google is your butler- the tension between utility and privacy

I’ve often defended Google’s thirst to know things about people with a butler analogy. Good software should, like a butler, try hard to understand your preferences and act on them for you without you even realizing they are there. That means learning and remembering things you’ve done in the past, and using that to base recommendations on. When you tell your butler ‘bring me desert, please’, he should remember that you usually like chocolate, and that all this week you’ve been experimenting with different cakes, and therefore bring you another variant on chocolate cake. If he suddenly forgot you liked chocolate and you’ve been having cake all week, you’d be irritated when he asked you those things again, or if he just brought you a canoli out of the blue.

Ideally you want your butler to know at least something about what your friends and co-workers are doing too- if I say ‘bring me a shirt’, and the butler knows I’m going out with the cool kids tonight, then I want my trendiest shirt based on what my friends think is trendy. But if I am going to the office and say ‘bring me a shirt’, I want the butler to know that my workplace is casual, but not too casual, and so on. I could of course tell him all these things every time he brought me a shirt, but it is easier for everyone if he just remembers, and perhaps does some outside research on his own.

Like a butler, you want your tools to work intelligently based on context and history, and Google is without doubt one of those tools- for many of us, the most important single tool in our computing lives. The problem, of course, is that your butler has a lot of incentives to keep your private information private. Surely the butler can be bribed, but therefore you pay him well and treat him like a human being, and you try to avoid these sorts of problems. Google’s incentives run at least partially the other way- they have strong incentives to mine that data extensively, to share it with others, and to collect well more than most people might think is useful, in the name of being the ultimate butler. And these incentives lead to risks- incentives to share with third parties that you might not trust; risks that things might be subpoenaed; risks that they might leak to Google employees or even outside Google; risks that effective advertising might use such information to manipulate your political views. On balance, most of us are going to look at these issues and decide that we’re OK with Google knowing these things, because the risks are remote and the benefits tangible. So we acknowledge there is a tension between privacy and functionality, and move on.

I wish that at this point I could announce some deep new insight about the balance between these two competing forces. I can’t; most of what there is to be said has been said already. The thing that makes me write about it right now is, of course, Eric Schmidt’s recent comment. The thing that bugs me about it is that he doesn’t seem to realize there is a tension. These words don’t speak of ‘we’re wrestling hard with this question every day’ (a reasonable compromise position) or ‘we’re doing everything we can to collect as little data as possible’ (the pragmatic civil libertarian perspective). They speak of a company (or at least a CEO) which doesn’t realize or doesn’t care that there are balances and compromises to be struck and continuously re-considered. And that, to me, is very, very troubling; more troubling than any particular policy position could be.

So I’m experimenting this week with other search engines, and once I finish moving I’ll be looking again at other mail and rss readers. I really don’t ask much of Google in return for trusting them; I’m not an absolutist, I just need to know that they are continuing to treat privacy as a difficult, multi-faceted issue that constantly has to be evaluated and considered. And if Schmidt is any indication, that isn’t what Google is doing right now.

46 thoughts on “google is your butler- the tension between utility and privacy”

  1. Disclaimer: I’m about as uncomfortable with Schmidt’s privacy stance as you are. If there were any set of services out there that I liked 80% as much as Google’s, then I’d probably consider switching, too. Any less than that, though, and the transaction cost of swapping services rapidly approaches painful.

    That said, I think there’s a counterincentive that pushes Google in favor of a “sane” privacy policy that I think you missed, and it’s present in the last paragraph of your essay. Google’s pretty much an advertising and datamining agency at this point, right? Their entire business model is built upon a foundation of getting people to use their stuff.

    The way Google initially accomplished this is straightforward: their search engine was orders of magnitude more useful than anyone else’s, and it turned the web into a usable place. We all know this. Gmail, too, was the first webmail client whose functionality wasn’t a pale shadow of any standard desktop client.

    The important thing to remember is that all of these services are “pull” services. Users type in http://www.google.com to search, users choose to go to Gmail for their e-mail needs. Google isn’t really a default option, except in web browser quick search boxes. And web search queries aren’t really the issue here, it’s things like e-mail, contacts, and the like that really concern us.

    I like to believe that if Google started acting truly egregiously when it came to privacy, people would leave for greener (or at least more secluded) pastures, and Google would lose their primary/only source of revenue. It’s that simple. Without trust, Google can’t be Google. So there exists a massive economic incentive to not drive people away, and that incentive is linked directly to how much Google can make themselves look like the prettiest person at the party.

    Of course, I could be entirely wrong. As a matter of history, it’s simply true that large groups of people tend not to inconvenience themselves based solely on esoteric principle. And that’s what de-Googling would be: an inconvenience. Switching e-mail addresses, outputting OPML lists of RSS feeds, etc. are not exactly Herculean labors, but they do come with their share of friction.

    Lastly, and crucially, I recognize that both Luis and I are abnormal when it comes to stuff like this. The vast majority of humans simply do not think about online privacy, data ownership, or similar topics with anything resembling depth or insight. It’s just not part of their cognitive world. Which makes the “benefits” of evading a Schmidt-style privacy policy basically disappear, while the “costs” of transitioning away from Google (at least in comparison) become absolutely massive.

    So I guess at the end of the day I just sabotaged my own argument. Oops. That’s what you get when you try and be optimistic and humanistic about internet privacy policy, or, well, privacy at all in the modern world.

  2. I’ll be looking again at other mail and rss readers

    How about Thunderbird? Or even any other desktop e-mail client if you don’t see dogfooding as sufficient reasoning to use something. I just don’t get the fascination with webmail (among technically well-versed users).

