Shares of Google parent company Alphabet Inc. were dipping on Monday after the Wall Street Journal reportedthe company discovered a way for outside companies to potentially tap into Google users’ digital information and decided not to tell the public about it. I have three immediate takeaways:
1) This data privacy glitch is just like Facebook’s Cambridge Analytica scandal, except it isn’t.
2) Google made the wrong decision.
3) Consumers still can’t make informed choices about safeguarding their digital information.
First, the Google discovery concerned the company’s Google+ service, an ill-fated attempt to create a Facebook-like social network inside of Google. According to the Journal, Google discovered that for two to three years ending earlier in 2018, outside companies that could hook their apps into Google+ were able to access some information that friends of Google+ users intended to keep private, including their birth dates and profile photos.
Yes, this is similar to Facebook’s problem with Cambridge Analytica, which appeared to take advantage of loose Facebook rules to gather information on people’s Facebook friends without their overt approval. Google+ is not Facebook, however. The Journal said that in a test in late March, Google found that the software glitch potentially affected about 500,000 Google+ accounts. 1 The company couldn’t determine whether any Google+ information had actually been accessed through this software bug.
That’s a relatively small number of potentially affected people, particularly compared with the scale of Cambridge Analytica. Facebook said the academic working with the firm could have gathered information on up to 87 million people.
But on to point number two: The relatively small scale of the Google+ security hole does not excuse Google’s actions. The company evaluated a set of circumstances, including the public outrage over the Cambridge Analytica scandal at Facebook, and chose not to tell the public about the flaw in Google+. The company did this in full knowledge of the blowback it would face if the Google+ privacy glitch was known, and that makes what Google did completely indefensible. If the company had disclosed the Google+ problem in March, it would have been a big deal but not a crisis. This cover-up, however, makes the Google+ digital-security problem so much worse.
And last, I can’t believe I’m still writing this after a zillion scandals about digital information on the loose, but here I go. More than a decade into the era of prevalent social networks and smartphones, people still have no way to make informed choices about how to safely conduct their lives online.
People may not know all the gory details, but when they choose to use Facebook, Google+, Twitter, WeChat, iPhones and other technology products or services, they generally understand that the companies might collect dossiers on what they read, who they chat with and where they go. But people absolutely do not agree to whatever arrangements those companies make with outside parties to pass along personal information or data. Period.
The core of the problem exposed by Cambridge Analytica and Facebook’s relationship with hardware companies, by the reporting on Apple’s dealings with software developers, and by the Journal’s reporting on Gmail and now Google+ is that the public has no control. We have agreements with those tech companies, then those companies make agreements with other companies that permit them access to some information about us. This is not true consent from the public.
Google might agree to let a random online shopping company scan what I’m typing into Gmail, but I did not agree. Nor did I agree to hand over information from my Facebook account to a quiz app that one of my Facebook friends downloaded. Yes, somewhere in the terms of service of Facebook, Google+ and the Apple app store is legal language that allow those companies to share some information with partners for mostly benign reasons. But then we have to trust that Google, Facebook, Apple and others also make smart choices about the outside companies that can tap our information or that of friends — or that might break the tech companies’ rules in what information they access. The tech companies do not deserve this trust.
There’s no quick fix here. Interconnected technologies are a foundation of the internet age. There is no Uber, for example, unless Uber’s technology connects with Google Maps and iPhone location technology, for example. But the era of half-baked internet consent cannot continue.