what you can (and can’t) learn from Google’s EULA mistake

When people started complaining about the Google Chrome EULA, it seemed obvious to me that it was a copy and paste error- old language, copied into a new situation where it didn’t quite fit. But after Google explained that they had just reused language from other licenses, Gizmodo noted:

It’s not that I don’t trust Google, but the Ctrl+C, Ctrl+V explanation .. seems like an odd oversight for a product in secret, heavy development for close to two years.

Explaining why it isn’t that odd might give people a little better understanding about how corporate lawyers work, and maybe even what this does (and doesn’t) teach us about Google and privacy.

First thing this teaches us: Lawyers (like programmers) copy and paste whenever they can. On the plus side, a document that is copied is usually battle-tested- so you know you’re getting something that covers all the bases, generally does the right thing, and has no known errors. If you wrote it from scratch, you might forget or overlook something, and that would be a problem. And lawyers are expensive- so if the copy and paste saves them time, it saves you money. On the down side, a copied and pasted document sometimes doesn’t fit the new situation perfectly; for example, old language could take on new meaning when the software grows new functionality- which appears to be what bit Google here. Given lawyers’ love of ctl+c and ctl+v, this doesn’t seem that odd.

(Corporate lawyers in particular are notorious for copying and pasting, to the point that some venture capital groups provide their own legal documents, since they figure your lawyers are going to be copy and pasting anyway.)

Second thing this teaches us: lawyers are human too. Your eyes glaze over after reading just one of these EULAs, and corporate lawyers who work in this area can easily read hundreds of these, all very, very similar. This doesn’t excuse the mistake that happened here- lawyers are well paid to avoid exactly this kind of problem. But at the end of the day we’re only human- after reading the same phrases a thousand times, it isn’t too ‘odd’ that sometimes we miss the wrinkle that gives the same old sentence an entirely different meaning like it did here.

Third thing this teaches us: among lawyers, programmers are notorious for doing things first and asking the lawyers to check it over later, even the night before (or the day after!) the release. I have no idea if that is what happened here- it could well be that the lawyers were consulted from day one, and Google generally seems well-organized about this sort of thing. But it is quite possible that even in a two year project like this one the lawyers were called only weeks, days, or hours before the website went live- obviously increasing the odds of a mistake like this one. Again, lawyers are well paid to do things under pressure- so this shouldn’t have happened- but it isn’t too surprising.

What this doesn’t do is teach us much about Google, Chrome, and privacy.

First, we still don’t have a great idea what other privacy problems there are with Chrome. Google may no longer be claiming to own everything you publish on the web, but there is still a lot of data going from you to them, and I for one still haven’t seen a good analysis of that.

Second, some people have claimed that this shows us that when there is a public outcry, Google will respond, and therefore there is no need for government privacy regulation. I’m not convinced government privacy regulation is a good idea, and Google may well be very responsive to market forces. But the idea that this incident shows that Google reacts to the market is fairly ludicrous- remember, what we’re talking about here is correcting a copy and paste error. So, yes, we’ve proven that when a Google lawyer accidentally gives them the ability to do something they have no intention to do, they’ll fix the lawyer’s accident. But this tells us nothing about how they’ll respond when they actually consciously choose to collect data- they famously did nothing when there were huge complaints gmail and privacy, and their response when people actually take them to court seems to be that “complete privacy does not exist.

So was this mistake odd? Not really. But it tells us a lot more about how lawyers work than it tells us about Google, Chrome, and privacy.