Why Google Will Keep Playing Fast and Loose With Your Privacy

In December, a delegation from Google visited the NEWSWEEK offices to make the case that the search giant was bullish on privacy. They touted recent decisions to reduce the length of time that Google stores users' search histories, new measures to anonymize data, and other considerations meant to improve users' peace of mind as they entrust the company with more and more of their personal information. Welcome changes, all.

But now, Google is reeling from the disastrous launch of Buzz, a social networking service that competes with Twitter and Facebook. In addition to being annoying, Buzz came with alarming privacy flaws that exposed some users' frequent e-mail contacts. The episode shows that for all its high-minded intentions about respecting privacy, Google still has a launch-first-ask-questions-later culture of innovation, one that inevitabily overlooks privacy and other concerns as engineers race their ideas to market.

"To organize the world's information and make it universally accessible and useful": Google is so convinced of the righteousness of its mission statement that it launches products heedlessly. Take Google Books—the company was so in thrall with its plan to make all hardbound knowledge searchable that it did not anticipate a $125 million legal challenge from publishers. With Google Wave, engineers got high on their own talk that they had invented a means of communication superior to e-mail—until Wave launched and users laughed at its baffling un-usability. Last week, with Buzz, Google seemed so bewitched by the possibilities of a Google-y take on social networking that it went live without thinking through the privacy implications.

Part of the reason Google acts this way is that's simply the pace of the Internet. Say you have a great idea for a video-chat site—would you want to be plodding through due dilligence while a Russian teenager takes over the Web in the blink of an eye? Keith Coleman, Google's product director for Buzz and other apps, told me about the process of creating Buzz and watching the sparks fly. "As users of technology, we'd all had some really tiring, painful experiences setting up new products," Coleman said. "We really focused on making the out-of-the-box experience great—click on Buzz, go in there, and instantly see stuff from friends. And then configure it from there. That's where we made the wrong call on what the [user interface] should be." In some respects, this eager-beaver approach is part of Google's charm. On the other hand, it's a $170 billion company. Its people need to do their homework.

It's true that online privacy is a moving target—what was sacred years ago is fair game now. There was a time when most Internet users would have been aghast at the prospect of their minute-by-minute activities being broadcast to the world. Now people tweet their bowel movements. And the line will only keep moving. Today people consider their credit-card purchases to be private, but odds are that soon you'll know someone who uses Blippy.

None of this excuses Buzz. There, Google messed with the sanctity of e-mail, a service people want to remain squarely in the "protected" category. Admitting that Buzz was designed poorly, Googlers worked all weekend to change the way it connects users and what is visible on its public profiles. A further batch of changes is slated to go live today. (Google may not be out of the woods yet, though. Lost in the privacy hubbub is that Buzz has a strong mobile component, and on-the-go buzzes can be geotagged with a user's exact location.)

Sites such as Please Rob Me—a performance-art piece of a site that uses Foursquare check-in data to tell the world who is not at their home—illustrate that social-networking features are being invented way faster than we can think through their consequences. In 2007, Coleman told Lifehacker that "one of our core philosophies at Google is that users' data should never be held hostage." That's a great aphorism. Two years and change later, it's time for Google to come up with a similarly pithy tenet for keeping our data our own.