How Europe’s Fight with Google Over Privacy Ignores Real Privacy
by ALFREDO LOPEZ
Last week the governments of France, Germany, Italy, the Netherlands, Spain, and the United Kingdom fired a warning shot at Google and it appears they’re reloading the gun with real ammunition.
This past December, about a year after the Internet behemoth announced a new privacy policy, a working group of representatives from these countries called the policy grossly abusive of people’s privacy and said Google had four months to bring itself into compliance with European law. Google dismissed the ultimatum: “Our privacy policy,” it said, “respects European law and allows us to create simpler, more effective services.” The European countries response was that they will take actions, based on their national laws and in coodination with each other, by the Fall.
These government/corporation tiffs are frequent and their rhetorical fire normally turns into quickly dissipated smoke. This one could be different. It comes at a time when the world’s powerful are trying to decide how much privacy we people will have and what the term privacy actually means, and this squabble’s outcome will affect that and, of course, our freedom. That alone makes it worth watching.
But there’s something deeper here that transcends this conflict. Privacy is, in fact, a core component of democracy and any infringement on complete privacy is an obscene attack on the possibility of having a free and democratic society. As important as the outcome of this show-down might be, the most important and frightening development is that it’s taking place at all.
The political shoot-out began a year ago when Google announced that it was unifying about 60 privacy policy agreements, covering its myriad services, into one big one. The company explained that lumping together these “agreements” (the things you’re asked to read before pressing the “I Accept” button on a website) was a matter of efficiency and transparency. There’s a logic to that: how many privacy policies have you read on the Internet? One would assume that if you don’t read one, you can hardly be expected to read 60.
That, however, is a corporate shell game. Google made this move not to make our reading easier but to make gathering information about us more efficient. Google is a marketing company and nothing makes a marketing company more powerful and valuable to advertisers than having pertinent information on hundreds of millions of people all over the world. Its privacy policy is fitted to that purpose. It says that, once you sign up and begin using these services as an identified user, you give up that right of refusal. So, because people don’t read that privacy policy, they don’t realize that it effectively eliminates their privacy.
For a very long time, Google has known who uses each of its services and how, but now it knows which combination of services you use and how they interact with each other in your daily life. It also knows cities or towns of residence (and, in many cases, addresses) of its registered users, the IP addresses of their computers, their names (and often the names of their family members and friends), what they do on the Internet every day, what they buy and consider buying and, for those using Gmail, who they write to and what they write. It can hone in a your specific physical location with Goodgle Maps and will store that info if you map it. In fact, all this info is stored on Google’s databases with members’ tacit approval and Google’s complete understanding of what all this means.
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” Google CEO Eric Schmidt said in 2009. “If you really need that kind of privacy, the reality is that search engines — including Google — do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”
The information Google holds rivals and in some cases surpasses the information most governments have on their own citizens. So when Google released this new policy which permits it to combine that information and use it for evaluation, marketing and advertising, these governments commissioned France’s CNIL to investigate.
That selection, in itself, is striking. The CNIL is an independent, government-supported authority that specializes in data privacy law enforcement. France has among the strongest data collection restrictions in the world and, while CNIL has often been criticized by advocates for being too sheepish in its advocacy, data protection “sheepishness” in France would be considered ferocity in many other countries.
Like a trained bulldog, CNIL investigated all the Google data policies for nine months and then presented its report. It was devastating, accusing Google of policies and mechanisms that effectively violate privacy laws in most European countries. Based on that report, 24 of the EU’s 27 data regulators wrote Google a letter last December proposing about a dozen changes: among them that Google shouldn’t collect information on users without their consent, combine information from different services without additional consent or use the data it collects for advertising.
The four months passed. “Google did not provide any precise and effective answers,” CNIL said last week. “In this context, the EU data protection authorities are committed to act and continue their investigations. Therefore, they propose to set up a working group, led by the CNIL, in order to coordinate their reaction, which should take place before summer.”
In the diplomatic jargon of international regulation, those are fighting words. “Coordinate their reaction” is something the European Union’s countries seldom do (witness their financial crisis) and they almost never make threats around technology. Action against Google in Europe could affect the company’s relationship with one of its largest markets and a critical marketing link in the world-wide chain that is the Internet. Google could be crippled. That’s what that statement threatens.
But let’s not kid ourselves. A capitalist government, like those in Europe, has a system to protect and, to do the protecting, its police agencies routinely use data collected on the Internet about its citizens. As Google’s Schmidt put it in 2010: “In a world of asynchronous threats it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it.”
So the issue here isn’t really how to protect people’s privacy; it’s how to balance the various approaches to impinging on it. Google says it needs information about you to match its marketing to what you buy; governments say they need information about you to monitor and control what you do the rest of the time. They’re trying to work out how these two approaches to information gathering can co-exist and not conflict with each other.
If, for example, a particular policy draws too much public attention to this issue or provokes a large lawsuit or gets people asking why their government isn’t — or is — doing something, that’s a problem. The government will then find its own privacy policies in the spotlight. That’s only one way this balance can become unbalanced, but in any case balance is the issue being disputed. There is really no debate about whether or not you have a right to privacy on the Internet. As far both sides are concerned, you don’t, and both sides are most pleased if you’re not paying much attention to that fact.
It’s persistently perplexing how little most people care about this issue. Even many of the most politically conscious will often just shrug and say “there’s nothing that can be done about it”. After decades of increasing surveillance (oiled by a government-encouraged paranoia about terrorism) we expect the powerful of our society to know everything about us and, apparently, most of us can live with that. Some of us appear to think we can’t live without it.
But that battering of our democratic consciousness has not only lowered our guard against violations of our privacy; it has actually fostered a distorted understanding of what privacy actually is. Or better put: it’s convinced many of us that a small part of the privacy debate is the entire debate.
For purposes of the Internet, privacy is your ability to communicate with other people excluding anyone you want from that conversation and your ability to say what you want to those people (and listen to what they have to say) excluding people you don’t want listening.
Sure, what you say to your family or which websites you visit or what you consider buying on the Internet should, in a sane society, be your business and taking a snapshot of all this is a horrible personal violation. But the more dangerous violation is that, in establishing the means to eavesdrop on your life and honing the ability to store and analyze that information, powerful forces are systematically limiting what the Internet can be about.
What humanity created as a tool of freedom and, in many cases, struggle has been taken over by corporations and governments wielding lawsuits, imprisonment and largely unnoticed anti-freedom laws to pervert its original intent.
“What’s been taking place…is that on a number of different fronts, extraordinarily large, monopolistic corporations have emerged: AT&T, Verizon, Comcast, at the access level; Google, Facebook, Apple, Amazon, at the application and use level. And these firms have changed the nature of the Internet dramatically…(and) they work closely with the government and the national security state and the military. They really walk hand in hand collecting this information, monitoring people, in ways that by all democratic theory are inimical to a free society.”
“Privacy” isn’t primarily individual and privacy laws aren’t in place only to address individual activities. In fact, you can’t be individually private on the Internet because then you wouldn’t be using the Internet. The privacy laws are there to make sure people can function in our exercise of free speech, exchange of information and association. They are, and always have been, a way to protect us from government inquiry and inquisition. Those laws that say a cop can’t just walk into your house and search it without a warrant or question you and those with you or keep close tabs on everything you do and who you do it with — those are privacy laws. They protect our collaborative activity from
government repression.
That collaborative activity is what the Internet has deepened and broadened. It lets us communicate with people all over the world involved in activities emanating from issues and concerns similar to ours. It lets people who are fighting for their rights in a country where such activity can get you jailed or killed talk to people world-wide who can support them. It permits coordination of struggles going on in vastly different environments in far-away countries. It cuts through our media’s lies about other countries with solid truth we learn from people in those countries. It helps unify us and helps us support each other in a rapid, almost immediate, way.
It’s what humanity needs and it’s the reason why the Internet now reaches two billion people.
But if the privacy is taken away, if a government or a corporation can read your email or follow you around as you visit and use websites, your use of the Internet for its most important political purpose becomes stored information that can be used to oppose and repress you.
Privacy, viewed that way, is the litmus test of a free environment. In that context, Google is a monster and the governments that are challenging it on such restricted grounds aren’t much better.
Yes, the progressive response to the European initiative on Google privacy should be to encourage it but with an understanding of its pitfalls and a loud outcry about them. Even if Europe has its way, the outcome will still be an erosion of our privacy and a further empowerment of those who would, in some situations, repress our movements for change.
So right now, those of us who are truly concerned about the future of this society and the world, need to place Internet privacy among our most prominent issues.
ALFREDO LOPEZ is the newest member of the TCBH! collective. A long-time political activist and radical journalist, and founding member of the progressive web-hosting media service MayFirst/PeopleLink, he lives in Brooklyn, NY