Hey, Google: Being evil is not just doing evil

2010-02-12 20:16

Google’s corporate motto is, officially, “don’t be evil”.

Let’s look at how that’s playing out. Their recent buzz launch included Making it easier for an abusive ex-husband to find someone.

Oops.

Here’s the thing. Google is now powerful enough to argue with, and possibly threaten, governments. That’s a lot of power. And they have a lot of information. And they don’t seem to understand that, when you are that powerful, mere carelessness is evil.

See, Google’s been thinking “don’t do evil” — don’t act in malicious or destructive ways. But that’s not enough when you’re powerful; you have to actively think through the consequences of your actions. You have to consider how they’ll play out, and what the risks are. And perhaps most importantly, you have to make sure you accept the high costs of doing things right.

But “being evil” doesn’t mean only actively seeking to do harmful or destructive things. It also means not caring enough to avoid doing them. Example: I have cats. It’s not enough that I don’t specifically try to kick them; I have to exercise some sort of caution not to inadvertantly step on them (which ain’t easy!).

Google has a ton of private information and the capacity to expose that information to various people. It isn’t enough that Google isn’t actively seeking to hook people up with their stalkers. They have to exercise some sort of care to make sure they don’t inadvertantly do so.

Privacy is a real thing. It is a thing which matters. Google reps keep saying stupid stuff about how people shouldn’t do things they need hidden, but that’s just, well, stupid. People like privacy; it’s emotionally important to many of them. Even if there’s no other harm from loss of privacy, it undermines a key component of what allows most people to be emotionally stable. Privacy needs to be more important to Google. If the people in charge want to live open lives without privacy, they can… although oddly they don’t. (You never see the people who advocate this posting detailed comments about their sex lives — perhaps they do know about privacy, and just don’t realize it can apply to other people?)

If Google were to treat privacy as a real thing of intrinsic value, they could avoid some of these screwups. They could have made buzz a service to which you opted in. Then, they could have offered you a list of the people who might automatically start seeing your Google Reader posts and the like, and asked “Would you like to make this information available to these people?”

And then, people who were trying to hide from rapists with a grudge wouldn’t have to go out of their way and fight with a computer for several hours to try to keep from automatically exposing their location, while people who live pretty open lives could add all their friends.

If Google did this, their social networking service would grow much more slowly, because it wouldn’t automatically start out with a huge user base, many of whom hadn’t even heard of it and had no idea they were part of it. That would slow down the rate at which Google could grow, but that would be the price of not being evil. Instead, Google went for the fast, unconsidered, solution, and for all we know, someone could die as a result. That’s evil.

Google people: Please. Take it seriously. “Don’t be evil” requires you to be careful, not just innocent of actual malice. Go pay Bruce Schneier a few million dollars to explain privacy to your senior staff until they understand it — I promise you, the public return on that investment would beat the return on any other investment you’ve made in years. If you don’t agree with him, stop and ask this: Has Bruce Schneier ever signed a rapist up for instant real-time updates on the location and status of a person he was stalking? No? Then maybe, just maybe, he knows a bit more about how to “not be evil” than you do.

Stop thinking you know everything. You don’t. You’ve got some very smart people, but you don’t have anything near a majority of the smart people in the world, or a majority of the domain knowledge or expertise. You need a lot more focus on thinking about what to do, not just about how to do it.

Also, I would strongly recommend that you, right now, go and turn buzz completely off for all users, apologize to the ones who had actively turned it on, and explain that you’re going to be making the choices clearer, and letting them choose how to participate. Otherwise, there are going to be more of these, and not all of them will notice before someone ends up raped, dead, or both. And that will be because of something you did even though you had the information available to avoid it. And that will you, being evil.

Peter Seebach

,

---

Comment

  1. Since I don’t use Google Reader, I’m not sure exactly what it shares. But the problem, as I understand it, is that this woman didn’t expect her Reader account to be traceable back to her. The privacy violation was in the linkage between the two. And even there (who knows?) the link might have been public but hard to find. That’s subtle— especially when you make the mistake of thinking people only email folks they like. Let’s hope Goggle either learns fast or gets out of community-oriented services.

    — David Leppik · 2010-02-13 10:48 · #

  2. I wanted to recommend Schneier’s essay The Eternal Value of Privacy, but reading further down I think you already read it.

    Also, Schneier already explained privacy to Google’s senior staff on his blog, precisely with the essay linked to above.

    Google’s foul play has been obvious for years. Fortunately, you can search with Google without Google.

    lacos · 2010-02-19 15:55 · #

  3. To paraphrase Stalin, how many divisions does Google have?

    — damaged justice · 2010-02-22 09:45 · #

  4. Good, very good, smack. I started a rather dreary blog through what they eventually acquired. I stopped that pretty damn quick.

    -lurking in asr.

    — Sano · 2010-04-19 19:00 · #

 
---