Eskom announced on Friday morning that it will implement load shedding, amid an extensive cold front in South Africa. The power utility made the…
Cameron has posted a number of articles attacking Google’s identity policies, particularly with regard to the internet giant’s Real Name policy and its opposition to various movements toward having the “right to be forgotten”. As somebody who has worked in the identity management market for some time, I keep track of the things that people like Kim Cameron have to say.
After all, these people are responsible for many of the decisions being made about how identity information is stored and shared in the software that we use. While I am hesitant to endorse everything that Cameron has to say, particularly in light of all of the FUD that Microsoft seems to be publishing about Google at the moment, his 7 Laws of Identity have been used by many specialists in the field to help define and build identity management systems for many years now. When he points out that Google is breaking three rules that most identity management professionals would feel are entirely reasonable, it is worth taking a few minutes to listen to what he has to say.
- Invasion of consumer privacy by automatically sharing personal information across Google applications
- Lack of consumer control over what data is shared between applications
- It is not fair to expect users to simply choose not to use a system that the Internet has come to rely on
- The cost for individuals and business to migrate away from Google in response to the change in policy, including the cost to tax-payers in order for governmental bodies to be able to migrate to alternative platforms
- An impossible “choice” for Android users, who would need to replace their phones at personal cost if in disagreement with the new policy
- Increased security risk to end-users as more personally identifiable data is stored within a single profile
- Divergence from Google’s original marketing message, which cultivated a respect for privacy in order to woo users
- The choice to participate should be ‘Opt-In’ as opposed to ‘Opt-Out’. There is no meaningful ‘Opt-Out’ option.
Some of those points are reiterations of each other and some simply seem ungrounded in anything that has the faintest whiff of legal. Certainly, it seems to me that if Google feels that its applications will function better by being able to share data between themselves, then that’s really up to Google. After all, Google can argue that it is ultimately providing a platform. An operating system cannot function properly if it can’t share personally identifiable data between different components and applications that make up the service that it offers. Nobody should get upset about that, in itself. Your privacy is not really being invaded any more than it already was. However, I do think that there are a number of very interesting and powerful points that come out of this.
For one, it is true that when collecting personally identifiable data and storing it, we generally expect to have control over what data is collected and shared and when this happens. We also expect to have the option to opt-in to be able to take advantage of the benefits that we will gain (in exchange for the cost of giving up some of our privacy) or at least to opt-out to make use of a reduced service (when the cost of giving up our privacy just doesn’t seem worth it). Particularly when the software that we are using has been marketed to us with a continual mantra of do-no-evil.
Naysayers will say that we are free to choose not to make use of Google services. This is just naive. To begin with, as the Attorneys General point out, that would require a whole bunch of people to simply throw out their mobile phones, or for businesses to suddenly bear the massive costs of migration to an alternative platform after having been wooed with promises of finer grained control over the privacy of their data. Furthermore, a point not covered by any of these commentators is that the internet simply starts to break when you try to remove Google from it. Nearly every site nowadays seems to make use of Google APIs or Google Analytics. You simply can’t avoid being tracked by Google. Firefox plugins like NoScript are helpful in this regard, but often just serve to remind you of how poor the internet becomes the moment you try to remove Google from your life.
I agree that there seems to be something wrong with a situation where a company can be held to ransom with regard to the decisions it can make about how it progresses with its own software development, merely because it has been so successful. There’s not much we can all do about this mess other than hope that our Search Overlord listens to its loyal subjects. After all, this stuff matters…