Hacking isn’t all about little guys and questionable governments. Hacking can be, and is also done by large companies, many of which we freely give troves of personal information. Take Google, for instance. Do you have a Gmail account? If so, think about all the information that has passed through that account. Google now has a copy of it. Surely they wouldn’t do anything nefarious with it, right? Well, they did with Google Buzz. While the idea of consent shouldn’t be a fuzzy gray area, it often is, and Google used that to their advantage.
So what happened? In 2010, Google casually dropped an email in every Gmail user’s inbox. They were promoting a new service called Buzz. The email was light on details, and prompted interested users to click a link to learn more. That seems innocent enough, until one realizes that link is an opt-in button for the service. One click and Buzz was enabled. Once activated, Buzz analyzed the user’s Google account, including their entire email history. Some information was made public by default, like who the user interacts with often (with full names and email addresses). Did users really consent to this? I would argue that they did not.
We’re all very familiar with the EULA – End User License Agreement. They can be dozens or hundreds of pages long, and few users ever read even the first line. Those who do are met with endless legalese that makes little to no sense for the average person. Sound familiar? The same thing happened a few years ago before the housing bubble burst. Thousands of families, who by all proper standards were not fit to have a mortgage, were pushed into signing cryptic documents on the premise of a mortgage. Many later discovered hidden fees and steep penalties lurking in those documents, and hundreds went into foreclosure because of them. The problem? They didn’t really understand to what they were agreeing. The same is true for Google’s user agreement. Nobody truly understands what we’re giving Google “permission” to do.
In this case, consent to Google’s user agreement could be called tacit. That is, we all check the box saying we’ve read and agreed, but don’t actually take the time to figure out what we’re agreeing to. In addition, a majority of users (in most cases) won’t take any action if they discover Google is doing naughty things with their information. A. John Simmons notes tacit consent is “given by remaining silent and inactive; …it is expressed by the failure to do certain things” (Simmons 279). By continuing to use Google’s services, even those not connected to Buzz, users tacitly consented to Buzz’s practices. Apathy can be dangerous, as seen with Buzz. Without taking any action, troves of personal information remained available with no protections. Was this right for Google to do? Absolutely not, and they received strong backlash for it. Tacit consent only worked as long as users remained ignorant of what was happening. With Buzz, that changed quickly.
On the idea of ownership (as it applies to consent), Google puts users in a predicament. In order to use Google’s services as advertised, and to their full capability, users must provide some amount of personal information. By actively providing this information, users are exercising explicit consent, in that the information is provided willingly. What’s interesting to consider is that at that point, who owns the data? Does it still belong to the user, or does Google take ownership once it’s on their servers? While John Doe still owns the rights to his own name, Google’s user agreement grants them the rights to do whatever they please with their copy of John Doe, and any other information connected to him. John wanted to use Google services, so he had to provide some of his information. In a sense, he entered into a social contract with Google, to which John Rawls notes, “unjust social arrangements are themselves a kind of extortion, … and consent to them does not bind” (Simmons 277). To reiterate, Google required information in order to use their services. The only alternative option is to not use the service, and we all secretly judge people who don’t have an @gmail.com email address. Enough said on that.
Like the newer Google+, the grand idea behind Buzz was to create a new social network—one that users would welcome into their private lives with open arms. Google’s aim was likely to collect information for marketing purposes, and provide ultra-targeted advertising and content suggestions based on email conversations and frequent contacts. Some people just don’t want that. Personally, I block all ads. If one slips through my filters, I block it manually. I don’t care what Google wants me to see; I care what I want to see. I consent to Google’s data mining to a very small extent, and I control my settings tightly. If they try to pull some shady business, I speak out (as should everyone). Advertising can be a cash cow, so Buzz was a great business idea. Google just took it way too far.
Reference: Simmons, A. John. "Tacit Consent and Political Obligation." Philosophy and Public Affairs 5.3 (1976): 274-91. Print.