http://www.spiegel.de/international/ger ... 46,00.html
Does Google Know Too Much?
By Julia Bonstein, Marcel Rosenbach and Hilmar Schmundt
Google gathers so much detailed information about its users that one critic says some state intelligence bureaus look "like child protection services" in comparison. A few German government bodies have mounted a resistance.
The little town of Molfsee, near Kiel in northern Germany, has three lakes, an idyllic open-air museum and a population just under 5,000. It’s not the likeliest place to declare war against a global power. Yet Molfsee has won the first round of a battle against a powerful digital age opponent.
Germany is skeptical.
The source of friction is a fleet of dark-colored Opel Astras. The cars caused a stir when they started cruising the streets of German cities over the last few months, sporting roof-mounted cameras that record 360-degree images from 11 lenses. Some of the vehicles bear the name of the company that sent them on this massive photographic mission: Google.
"Street View" is the name of the service offered by Google. The California-based Internet company is photographing city streets all over the world, linking the images to digital maps and making the whole package available on the Web. Anyone with an Internet connection will then be able to call up not just a "Google Map" but pictures of the area as well. The company also plans a feature to let users take a virtual stroll through a city.
The camera-wielding Astras haven't come to Molfsee yet, and local Google opponents want to keep it that way. Some of them have resorted to local law. According to a road traffic act passed in the town, Google would need a special permit to drive and photograph in Molfsee. Local politicians have refused to issue the permit.
That decision has had a ripple effect throughout Germany. The state parliament in Schleswig-Holstein, where Molfsee is located, discussed Google's project in early October. There's even been talk of introducing legislation at the national level. Schleswig-Holstein's top data protection organization offers a downloadable sign on its web site, to be printed and placed on citizens' front lawns: "No pictures for Google Street View."
Google in the Real World
The outrage spreading from the northern state of Schleswig-Holstein down to the rest of the country is something new and potentially damaging for Google. So far the company, founded by computer-scientist entrepreneurs Sergey Brin and Larry Page, has maintained a mostly clean reputation. The brand calls up an image of well-engineered Web applications provided -- for free -- by two nice young men in Mountain View, California.
But with Street View the corporation is appearing in the real world for the first time, and not everyone is pleased. “These pictures, which are available for retrieval worldwide over the Internet, could easily be linked to satellite photos, address databanks and other personal data,” warns Peter Schaar, Germany's Federal Commissioner for Data Protection.
With just one click, Schaar suggests, it would be easy to check out the condition of, say, a residential building. Banks could use the information to raise a mortgage rate. Burglars could use the images to case a home.
Google's Internet empire has become a political issue here. And only a fraction of the company's data comes from the car-mounted cameras. There’s also the popular Gmail service ("Google Mail" in Germany), the YouTube video portal, a social network called Orkut, and the Google Desktop program, which allows users to search their own computers.
The company has also introduced its own browser, called Chrome. And it's entered the world of mobile communication with a new cell phone operating system called Android. The first Android-compatible phones all but sold out before the official market launch in the US last week, with 1.5 million advance orders.
With its services, Google has established itself as a global online power in just a decade. Through massive acquisition of Internet services -- like YouTube -- it has built itself into a data-collection empire. One click by a user lets Google take search data, along with a date and time, as well as specific details like IP addresses, the type of browser used, language settings and even log-in user names
It’s also well-known that Google checks for keywords in the content of e-mails sent through its mail program, then displays relevant advertisements in a sidebar. This clever exploitation of information for direct advertising has turned Google into a multi-billion-dollar organization. The company brought in over $16 billion in revenue last year.
This is what makes the debate in Germany such bad news for the corporation. Denying Google data cuts to the heart of its business model. More and more customers are wondering: What does Google know about me?
Well, compared to what Google knows about us, many intelligence agencies look "like child protection services," says Hendrik Speck, professor at the applied sciences university in Kaiserslautern, a southwestern German city. Theoretically, he says, Google could record a query for pregnancy tests, then nine months later provide advertisements for diapers. Or -- six years later -- it could show offers for after-school homework help.
"The more data Google collects from its users, the higher the price it can ask for advertisements," says Speck.
A 'Data Monster' Image
The man whose job it is to allay such concerns operates from a classy address in the heart of Paris, the Avenue de l'Opéra. Nothing at the building's entrance indicates a connection to Google. The world's most effective data collector depends on discretion. Peter Fleischer is a wiry forty-something in a T-shirt, also known as Google's "Global Privacy Counsel."
