"We've been tidying up a little, making our privacy policies and terms more consistent, easier to read and easier to understand. You see while privacy policies, ours included, may not be the most popular read on the Internet, we think they're important. So instead of over 60 policies for different Google products and features we're introducing just one with fewer words, simpler explanations and less legal gloop to wade through."
One Policy to Rule them all
From 1 March Google is radically overhauling its privacy policies. In broad terms Google's numerous (70, not 60) policies will be replaced with just one. Consequently instead of a policy for Gmail, one for Google Calendar, one for YouTube, another for Search and so on they will be amalgamated and no longer tied to services, but accounts. Crucially Google will then share the information you provide across all these services, though not with third parties. Again the pitch is compelling:
"Over time it'll mean better search results and ads, we'll understand that when you search for Jaguar you're looking for a jaguar [animal] and not a Jaguar [car]," claims Google. "It can mean more accurate spelling suggestions because you've tagged a word before and it may even mean we'll be able to tell you when you'll be late for a meeting based on your location, your calendar and local traffic conditions. All of which means we're not just keeping your private stuff private, we're making it more useful to you in your daily life too."
These benefits are tangible. If you discuss your interest in something in an email YouTube may suggest videos about it and search results will be automatically refined to improve their effectiveness. For Google Apps (professional Google accounts) the situation is slightly different: core Apps services (Gmail, Calendar, Docs, Sites, Control Panel) have their own contract which takes precedence over the new privacy terms so they will be unaffected. Access non-core services (YouTube, Picasa, Blogger, etc) with your Google Apps account however and information will be shared between them.
Why you should be worried
Four key reasons: stubbornness, convergence, exposure and track record.
"At the end of the day, I don't think their answers to us were very forthcoming," claimed Republican Mary Bono Mack after House lawmakers grilled Google officials about the unified policy on 2 February. "The concern of Congress is how much active participation does a user have to do to protect their own privacy," she added. Google has not publicly replied to this, but confirmed the 1 March switchover will go ahead regardless and - short of closing their accounts - users cannot opt out. Such a stance implies sharing user information across its services is a critical step in the continued evolution of Google's business model, so what comes next?
"Given the increasingly personal and targeted information that services such as Google+, Android devices, Address books and Gmail collect it is not surprising that the proposition to aggregate and correlate all this information is worrying for the consumer," argues Rik Ferguson, director of security research and communication at Trend Micro. "It would be in the interest of consumer choice, not to mention privacy and security to give the user the choice of which services they allow to access this aggregated data and which are explicitly denied."
The greatest fear to stem from convergence is the loss of your data. Immediate thoughts turn to theft - both physical and online via hackers - and greater sharing of privacy information risks wider exploitation from these parties. This is small beans, however, compared to key wording within the 'Information Sharing' section of the new policy. It answers the question of when Google will share your data with third parties:
"[If] We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law."
The vital part is (a): Google will release your data to any government to "satisfy any applicable law, regulation, legal process or enforceable governmental request". Be warned.
Google famously lives by (and is frequently attacked using) its "Don't be evil" slogan and it has historically fallen down most often when it comes to privacy matters. Google Buzz exposed users' contacts and resulted in an FTC settlement, which included an $8.5m fine. Its Street View mapping service was criticised for taking unauthorised pictures of people and their homes and inadvertently collected over 600GB of data from users' WiFi connections in over 30 countries. These examples represent just a snapshot.
Why you should not be worried
"It may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties... This approach is ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers... I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year."
This hugely insightful statement was made by Justice Sotomayor earlier this month in her closing comments of the United States vs Jones case in the US Supreme Court. In it the FBI was found to have violated the Fourth Amendment in attaching a tracking device to a defendant's car without a warrant. The case is significant because this concluding statement separates privacy from secrecy and frames it within the context of a digital age in which we use social media to tell people everything, but want organisations to know nothing.
Furthermore it sets a precedent that, despite Google's open house policy for governments to look into your data, there should be actual suspicion and due process before it can be accessed. This is in stark contrast to Google's own attitude. "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" claims Eric Schmidt, Google's executive chairman. The statement may be glib, but he has a point.
As for the origins of the unified policy, its foundations have long been in place. Google maintains an archive of all its past policies and since October 2005 the company has stated: "We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services." You were warned.
Why Is Google Doing This?
Aside from the rights and wrongs, a bigger question needs to be asked: what motivates Google to unify user data in the first place? The answer is simple: Google is losing.
For all its plethora of products and services, at its heart Google is an ad provider. Everything it offers is simply a spoonful of sugar to help the advertising go down and its 'free' business model only works if users keep clicking. In order to achieve those clicks, ads need to be a) as relevant as possible, and b) better than competitors because there are only so many ads users are inclined to click per day. In this regard someone is doing it far better... Facebook.
For ad providers our digital identities are now the key asset to revenue growth and while Google makes a lot of intelligent guesses what it actually knows when put to the test is surprisingly vague. Click on Google's Ads Preferences Manager and you will find it may have your age group right, your sex and your areas of general interest. By contrast Facebook knows not only your age, sex and specific interests, but also your location, friends, social life and day-to-day thoughts - and it is encouraging you to backdate them.
"A bad situation for privacy is bound to get much, much worse," argues Paul Ohm, associate professor of law at the University of Colorado School of Law. "It's especially bad because now we've got really vigorous competition between Google and Facebook, and they're competing on our secrets, basically. Whoever can make money out of our secrets is going to win this battle."
Google is not alone. Take just the last few months: TomTom has teamed up with Motaquote to track our driving in exchange for lower insurance premiums, Apple has launched free iBooks publishing in exchange for exclusivity over our work and Amazon's new Silk browser receives your web history in exchange for potentially optimised loading times. All the while tensions are rising as companies begin to bash heads.
Speaking in 1999 Sun Microsystems CEO Scott McNealy famously proclaimed, "You already have zero privacy. Get over it." He was right then and he's right today, but at least companies are willing to give you things for it...