Increasingly, Internet users are becoming highly sensitized to both perceived and real risks to their privacy associated with their use of the Net. While the real risks we face in this arena are serious enough, people’s confidence (or lack thereof) in products and services will in many cases be shaped primarily by perceptions, and often significantly less by the underlying realities. This highlights the critical fact that to be truly successful, efforts to reduce privacy risks must not only have genuine and ongoing positive privacy effects, but also need to be clearly perceived by users and the broader public to be in place and fully supported as primary goals of the organizations involved.
Web-based search engines are an obvious current focus of many privacy concerns, but as more traditional “desktop” applications migrate to tightly coupled topologies with user data stored on remote servers not under users’ direct local control (e.g. for PC searches, document preparation, e-mail, etc.), these issues and related potential risks are rapidly spreading across the entire computer and Internet spectrums.
Fears that users’ private information may be increasingly subject to intrusive perusal by law enforcement or other authorities (often with minimal and/or questionable cause) are further damaging user confidence in such services, with a range of issues related to data retention being an important element at the heart of these concerns. To the extent that potentially sensitive data is stored for extended periods, particularly in non-anonymous forms, it is inevitable that outside demands for access to it — on ever broader scales — will be accelerating. While individual court cases will of course vary in their results, the court system cannot be relied upon to always render appropriate decisions regarding such matters, particularly in today’s political and legislative environments.
I believe that Google, by virtue of its Internet industry leadership, technical and human resources, and corporate culture, is in a unique position. Google can demonstrate how world-class privacy protection policies and technologies can be developed and deployed in ways that enhance user confidence in current and future Google services — by proactively protecting users’ private data without interfering with service operations, innovation, R&D, or the legitimate concerns of law enforcement. Google could be the acknowledged global leader in this area, becoming synonymous with the concept of integrating new and advanced privacy capabilities into world-class Internet services and products.