Junkfood Science: Brought to you by Google

March 29, 2009

Brought to you by Google

Remember Google Health? That story and the follow-up ones gave us cause to pause before downloading our private medical records for safekeeping with Google. This month, the industry giant made the news for failing to protect the privacy and security of user data stored on Google Docs, and for its latest move to collect, track and store users’ online behaviors. But how many Americans have heard that the government has recently tasked Google to track most government data, as well as the online political-related activities of citizens to profile them?

In the news

The Electronic Privacy Information Center advocacy organization (EPIC) filed a formal complaint this week with the U.S. Federal Trade Commission to investigate Google’s failure to protect the private personal information of users. Just weeks ago, private records with personal information and spreadsheets stored on Google Docs — used by more than 4.4 million consumers — were breached by people without authorization. The glitch, which affected about 0.5% of Google Docs documents, has reportedly been fixed. It led EPIC to question the adequacy of privacy and security safeguards for Google’s “cloud computing services” (where private data is stored on a third-party server and accessed through the internet) and its ability to follow through with its marketing promises.

This story highlighted that no digital database can be completely secure. It followed the FTC’s international conference “Securing Personal Data in the Global Economy” on that subject. But the larger concerns were the lack of accountability.

According to the FTC complaint, Google tells the public: “Rest assured that your documents, spreadsheets and presentations will remain private unless you publish them to the Web or invite collaborators and/or viewers.” Yet, its Terms of Service “disavow any warranty or any liability for harm that might result from Google’s negligence, recklessness, mal intent, or even purposeful disregard of existing legal obligations to protect the privacy and security of user data.”

The bigger news story came earlier this month when Google announced its new behavioral tracking and interest-based targeted marketing program. Google is capturing users’ online activities, IP addresses, browser, time stamp and specific URLs, storing them and using them to create interest profiles of consumers for advertising. How long it plans to keep this data isn’t known. As the Register reported, nearly two years later, Google has yet to say whether it ever actually put in place its promise to anonymize its search logs after nine months.

Remember Doubleclick?

Google’s capabilities were greatly expanded when it acquired DoubleClick, the world’s most powerful online ad firm, last year. You probably remember that DoubleClick has run afoul of the FTC for years for its privacy violations in tracking user behavior through special cookies and creating user profiles. Years ago the company began combining online data, such as IP addresses, with offline tracking data to personally identify people by name and street address, storing it on Abacus Direct, and enable its use for targeted marketing. While DoubleClick has been collecting such data for years, the merge with Google, the industry giant with more than 60 percent of the market, inflates the concerns. The fact that Google already has the poorest record of privacy protections of any online business in the world makes it all the more worrisome. As writer Cade Metz explains :

The concern is that Google is gradually expanding the already vast array of data it stores on each individual web surfer —- data it could be coughed up after a Google hack or the arrival of a subpoena or national security letter. DoubleClick's ad serving technology is collecting surf data across third-party sites. It now appears that Google is combining this with data harvested on AdSense. And if the company ever sees fit, it could easily fold in the data collected on its juggernaut of a search engine.

IT expert, Michael Kassner, also reviewed the technology, security concerns and financial benefits for Google.

But profiling consumers to sell clothes, pharmaceuticals and cars is one thing. Profiling political activities on behalf of the government is something else.

Governmental profiling

Exception Magazine reported that the Administration has a new office called the Director of Citizen Participation and that it emerged from the Administration’s extensive ties with Google:

Google CEO Eric Schmidt is an Obama supporter and informal economic adviser. Katie Stanton, a former business development executive at Google who has helped with Google's election campaign projects as well as Google Finance and Google News, now heads a new, undefined position in the Obama Administration called the "Director of Citizen Participation."

Google claims to have the right to organize all of the world's electronic data for commercial purposes. The Internet giant is now also mapping much of the federal government's data.

Federal agencies are mostly prohibited from using cookies, which track user movements on the web, on their sites. But Obama's administration… use[s] cookies on all those Obama YouTube videos. Google could profit by leveraging this exclusive data to sell targeted ads to political advocacy groups. Critics also fear the Obama administration will be armed with a wealth of data which it can exploit for propaganda purposes. White House YouTube clips have led to this disclaimer: "We may record information about your usage, such as when you use YouTube, the channels, groups and favorites you subscribe to, the contacts you communicate with, the videos you watch and the frequency and size of data transfers, as well as information you display or click on... [and] track which e-mails are opened by recipients."

The National Journal goes on to report that Google’s unprecedented and expanding role in government includes deals with Congress which allow Google to place data-collecting cookies on citizens’ computers “when they view politicians’ video speeches, or even when they merely view the pages where the speeches can be watched.”

This practice overturns former Presidents who had sharply limited data collection on federal websites. This new system also “allows one company to collect huge amounts of data... The idea that the government would be endorsing any corporation having access to citizens’ political concerns... is a concern,” said Jeff Chester, founder of the D.C.-based Center for Digital Democracy.

Google privacy notice on the White House videos is more open-ended, and it's hard to tell exactly how the information is being used. “Google is keeping this cookie information, we know that," said Christopher Soghoian, a computer expert at Harvard's Berkman Center for Internet & Society. “What Google is doing with it is a secret.”

The article then explains that the clue came in March, when that White House YouTube disclaimer appeared. In its investigation, National Journal found that unique cookies, different from those of any other government agencies, were inserted onto their computers when they watched Obama speeches, such as at WhiteHouse.gov and MyBarackObama.com. Other cookies were discovered as being downloaded when browsers visit the Hubs for members of Congress. “The cookie-detecting software also showed that the congressional pages carried additional data files that can be used by tracking and analytical software owned by Google's subsidiary DoubleClick .”

As the article explains, these aren’t session cookies, which get deleted when you leave a site, these persist. According to Jacob J. Lew, former director of the Office of Management and Budget, since he’s not an agency, the President is exempt from the E-Government Act of 2002 and additional regulations issued by the Bush Administration in 2003 which prohibit cookies from being used on federal agency websites “unless, in addition to clear and conspicuous notice, the following conditions are met: a compelling need to gather the data on the site; appropriate and publicly disclosed privacy safeguards for handling of information derived from 'cookies'; and personal approval by the head of the agency.”

Beyond privacy, the article explains how the lines between political campaigning and government function are being crossed:

During the 2008 campaign, the White House collected the e-mail addresses and allied data about the concerns of roughly 13 million supporters and raised more than $500 million online, including tens of millions from donors whose identity the campaign was not required to announce. This data is valuable in part because it will help Obama's re-election campaign quickly raise donations and mobilize volunteers. On March 16, administration officials announced plans to mobilize its supporters, via the Organizing for America site, to help pass Obama's proposed $3.55 trillion budget for 2010.

White House officials declined to be interviewed on the rules governing the separation of campaign and state data. "There are indications that the administration wants to revise some of these laws, particularly with respect to the Internet…

Google is also working with federal officials to map out government data so that Google's most valuable property, the Google search page, can better direct citizens to sought-after government information. Any increased traffic through the Google Web page to federal sites gives the company a greater opportunity to sell advertising to government and commercial customers…

If you haven’t noticed how hard it increasingly is to find independent information when Googling, you haven’t been paying attention. It’s getting easier to understand why Google hits appear more selected on your behalf.

Bookmark and Share