Google and Privacy: An Open letter to Sergey Brin, Larry Page, Matt Cutts, Vic Gundotra

An Open letter to Sergey Brin, Larry Page, Matt Cutts, Vic Gundotra

Subject: So, does Google look into their users' private, non-shared files, and might close accounts if an AI decides that there is something illegal there?

Dear Sergey, Larry, Matt, and Vic,

Something sad happened to the world of cloud computing over the last week. I have followed with great interest the events of the now-celebrity @thomasmonopoly about Google closing his account.

Here is the short story: @thomasmonopoly had a bunch of (non-shared) images in his Google account. A program at Google flagged some of them as child pornography. His account was suspended. He complained loudly. He went viral. Google first ignored. Then backed their actions. They finally relented and apologised as there was no child pornography there, just an arts project -- a real one.

The full story is at the bottom of this article.

So, what started all this?

Normally, to get through the appeal process, it might take weeks. @thomasmonopoly was lucky, and loud, enough to take days.

Am I the only person who sees a problem here?

I trust Google to keep my information safe. I don't expect nor appreciate anybody -- not a program, not a person -- look into my data, at any point, for any reason. Not from Google, not from anywhere.

Let's say I have an objectionable photo in my computer, that might look like child pornography. Here are the cases where Google should possibly be allowed to start an investigation:

  • If this photo is public (that is, if I set a photo as visible to everybody);

  • If this photo is private, but I show it to a bunch of people and one of them finds it objectionable, and notifies Google about it (therefore transferring viewing rights of that photo to Google);

  • If this photo is private, but there is a court order that my files should be seized or otherwise obtained, because there is an investigation happening against me.

In any other case, then sorry, Google, Larry, Sergey, Matt, Vic, but "no". You don't have the right to even let a program look at my photos -- let alone a person. My data is mine.

There are too many corner cases: infants in a bathtub, nudists, artists, photographers, art students, art projects. And at this point, people need to take a stance and talk about this, openly, and freely.

So, let's.

I am very happily married with Chiara -- and have been for 2 years. Chiara looks exceptionally young for her age. In Australia, we can -- and do -- go to the beach and swim -- hear hear -- naked in the ocean. I might well take photos of her, and myself, at the beach in such a setting. We feel no shame with it, and I frankly don't care what puritans in the world think of it, regardless of what country they are from. Now, let's say that I want to share those photos to a very small set of friends in my Google+ account -- the people I share these photos with are likely to be well aware of our swimming habits, and either laugh at or simply like those photos.

Please note that, in my use of Google+, this might not be such a corner case. This is exactly the beauty of Google+: I can share different things with different people. I might well decide to share photos of myself and my wife having a skinny dip in the ocean with a bunch of hippies in Australia.

First, let's talk about the legal issues at stake. Is a photo of my wife naked legal in the United States? The answer is "who knows". She might well look like a minor in some photos. She doesn't mean to, she just does. As far as I am concerned, even possessing a photo of her naked could be a crime. There is no real solution to this issue. My solution is simple: I encrypt my home directory, and will never -- ever -- give up my password, under any circumstances. Plus, I backup my data on servers that are not in the United States. I simply don't want to deal with this problem in general, and this is the only way for me to "solve" it.

Second, let's talk about ethical issues. My private photos, even if they are on Google servers, are 1) Mine 2) Private. These two words are really important. They are mine: nobody should have access to claim them as theirs, no matter what. They are private: nobody should be able to see them, no matter what. (Except, if there is a court order or unless I decided to share them).

Third, let's talk about customer service. If I did share some photos of Chiara accidentally, and somebody sees them and complains, then Google obviously needs to deal with this. At that point, a human being should look at them (I shared them after all...) and take action. At this point, I realise that Google has a responsibility and that person needs to judge the action to take. But:

1) If a photo is clearly illegal with no doubts (I am talking about sexually explicit photos involving children), then Google should investigate further:

  • If it looks like the user uploaded the photo (by checking for example what IP uploaded it with IP geographical location), then Google should warn the authorities and get a warrant to check the rest of the photos in the account;

  • If it looks like the user was hacked, Google should reset the password immediately, notify the user to the alternative email address, delete the photo, and explain to the user that somebody from [location] uploaded questionable material; Google should then tell authorities about what IP uploaded the photo, and the photo itself;

2) If a photo is borderline, then Google should simply send an email to the user, and explain that the photo, shared publicly or to a subset of users who complained, is possibly questionable, and to please explain the nature of it. Google could then take action from there based on the user's history: if it has happened before, or why the user has such photos, etc. Google might also warn the user that his or her account will be suspended if the photos are not made private

Please note that Google should only ever make a judgment based on the public photos. Any other private photo or piece of information in the account should be left as it is, private, unless a warrant is granted.

If all this were true, I could happily post photos of myself and Chiara having fun at the beach, and share those photos with her, without worrying about an over-intelligent artificial intelligence that might decide that Chiara looks too young for her age.

Personal data should not be violated. Ever. And appeal processes should take 2 days, not weeks. It takes people, training, money, but you simply owe it to your users.

People with Chromebooks will never be able to take photos of their infants in a bathtub. They can't be nudists. Or artists. Or photographers. Or art students. Or... anybody who's not a full puritan, really.

Right now, in Google land, we live in a land of fear.

Merc.

P.S. I write this in full knowledge of how encryption could help here. I am also aware that encryption would make things so complicated, they would quickly become impossible to use. I would have to encrypt the photos with the recipient's public key, and so on. This isn't done now because it's not practical to do so -- and because if it were done, it would soon became a tool for people to share truly illegal contents. And this post is not about people sharing very secret contents, but it's about feeling safe that my host at my hotel is not looking through my room checking what I have, without me having to bring a huge safe with me.

Note: here is the list of events I mentioned, with links:

License

Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice is preserved.