Some of my readers are probably old enough to remember the occasion in 1984 when President Ronald Reagan stepped up to a microphone for a sound check and uttered the memorable words:
“My fellow Americans, I’m pleased to tell you today that I’ve signed legislation that will outlaw Russia forever. We begin bombing in five minutes.”
This week’s Tech Weekly audiocast on the Guardian site (here) includes a brief interview with Eric Schmidt (it’s in the first 10 minutes, followed by analysis/discussion from the Tech Weekly team).
In the excerpt, Eric Schmidt explains to Jemima Kiss how Google happened to capture some network traffic as its rather inaccurately-named camera cars “sniffed” wireless SSIDs as well as StreetView image data.
Unfortunately – at least on the basis of this part of the interview – I am still not convinced that Mr Schmidt really has as firm a grasp on the privacy issue as I would have hoped for from Google’s CEO. Here’s why:
1 – the problem of cross-border jurisdiction. One of the examples Schmidt cites, of ‘how much data we all happen to disclose’, is that of mobile phone location data. He describes it as a ‘legal requirement’ that your ISP should be able to locate your mobile phone (in case it is needed for emergency services, for instance). As I understand it, that is a legal requirement in the US, but not in the UK, for example. I don’t claim to know which jurisdictions do and don’t require it, but that’s beside the point – the point being that the legal status of your mobile phone location data varies by jurisdiction.
When the CEO of a company with Google’s global reach and colossal processing capacity uses examples which suggest he thinks the regulatory regime is homogenous world wide, that does not instill confidence. Not all countries have the same cultural, legal or regulatory approach to privacy as the US, and it is dangerous to proceed on the assumption that they do.
2 – the issue of privacy and harm. At one point, Schmidt essentially argues that we need to keep the wi-fi data snarfing in perspective, and bear in mind that, as no harm has arisen out of it, it’s not really a privacy breach. Again, if one is in Schmidt’s position, I think that is a very dangerous position to espouse. For instance, there is (as yet) no indication that harm has arisen from the UK HMRC “2 CDs” data breach… so is that entirely privacy neutral? Of course not; it would be absurd to conclude that absence of provable harm means that no action need be taken as a result of the HMRC data breach.
Harm is one factor in assessing actual or potential data breaches, but it is absolutely not a sufficient metric for gauging privacy risk.
And finally, there’s the question of Google’s reaction to the wi-fi incident. What will they do as a result? Well, according to Schmidt’s comments, it’s predominantly a matter of “education” and addressing the fact that “people don’t like it”.
Those are part of the picture, for sure – but again, they are not enough. There are laws in this area – and if those are not given due consideration, the fact of whether or not people like your behaviour is somewhat secondary.
The point of my opening reference to Reagan is that often it’s not just a question of what is said, but by whom and in what context. It may well be that Schmidt’s heart is in the right place and has “Don’t be evil” tattooed on it – but I come back to the point that, because of the post he occupies, his pronouncements on these topics have a very particular weight and resonance. On that basis, I think we are entitled to less about ‘educating us about why we should like it’, and more about building respect for our privacy into Google’s business model.