immediate backlash of complaints by watch groups who voiced concerns regarding Google’s plan to use content extraction, a process of scanning the text of all incoming and outgoing messages for the purpose of placing paid advertisements on the page (Dixon and Givens, 2004). The Gmail privacy policy does state that content will be used to provide relevant advertisements, but the statement disguises this practice of ad placement as a “service” (Gmail Privacy Policy, ¶ 6) to the user, not as an annoyance as many would perceive it. Users who subscribe for the free Gmail service agree to the extraction of content within their messages at the time of registration, but those non-subscribers who engage in messaging with Gmail users do not. This is where the contention lies. Without the consent of both parties involved in an email exchange, is it ethically acceptable for Google to extract data from these messages? Personal and private information could be contained within a message sent by a party unaffiliated with the Gmail service. Were they aware of Google’s extraction policy, they might be leery of doing so.

Groups such as the Electronic Privacy Information Center (EPIC) believe that Google’s practice of monitoring private communications can be construed as a violation of the Fourth Amendment of the Constitution. Their policy could set a bad legal precedent, in that a court might “consider the service as evidence of a lack of a reasonable expectation in e-mail” (EPIC, 2004), giving other service providers, employers and government agencies a legal means for monitoring communications amongst its users. As stated by George Reynolds, author of Ethics in Information Technology, “without a reasonable expectation of privacy, there is no privacy right to protect” (2007, p. 108).

Google released their Checkout service in June, 2006. The service allows customers to perform a one-time registration with Google during which time they provide personally identifiable data, such as name, billing and shipping address and credit card information. Checkout then processes registrant’s purchases through participating vendors without the need for the customer to provide the information again. The release initially appeared to be an attempt at competition with the widely utilized PayPal service, but further analysis leads one to believe that Checkout is in reality yet another method for Google to collect information about its users in order to improve their ad placement practices. Intimate knowledge of their user’s actual shopping practices provides Google with valuable data that allows for personalized ad placement based on individual purchasing trends. These personalized ads are much more likely to incite user response, made important by the fact that every click of a sponsored link earns revenue for Google. The privacy policy specific to Google’s Checkout service is very precise and provides clear and concise explanations of the processes that are followed, including the placement of the cookie that is installed that, again, uniquely identifies the user’s browser. But again, an explanation of the length of time the cookie will reside on the user’s computer is unclear.

Google Calendar allows registered users to record meetings, appointments, birthdays and personal reminders using their on-line tool. By default a user’s calendar is set to “private”, meaning that only they can view the data recorded within their personal database. An optional feature allows the user to share their schedule with a public group so that others can view their schedule for availability and so that meeting invitations can be sent and received from others. This requires the registrant to change their setting to “public”. The privacy policy specific to Google Calendar states that “in order to manage your invitations, when you invite other people to Calendar events, we collect and maintain information associated with those invitations, including email addresses, dates and times of the event, and any responses from guests” (Google Calendar Privacy Notice, ¶ 5). As with Gmail, participants who are not registered users of Google calendar are unaware that their private personal information is collected and stored by Google, creating a clear invasion of assumed privacy.

Google Desktop was originally developed and released as a means for a simplified and faster search of a user’s personal computer. The tool, which requires installation on the user’s computer, allowed the user to perform two consecutive queries – one which was sent to Google to perform a Web search while the other searched the user’s personal index housed on their computer. The results page would then feature two separate sets of findings – one public and one private. The language of Google’s privacy statement in regards to the original release of Desktop stated that “these combined results can be seen only from your own computer; your computer’s content is never sent to Google” (Arrington, 2006).

The release of an updated version of Desktop (version 3.0) in February, 2006 brought about substantial changes in the way the application functions. The new Desktop boasts a feature called “Search Across Computers” that allows users to search for personal files from multiple systems. Google has edited the statement reflected in their original Desktop privacy policy, no longer claiming that content is never sent to Google, but I was unable to discern in my research whether Google considered this change to be “significant” enough to constitute a more direct notification to existing users. Now, the user’s hard drive index is copied to Google’s servers and stored there “temporarily”. Google states that the application “indexes and stores versions of your files and other computer activity” but fails to address the expected timeline for data retention (Google Desktop Privacy Policy, ¶ 2). The policy also implies that your data is never accessible by anyone doing a standard Google search, but the fact remains that indexes are transferred and housed at a location other than the user’s personal hard drive.