Fleischer likes to talk about balance -- finding a reasonable compromise between the breakneck pace of Internet development and the inertia of the legal system. In the case of "Street View" images, the current compromise involves image recognition software, which automatically searches for license plates and faces in order to blur them out. People who find themselves in the pictures can also complain, and the images will be removed.
Offering information, and taking it.
That solution sounds clean, but the reality is messy. A horse pulling a carriage in New York City may be recognized as a face, blurred out, while an Australian man photographed lying drunk by the side of the road remains vivid and visible to the world. He complains, but it’s too late: copies of his picture have already circulated on malicious Web sites.
As the company’s head of data protection, Fleischer is in charge of protecting hundreds of millions of users' data -- 29 million in Germany alone. It’s also his job to assuage the growing unease on the part of many users and politicians about the Google "data monster."
The Molfsee citizens' concerns are just as unfounded, Fleischer says, and for the same reason: "We collect a lot of data, but nothing that identifies any particular person," he insists.
For Gerald Reischl, author of a book in German called "The Google Trap," such assurances aren't enough. The corporation's "machinations, hunger for power and dominance need to be scrutinized," says Reischl. Even those few Internet users who don’t regularly access Google sites end up with their data accessible to the company anyway, thanks to a program called "Google Analytics."
Google Analytics is a free program for web site owners to keep track of usage patterns on their site. The data is also saved by Google. Some sites don’t even mention this to their users. "Analytics is Google's most dangerous opportunity to spy," says Reischl. According to some estimates the software is integrated into 80 percent of frequently visited German-language Internet sites.
SPIEGEL ONLINE no longer uses Google Analytics. "We want to ensure that data on our users’ browsing patterns don't leave our site," says Wolfgang Büchner, one of SPIEGEL ONLINE's two chief editors.
But what happens to the client information sent over to the United States? How is it organized? How long is it stored? Who's allowed to see the data -- and how can it be deleted?
According to Fleischer, such concerns are unwarranted. "We don't know our users," he says, "nor do we want to." He says Internet logs aren't related to individuals, and stored IP addresses are nothing but numbers that connect computers to each other. Under no circumstances, says Fleischer, would data from a conventional Internet search be combined with the personal information saved through a service that requires a login, such as Gmail.
Thilo Weichert, head of Schleswig-Holstein’s Independent State Agency for Data Protection, based in Kiel, can relate experiences to the contrary. His experts test each new offer from Google and regularly diagnose aspects that conflict with Germany’s data protection laws.
Google’s German headquarters tends to react negatively to Weichert’s name. He doesn’t give them an easy time: The data protection specialist from northern Germany has already issued a public warning on the Analytics program. "Most users of the product aren't entirely aware that by operating Google Analytics they're utilizing a service that transfers data to the United States, to be broadly used and exploited," he has written. "This violates the data privacy laws protecting those who use the Web sites." Google reacted with a letter to the governor of Schleswig-Holstein, warning of economic losses and demanding that Weichert be called off his attack.
Such reactions only incite Weichert. "The company operates in an unacceptably non-transparent manner," he says. "Their users are basically standing naked in front of them, and Google itself discloses only what is absolutely necessary about its data handling strategy, and then only under pressure."
The company does tend to take action only when directly criticized. Its original policy for storing IP addresses connected to online queries was open-ended. After massive criticism, Google agreed to make the data anonymous after 18 months, then finally changed the period to nine months. The process has been similar with the Chrome browser and with Street View. Weichert wants to address these issues when Germany’s data protection officials meet in Düsseldorf in November. He will argue for making Schleswig-Holstein's critical stance against Street View a national policy.
Meanwhile, a top data protection specialist at Google named Peter Fleischer likes to talk about what’s to come. “Google Health” is a databank where patients can store their medical records and retrieve them over the Internet. This service could radically change the nature of the health system -- and it could change Google itself as well. When the topic turns to health, most users are likely to sit up and take notice. They start asking what happens with their data.
Google Health has been offered so far only in a test version, but it’s brought about something new. The company has established a committee of independent experts to oversee the security of patient data. Now critics say it’s time for a similar body to oversee the corporation as a whole.
"We're thinking about it," Fleischer says. But he adds that privacy protection has to be weighed against the security interests of the user. He concludes with his favorite line: "We have to find a reasonable balance."
It was a little difficult, but I did google it.
)
