Home / Blogs

Google Buzzkill

Rebecca MacKinnon

The launch of Google Buzz, the new social networking service tied to GMail, was a fiasco to say the least. Its default settings exposed people's e-mail contacts in frightening ways with serious privacy and human rights implications. Evgeny Morozov, who specializes in analyzing how authoritarian regimes use the Internet, put it bluntly last Friday in a blog post: "If I were working for the Iranian or the Chinese government, I would immediately dispatch my Internet geek squads to check on Google Buzz accounts for political activists and see if they have any connections that were previously unknown to the government."

According to the BBC, the Buzz development team bypassed Google's standard trial and testing procedures in order to launch the product quickly. Apparently, the company only tested it internally with Google employees and failed to test the product with a more diverse range of users who are more likely to have brought up the issues which were so glaringly obvious after launch. Google has apologized and moved to correct the most eggregious privacy flaws, though problems — including security issues — continue to be raised. PC World has a good overview of Buzz's evolution since launch.

Meanwhile, damage has been done not only to Google's reputation but also to an unknown number of users who found themselves and their contacts exposed in ways they did not choose or want. Exposing vulnerable users without their knowledge or choice even for a few hours can potentially have irreversible consequences. While Google is scoring some points around the tech policy world for reacting quickly and earnestly to the strident user outcry, the Electronic Information Privacy Center (EPIC) has filed an official complaint with the FTC, and that Canada's Privacy Commissioner has expressed disappointment and asked Google to explain itself. (UPDATE: A class complaint has been filed in San Jose, claiming that Google broke the law by sharing personal data without users' consent.)

Earlier this week I asked people in my Twitter network how they're feeling about Buzz after the fixes they've made. Some are now reassured but others aren't. For example, Joseph Lorenzo Hall wrote:

@rmack totally lost me for good.. I just can't believe that they won't do it again. It will have to be very useful/different to get me back

Some are leaving GMail altogether. Judson Dunn reported:

@rmack my boyfriend deleted his long time gmail account for good :(

I was so concerned about exposing people in my GMail network during the first week after launch that I stayed off Buzz entirely until Monday afternoon. By then I felt that the worst privacy problems had been fixed, and I understood well enough how to tweak the settings that I could at least go in without doing harm to others. After playing with it a bit and poking around I posted some initial observations and invited the people in my network to respond. There are still plenty of issues — some people who claimed in Twitter that they had turned off Buzz are still there, and I think Buzz should make it easier for people to use pseudonyms or nicknames not tied to their email address if they prefer. From Beijing, Jeremy Goldkorn of the influential media blog Danwei responded: "I like the way Buzz works now, and it seems to me that the privacy concerns have been addressed."

I've noticed that some Chinese Buzz users have been using it to post and discuss material that has been censored by Chinese blog-hosting platforms and social networking sites. If Buzz becomes useful as a way to preserve and spread censored information around quickly, it seems to me that's a plus as long as people aren't being exposed in ways they don't want. My friend Isaac Mao wrote:

It's more important to Chinese to make information flowing rather than privacy concern this moment. With more hibernating animals in cave, we can't tell too much on the risks about identity, but more on how to wake up them.

Buzz has unleashed some potentials on sharing which just follows my Sharism theory, people actually have much more stuff to share before they realize them.

But I agree with any conerns on privacy, including the risks that authority may trace publishers in China. It's very much possible to be targeted once they were notified how profound the new tool is.

The "Great Firewall" is already at work on Buzz, at least in Beijing. While most people seem to be able to access Buzz through GMail on Chinese Internet connections, numerous people report from Beijing that at least some Google profiles — including mine and Isaac's — are blocked, though people in Shanghai and Guangzhou say they're not blocked. Others in China report having trouble posting comments to Buzz, though it's unclear whether this is a technical issue with Buzz or a Chinese network blocking issue, or some strange combination of the two.

It will be interesting to see how things evolve, and whether activists in various countries find Buzz to be a useful alternative to Facebook and other platforms — or not. Whatever happens, I do think that Google fully deserves the negative press it has gotten and continues to get for the thoughtless way in which Buzz was rolled out. There are senior people at Google whose job it is to focus on free expression issues, and others who work full time on privacy issues. Either the Buzz development team completely failed to consult with these people or were allowed to ignore them. I am inclined to believe the former instead of the latter, based on my interactions with the company through the Global Network Initiative and Google's support for Global Voices. Call me biased or sympathetic if you want, but I don't think that the company made a conscious decision to ignore the risks it was creating for human rights activists or people with abusive spouses — or anybody else with privacy concerns. However, if we do give Google the benefit of the doubt, then the only logical conclusion is that in this case, something about the company's management and internal communications was so broken that the company was unable to prevent a new product from unintentionally doing evil. Nick Summers at Newsweek thinks the problem is broader:

Google is so convinced of the righteousness of its mission statement that it launches products heedlessly. Take Google Books — the company was so in thrall with its plan to make all hardbound knowledge searchable that it did not anticipate a $125 million legal challenge from publishers. With Google Wave, engineers got high on their own talk that they had invented a means of communication superior to e-mail — until Wave launched and users laughed at its baffling un-usability. Last week, with Buzz, Google seemed so bewitched by the possibilities of a Google-y take on social networking that it went live without thinking through the privacy implications.

Whatever the case may be in terms of Google's internal thinking or intentions, we have a right to be concerned. Too many of us depend on Google for too many things. They have a responsibility to netizens around the world to develop more effective mechanisms to ensure that the concerns, interests, and rights of the world's netizens are adequately incorporated into the development process.

I'd very much like to hear your ideas for how netizens' concerns around the world — particularly from at-risk and marginalized communities who have the most to lose when Google gets things wrong — might be channeled to Google's development teams and product managers. Rather than wait for Google to figure this out, are there mechanisms that we as netizens might be able to build? Are there things we can proactively do to help companies like Google avoid doing evil? Can we help them to avoid hurting us — and also help them to maximize the amount of good they can do?

By Rebecca MacKinnon, Journalist and activist; Co-founder, Global Voices Online
Follow CircleID on
Related topics: Privacy, Web
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign