Todd "Turbo" Watson -- IBM Corporation
There's been quite a bit of blogosphere bluster about Google's new release of the Google Desktop beta, specifically around their new "Search Across Computers" feature.
If you haven't used Google Desktop, know that it includes a very powerful desktop search capability, one which I use to find presentations and other files all the time. But in examining the fine print around the "Search Across Computers" feature, it does give one pause with respect to one's privacy.
As explained on the Google site, the new "Search Across Computers" function allows one to search documents and view Web pages across all your computers. Specifically, you can search your Web histories in all the major browsers, as well as Microsoft Word, Excel, and PowerPoint documents, and also PDF and Text files.
You Have Nothing to Hide...Do You?
Here's the issue: To do so, all that information must be uploaded and stored on a Google server. That means Google could potentially have copies of any and all documents that contain your very personal information: tax returns, medical and financial information, anything that you store on your desktop. (Enterprises beware, that could also include sensitive and proprietary business data as well.)
The Electronic Frontier Foundation pointed out in a press release yesterday that this makes users' personal data "more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password."
The EFF release goes on to point out that the government could then demand users' files with a subpoena, and not the search warrant that would be required to seize information from your computer otherwise.
As powerful and useful as the Google Desktop feature has been, I've not yet flipped the switch to turn on -- nor do I plan to -- the "Search Across Computers" feature.
The way I see it is pretty simple: What they can't host won't hurt me.[Read More]
The Pew American and Internet and Life Project continues to deliver useful and insightful reports about human behavior and our use of the Internet.
In its most recent report, entitled "Teens, Privacy and Online Social Networks: How teens manage their online identities and personal information in the age of MySpace," some key memes emerge which should provide parents and other relatives (especially the older ones who didn't grow up with the Web) regarding their increasing savvy about both the risks and opportunities presented by the digital media.
Lead sound bytes:
They observed from a 2000 report that teens had embraced instant messaging and other online tools, and by 2004 in another major study had taken to blogging and a wide variety of content creation activities:
"Teens who adopted these tools were no longer only communicating with text, but they were also developing a fluency in expressing themselves through multiple types of digital media -- including photos, music and video."
Social networking continues to drive the evolution of teens' use of the Internet, and this latest Pew report indicates that teens themselves are increasingly astute about their identities and release of personal information online. But continued vigilance and education on the part of parents and guardians of teens online are key to continuing that evolving savvy.
You can download the report directly here.[Read More]
Google's search guru Matt Cutts doth protest too much in a recent post about privacy and Google's Web History feature.
But in light of the impending GoogleClick merger, it's understandable, and I appreciate his attempt to set the record straight about what Google does and doesn't do with the personal information it gathers on my behalf as I Google my way around the planet.
As an example, Matt points out that Google will anonymize my queries after 18-24 months, so that my PII can't be associated with my queries beyond that time frame.
He also points out that my ISP has much more information about me than Google does...it's the ISP that keeps all the IP addresses I visit (and which can also be legally verified with a credit card.)
And hey, ISPs even sell my information. Shocker!
But it was never Google that I was concerned about when it came to the abuse of my clickstream data or search history.
It was the U.S. Department of Justice.
Or my future employer.
Or my health maintenance organization.
Or anybody else whose business none of it ever was but whom might, someday, want to get access to the aggregate digital footprints I've left strewn about (even if only for the past 18-24 months).
That's where the Tropical SEO chimes in, explaining something I was saying to anyone who would listen as far back as 1999: That privacy protection would someday become a cherished competitive feature/function in the new digital milieu.
It seems that day has arrived. Tropical writes:
"At a certain point, search relevancy is a relative commodity, and other priorities are going to determine whether searchers hang their hats. For millions of searchers out there, the overriding "other priority" is privacy....I believe that switching costsare higher than most people commonly think for a search user; at thispoint the only thing that would make me switch my homepage and defaultsearch to Live or Ask would be if they became “the privacy engine” (e.g. take Google’s anonymizing to a new level–2 weeks?–and set a much shorter cookie, etc.)"
Privacy as cherished competitive advantage is also why you're also seeing companies such as "LifeLock" starting to secure $6M in Series B funding from the likes of Kleiner Perkins.
Because identify theft prevention is now a matter to take on offense, not defense, and there are now over 100K LifeLock customers paying $10 a month to help ensure that their identity stays their own.[Read More]
Holy Web conferencing, Batman! Cisco's buying WebEx for a cool $3.2B U.S., according to Reuters.
Meanwhile, back at the Google search ranch the Googlers have gotten that privacy religion, announcing that they will now anonymize server log data after 18 to 24 months (well, which is it? 18 or 24??)
Though the U.S. Department of Justice wouldn't necessarily agree, to my mind this was a step in the right direction.
I've thought for many Internet years that Google was sitting on a virtual personal data nuclear bomb with respect to the storing of users' search data -- remember the AOL search snafu from last year when several heads rolled down the hill in Virginia?
My feeling has always been this: Why should I be any less anonymous using a search engine than I am walking into a public library or bookstore and browsing the stacks?
And yet, until this announcement, the policy was that the log data was kept "as long as it was useful," which seemed to suggest that my search data with Google could be directly tied back to my IP address and, therefore, to my ISP, and, ultimately, to me at anytime.
Now, that data will be anonymized every 18 to 24 months, except where Google could be required to keep it longer for legal reasons (there have been several bills floated in the U.S. Congress that would require ISPs to store search data by law for various requisite periods of time).
Noted search expert Danny Sullivan has a full run down on this important policy change here. If you have any interest in becoming more educated about how Google works and what data it collects, I highly recommend you read Danny's post.
It's especially noteworthy that the log changes will not alter an individual user's personalized search history. As Sullivan points out, this information will NOT be destroyed or anonymized over time. So, proceed using Google's personalized search with caution.
You can then decide for yourself whether or not Google has gone far enough. Personally, I've long been a big fan of Google, and I'd hate to see privacy become their ball-and-chain. [Read More]
The Google Mint continues to demonstrate steam in its latest earnings, with net income having climbed to $1B in the latest quarter, reports Bloomberg.
CEO Eric Schmidt explained that "We overspend relative to what people think we should capital..." and ..."underspend on people in, say, customer service because we're automated."
But the Google $$$ printing machine ain't the only thing being automated out in Mountain View.
Search swami Danny Sullivan has also outlined some new changes to its search history system. The feature formerly known as "Search History" has been renamed "Web History."
The feature allows Google to record each and every single search and Web site you visit.
Google is being purposely transparent about the move, but the level of personal data associated to individuals is greater than it has ever been with this move.
On the other hand, the personalization of search brings great user benefits, allowing the consumer to reach back and easily find previous searches or Web site visits (search the searches!).
It's a mixed bag. Become a more informed and educated Googler. Read Danny's post and decide if the privacy tradeoff is worth it for you personally.[Read More]
Just last week on a call with my extended team I was reviewing the new Google Street View capability, and explaining the reaction many had had to it from a privacy perspective.
During my conversation with the team, I had mentioned that it would likely only be a matter of time before concerns were raised around the use of such information by terrorists for the planning of their heinous crimes.
Then lo and behold, this tidbit falls over the transom from the CNET "News Blog" stating that the JFK terror plotters used Google Earth to obtain detailed aerial photographs of JFK airport.
According to a court document, the blog reports, one of the four defendants indicated that one of their surveillance videos was not sufficiently detailed for operational purposes, which is when they allegedly resorted to Google Earth instead.
While a Google statement from earlier today highlighted the attention that its Google Earth team has paid to security risks posed by its satellite imaging tool, and that they're not the only player in this market, CNET's Caroline McCarthy also points out that such tools "certainly do make it easier for a would-be terrorist to obtain such maps anonymously."
I would expect this turn of events to lead to at some further public debate and deliberation (perhaps in the U.S. Congress?) about the implications of anonymous access to such valuable satellite imagery online.
Our collective safety and security might well depend on it.[Read More]
Can't we all just get along?
Apparently, we can.
Mashable is reporting that Photobucket and MySpace have now kissed and made up, with Photobucket video embeds once again working on MySpace pages after being forced to stand in a virtual corner for the past two weeks.
But Mike Arrington wants to know "who blinked first and why," explaining that Alexa data suggests Photobucket got a PR boost from the controversy as opposed to what many would have expected to be a significant traffic decline.
Bad news is apparently better than no news at all.
Speaking of PR, DoubleClick is going on a rebranding offensive with an excellent example of new media communications online via a site called "Nervecenter," complete with chic video interviews with CEO David Rosenblatt, who speaks about the new new DoubleClick and the opportunity ahead for "redefining the digital space."
Alas, the redefinition does not seem to have been redefined prior to the announcement of Google's intended acquisition of DoubleClick, which means there's no lipstick to be found anywhere on the "Nervecenter" site about the looming privacy pig...or was that an elephant???
In any case, the "Nerve Center" is (mostly) very well executed -- long on style, shorter on substance -- but struck a nerve with me by not having any RSS feeds in sight?
What does one have to do to get a subscription around here? Drop a cookie?[Read More]
Didja see the Grammys last night? I made it about halfway through then realized that I'm woefully out of touch with modern music.
Dug that Circque du Soleil homage to the Beatles, though.
If you missed all the action at the Staples Center, Mahalo's Jason Calacanis found a few video clips on the Internets, including Amy Winehouse's satellite performance of "Rehab" live from London (Winehouse took the most Grammys for the evening, at five.)
The morning after, as the candles were burning out from the all-night Grammys after parties, I stumbled upon this story from the New York Times about Facebook's seemingly endless personal information misuse saga.
The Times' new angle: What happens to your information when you break it off with Facebook?
Apparently, not much -- including having your information not getting completely erased, even though that would be most peoples' expectation after deleting their account.
Speaking of Grammys, as one person interviewed for the story explained: "It's like the Hotel California...You can check out any time you like, but you can never leave."
Says another: "...they save your information without telling you in a really clear way."
Facebook's explanation: Leaving some of that basic profile and historical information available in deactivated accounts makes it easier for former Facebookers to return to the fold and reactivate their accounts so that "their information will be available again just as they left it."
What, just in case one goes into Newsfeed withdrawals and is compelled to come back to Facebook?
May be. But Facebook may soon find themselves in consumer data retention rehab themselves, if they're not careful.
The way I see it: It was my information before we started seeing one another, and it'll be my information long after we're done.
Allow me to delete it, all of it, when I decide to leave -- easily and without a court order -- and you might just get another shot at me.
But hold my information hostage...well, that's just no way to treat a former customer, and I'll remember it long after you've allegedly deleted my account.
Though I've talked extensively in past postings about identity theft and what we as consumers can do to protect ourselves (and our identities), I also wanted to point out some new IBM solutions and approaches that can help organizations with this critically important challenge.
As a reminder of how pervasive that challenge is, in the U.S. alone identity theft has already touched one in 20 adult Americans. To help drive this number down, companies need to be taking a more holistic approach to identity management.
To that end, earlier this week we launched the IBM "Identity Management Services," an end-to-end portfolio of capabilities that cover the entire identity management lifecycle - from identity proofing to user provisioning to access control. You can learn more about this offering here.
Also, don't think you have to be a gargantuan company to benefit. This week we also announced IBM Tivoli Identity Manager Express, a software tool that provides those of you in the SMB marketplace a way to manage passwords, user accounts, and access permissions from a single point. This can help streamline your user permissioning and password resets, as well as better prepare your organization for internal and external audit compliance.[Read More]
Today signals the kickoff of the RSA Security Conference in San Jose, California. This year's conference will see more than 275 exhibitors and a host of speakers, including IBM's Doug Conorich, who will head a session on "Lessons Learned from Network Break-Ins." Doug works with IBM's Managed Security Services organization.
Also speaking at RSA from IBM will be Anthony Nadalin, a distinguished engineer with our Tivoli software team. Anthony will be providing an overview of "Model Driven Security Architecture," which takes a business application lifecycle management approach to building in layers of security and authorization for a service-oriented architecture. (Get a deep dive in this article from the IBM Systems Journal.)
C:NET provides some setup overview coverage here, citing that this year's conference agenda dutifully acknowledges that security has moved out of the server room and into the boardroom.