    1. Colby: I am using thunderbird for work, and my day job used to be working on a desktop mail client (evolution 1.0), so I’m not inherently biased towards webmail. But here is the thing- thunderbird 3.0, released last week, has no meaningful innovations over evo 1.0, released in 2001. (Tabs don’t count.) In the meantime, gmail’s conversation/threading model is vastly superior to the traditional tree-view of a conversation; tight integration of server/client filtering means I get the same mail view everywhere, not just my desktop; and great mobile version means my phone is a first-class citizen, which lets me do email everywhere. I get none of that with any traditional desktop mail client. (I did try to install raindrop last week, and will try that again soon.)

      stephen, Brian, others: you deserve more detailed responses than I can give right now- I’m running out the door. But will definitely write more tonight.

  3. “Google’s incentives run at least partially the other way”

    do they, though? and that’s a legitimate question, not a rhetorical opening.

    i’m not sure. clearly google has a motive to mine the data: there’s no debate there. but that is dependent on our willingness to share and provide that data, which is in turn dependent on their maintenance of our privacy.

    if it were discovered that google was surreptitiously selling our individual data, i think the backlash would be immediate, immense, and permanent for a certain portion of their audience.

    google, unlike any other technology power in history, is almost singularly dependent on our good will. and, comments like schmidt’s not withstanding, i have to think they know that.

  4. Well you have to trust some people. Just to post a reply here I have to leave an e-mail address and judge whether I trust the domain owner with that information.

    I’ve realized fully from the start the privacy implications of google. I’ve even realized the fact that being Dutch, having my information stored on US servers means weaker privacy protection. (And that from someone living in the record holding telephone tap country).

    I’ve in the past seen people mail client information to their gmail address so they can work from home. I’ve told them they can’t do that because we assured clients that we stored our information securely and they were subject to Dutch law. With Google they obviously are not.

    They always look at me like I’m a raving mad man. (until the company sent them a reminder of said facts)

    So no I don’t expect a move away from Google for privacy concerns. Unless someone blows this way out of proportion in the media.

    Whatever you think Google is still bound by US privacy laws and their terms of service. Trust in those, because when they break those there will be a media circus. And don’t trust Google or any of the online services with stuff you absolutely want kept private. I’d say don’t even store them on a computer unencrypted, if it’s that important to you.

    The same with Google docs, realize your data is stored online in the US. Potentialy the US government has access to it. So don’t keep your diary on there and write about your use of controlled substances if you want to travel to the US ;)

    But who are we kidding. People put their whole life in myspace etc… and twitter updates on where they are by the minute :/ Unfortunately most don’t give a hoot about privacy until something goes wrong *for them*.

  5. I was doing exactly the same you do (and I have problem with over-air sync of calendar and addressbook of my Symbian S60 phone to get rid of GMail), and found some places surprisingly good (Yahoo! Calendar Beta), but one tool I found indispensable and surpising http://blindsearch.fejus.com/ … the results made me thinking.

  6. […] to measure product/market fit (venturehacks.com) 7 points by richardburton 3 hours ago | discuss32.Google is your butler – the tension between utility and privacy (tieguy.org) 2 points by mbrubeck 45 minutes ago | discuss33.WebSharper – Write F# and Run […]

  7. I have to agree with Brian. Yes, Schmidt’s comment is deeply disconcerting. Yes, it makes me question Google as a whole. Yet, what are the alternatives? I know that Microsoft will always put business interests first. And I have generally very little trust in Yahoo, given my experience with them. Not that any of them (or anybody else) can offer services that would work at least 80% as good as Google’s. So for the foreseeable future I am stuck with Google as the lesser evil.

  8. […] google is your butler- the tension between utility and privacy I’ve often defended Google’s thirst to know things about people with a butler analogy. Good software should, like a butler, try hard to understand your preferences and act on them for you without you even realizing they are there. That means learning and remembering things you’ve done in the past, and using that to base recommendations on. When you tell your butler ‘bring me desert, please’, he should remember that you usually like chocolate, and that all this week you’ve been experimenting with different cakes, and therefore bring you another variant on chocolate cake. If he suddenly forgot you liked chocolate and you’ve been having cake all week, you’d be irritated when he asked you those things again, or if he just brought you a canoli out of the blue. […]

  9. Is there any good web-RSS reader out there? I was goo…binging for one few weeks ago but i haven’t found any real equivalent. And I would love to use only Gmail and nothing more from Google. Diversification is good.

  10. Honestly, I am against butlers at all on principle in real life, and I don’t think we need computerized butlers very much either. I think the “magic of great features that do everything for you and just anticipate your needs” aren’t all that important. I have never understood really why such things are on top of some users’ lists.

    Any discussion like this causes me to quote Jello Biafra: “Give me convenience or give me death”, which Jello pointed out was the post-modern corruption of USAmerican freedom ideals. I think a lot of people are too willing to say just that to Google, Facebook, et al.

  11. Thank you for saying this. Absolutely agree. I was shocked by Eric Schmidt’s words. I am trying bing, ask, yahoo!. Let’s see which one is better.

  12. Interesting post!

    Personally I prefer to do things by myself instead of using another human being as a servant and that, where it is possible, includes the internet (my 2 cent preference).

    I’ve switched from using Google’s search engine because of privacy issues and I am currently trialling http://www.startpage.com (which has a fantastic privacy policy).

    If Schmidt has ‘nothing’ to hide maybe he would like to prove it by publically publishing his personal details for all to see…

  13. I just can’t understand that logic. I mean, you’re not happy with the way Google handles your private information about searches, etc. But you live (happily and proudly, i guess) in a country which doesn’t respect people’s privacy at all.

Comments are closed.