Privacy researcher Chris Soghoian gave a very nice talk at TEDx recently on “Why Google Won’t Protect You From Big Brother.” He provides a cogent overview and some useful perspective on the relationship between companies and the government, which is something we at the ACLU have been concerned about since our 2004 report on the Surveillance Industrial Complex, and before.
Among the points that Soghoian makes:
• Internet, social-networking, and telecommunications companies receive tens of thousands of government demands per year for their customers’ information. Whereas surveillance used to be costly and expensive and require entire teams of agents, it can now be accomplished at the stroke of a key, so a lot more of it takes place.
• All companies must respond to lawful requests for data. But “some companies lean more towards protecting users’ privacy, and some companies lean more towards providing loyal assistance to the government.”
• Google is the most transparent company, posting aggregate request information on the web about government requests for information.
• Google and Twitter both have a policy of notifying users about government requests, whenever they are permitted to do so by law. This gives the users the opportunity to contest a demand for their data should they wish to do so. These companies have also gone to court to defend their users’ privacy from the government.
• The ad-based business model that supports free online services is inevitably in conflict with the protection of privacy (the saying is, “if you’re not the customer, you’re the product”). The only true privacy protection is for data not to be retained in the first place, but Google, Facebook, and other companies that provide free services all retain their users’ data, and for significant periods of time.
• Fee-based business models such as cell-phone service, on the other hand, are not inevitably in conflict with privacy. Their customers write them a check each month, so they could choose not to retain personal information such as texts, web sites visited, and location data without any harm to their business model. (We at the ACLU don’t think the mobile phone companies should be retaining location data and other sensitive records longer than strictly necessary without the customer’s affirmative permission, and have called upon the telecoms to stop doing so.)