One of Google’s most blatant violations of privacy rights is the introduction of Google Maps Street View, a sub-service of Google Maps. Released in May of 2007, Street View displays high-resolution photographs taken from the street level of many major metropolitan cities throughout the country. It provides the user with a virtual tour of these cities and allows them to zoom in with the ability to view close up shots of landmarks, buildings, and any other object present at the moment of capture, including people. Screen captures taken from Street View cameras have included images of women sunbathing in bikinis and men walking into strip clubs (Schroeder, 2007). A glaring example of privacy invasion is a recent case uncovered by The Smoking Gun (“Warning”, 2008) in which Google’s Street View cameras crossed property boundaries and captures images of a Pittsburgh homeowners driveway, garage and backyard (including such detailed views as their children’s trampoline) after driving on to the home’s private driveway with the cameras capturing constant screen shots – an unmistakable invasion of presumed privacy. As of this writing, it is unknown whether or not the homeowners in this case have made contact with Google regarding the issue of trespassing and if so, what Google’s response might have been.

As reported by MSNBC, “potentially embarrassing or compromising scenes like these are raising questions about whether the Internet’s leading search engine has gone too far in its attempt to make the world a more accessible place” (Liedtke). Google states that the images captured by their cameras are taken from a moving vehicle and could have been observed by any person walking or driving on that same street at the same moment. The difference is that the images are posted and maintained on a publicly-accessible website without the consent of the captured individuals. Users that discover images of themselves or images that they consider inappropriate and would like to have them removed can do so simply by contacting Google via a provided link. The obvious argument is that a person would first need to become aware of the existence of said image in order to request its removal. By the time it is discovered, the alleged invasion of privacy has already occurred. Interestingly, an Austrailian newspaper covering Google’s plan to launch Street View in their country recently contacted the company to inquire as to plans to include images of the homes of Google executives on the site (Klan, 2008). Google spokesman Rob Shilkin is quotes in the article as saying “providing those details would be completely inappropriate” (Klan, 2008). It would be a nice addition to Google’s privacy policy to allow common users to opt-out of having images of their own homes displayed by Google in advance, as is apparently the policy for Google’s key personnel.

In an environment when the use of nearly any on-line service requires the user to agree to a set of terms, it is evident that most do not take the time to read and fully understand the impact that those policies may have in regards to their personal information. Even one of the creators of Google, Sergey Brin, acknowledged in a statement to reporters that he thinks “it’s interesting that the expectations of people with respect to what happens to their data seems to be different than what is actually happening” (Bridis, 2006). The question remains whether or not Google is responsible for their user’s inability (or unwillingness) to comprehend their policies and relate them to possible consequences associated when using one or all of Google’s products.

Google is not a non-profit organization, offering its products strictly for the benefit of society. It is a business which requires profits to continue its operations; therefore its ultimate concern is that its shareholders are pleased with their earnings as a direct result of Google products. Google has become a leader in its field by developing unique and superior products and partnering those products with clever marketing and plain talk language that puts an unskilled user at ease with regards to Google’s services. The absence of any legislation that closely regulates electronic content has provided Google the ability to set their own standards without the threat of accountability when privacy breaches are recognized, aided by the fact that Google has successfully dominated their market space.

Are Google’s policies clear as they relate to user privacy? The answer is both yes and no. Google is truthful in regards to their data collection policies, but appear to operate under different assumptions of privacy than most. But in the age of Internet communications, what kind of privacy can one truly expect, especially when the topic of personally identifiable information is introduced. Google has developed a certain level of assumed trust with their user base that may not be completely well deserved. What began as a simple means to search the resources of the World Wide Web has been transformed into a technological mega-corporation that has utilized their initial popularity to lure users to employ more and more of their clever innovations, all the while building upon their empire. The familiarity of Google has eliminated user caution. Given the current and future growth of the World Wide Web, there appears to be no end to the debate over acceptable expectations of privacy. A corporation as recognizable and influential as Google, though, has a responsibility to set the bar high for other businesses that exist within the competitive and lucrative industry of computing. Google’s existing policies are a disappointing example of the direction being taken by corporations in regard to basic user rights. Hopefully, they will closely consider the concerns of experts in the field as well as their customers when reviewing, modifying and creating new products and policies in the years to come and heed their own advice – “Don’t be evil!”

Reference
100 Best Companies to Work For, Fortune Magazine (2007, February). CNNMoney.com, Retrieved April 2, 2008, from http://money.cnn.com/magazines/fortune/bestcompanies/2007/full_list/

100 Best Companies to Work For, Fortune Magazine (2008, February). CNNMoney.com, Retrieved April 2, 2008, from http://money.cnn.com/magazines/fortune/bestcompanies/2008/full_list/index.html

Arnold, S.E., (2005). The Google Legacy; How Google’s Internet Search is Transforming Applications Software. London, England: Infonortics Ltd.

Arrington, M., (2006). Google Desktop 3.0: Privacy is Dead(er). TechCrunch. Retrieved April 10, 2008, from http://techcrunch.com/2006/02/08/google-desktop-new-version-tonight/

Bridis, T., Google acknowledges China compromise, (2006, June 6), MSNBC.com, Retrieved April 10, 2008, from http://www.msnbc.msn.com/id/13172409/print/1/displaymode/1098/

Burns, E., (2008). U.S. Core Search Rankings, February, 2008. Retrieved April 8, 2008 from http://searchenginewatch.com/showPage.html?page=3628837

Dixon, P. & Givens, B. Thirty-One Privacy and Civil Liberties Organizations Urge Google to Suspend Gmail (2004, April 6) Privacy Rights Clearinghouse. Retrieved March 14, 2008, from http://www.privacyrights.org/ar/GmailLetter.htm

Electronic Privacy Information Center, Gmail Privacy Page (2004, August 18), Retrieved March 14, 2008, from http://epic.org/privacy/gmail/faq.html

Freedman, D.H., Internet: Why Privacy Will No Longer Matter (2007), MSNBC.com, Retrieved April 10, 2008, from http://www.msnbc.msn.com/id/12017579/site/newsweek/print/1/displaymode/1098/

Google, Inc., Gmail Privacy Notice (2005, October 14), Retrieved April 1, 2008, from http://gmail.google.com/mail/help/privacy.html

Google, Inc., Google Calendar Privacy Notice (unknown date), Retrieved April 10, 2008, from http://www.google.com/googlecalendar/privacy_policy.html

Google, Inc., Google Code of Conduct (2008, February), Retrieved April 8, 2008, from http://investor.google.com/conduct.html

Google, Inc., Google Desktop Privacy Policy (2007, September 21), Retrieved March 30, 2008, from http://desktop.google.com/privacypolicy.html

Google, Inc., Google Privacy Policy (2005, October), Retrieved March 15, 2008, from http://www.google.com/intl/en/privacypolicy.html

Google, Inc., Google Terms of Service (2007, April), Retrieved March 15, 2008, from http://www.google.com/accounts/TOS?loc=US

Klan, A., Google execs out of sight (2008, April 12), The Austrailian, Retrieved April 12, 2008, from http://www.theaustrailian.news.com/au/story/0,25197,23526150-7582,00.html

Liedtke, M., Google hits streets, raises privacy concerns, MSNBC.com, Retrieved April 19, 2008, from http://www.msnbc.msn.com/id/18987058/print/1/displaymode/1098/

Reynolds, G., (2007). Ethics in Information Technology, Second Edition. Boston: Thomson.

Schroeder, M., (2007). Top 15 Google Street View Sightings (2007, May 31), Mashable Social Networking News. Retrieved April 5, 2008, from http://mashable.com/2007/05/31/top-15-google-street-view-sightings/

Warning: Google Is In Your Driveway! (2008, April 7), The Smoking Gun, Retrieved from http://www.thesmokinggun.com/archive/years/2008/0407081google1.html