Wrong kind of buzz around Google Buzz

The launch of Google Buzz has set various parts of the technology blogosphere afire -- and for all the right reasons: it does introduce a number of interesting social features that could make our email experience more social (whether it has to be more social is a different question).

However, what tech pundits have mostly overlooked is a peculiar privacy choice made by Google's designers: unless you tinker with Buzz's settings, a partial list of your most-emailed Gmail contacts might be automatically made public (see this post over at Silicon Alley Insider; it appears that contacts  those who already had a Google Profile account before Buzz are at risk; also see this excellent and very angry post at CNet for additional background. UPDATE: Google has promised to fix some of these problems).

Yes, that's right: without you ever touching Google Buzz's privacy settings, the entire world may know who you correspond with (yes, including that secret lover of yours and that secret leaker at the White House).

This could be an extremely uncomfortable and tragic privacy disaster for Google, potentially of the same magnitude that Beacon was toFacebook.   I certainly don't have many concerns about those who are cheating on their spouses or are leaking sensitive information to journalists-- they will survive (even though the future of whistle-blowing does not look very bright in our increasingly overexposed information environment).

Nevertheless, I am extremely concerned about hundreds of activists in authoritarian countries who would never want to reveal a list of their interlocutors to the outside world. Why so much secrecy? Simply because many of their contacts are other activists and often even various "democracy promoters" from Western governments and foundations. Many of those contacts would now inadvertently be made public.

If I were working for the Iranian or the Chinese government, I would immediately dispatch my Internet geek squads to check on Google Buzz accounts for political activists and see if they have any connections that were previously unknown to the government. They can then spend months on end drawing complex social circles on the shiny blackboards inside secret police headquarters.

But potential risk from disclosing such data extends far beyond just supplying authoritarian governments with better and more actionable intelligence. For example, most governments probably already suspect that some of their ardent opponents are connected to Western organizations but may lack the evidence to act on those suspicions. Now, thanks to Google's desire to make an extra buck off our data, they would finally have the ultimate proof they needed (if you think that this is unrealistic, consider this: the Iranian authorities have once used membership in an academic mailing list run out of Columbia as evidence of spying for the West).

It's business decisions like this that make me very suspicious of Google's highfalutin rhetoric about their commitment to defending the freedom of expression. From a business perspective, such decisions do make some sense -- how else, after all, can Google Buzz compete with Twitter and Facebook, who are already light years ahead of Google in terms of building up their user base -- but the ethics of such business decisions is extremely shoddy, to say the least. If Google executives are really committed to defending the freedom of expression, then they must be inhabiting a dreamworld, where freedom of expression somehow always survives despite horrendous attacks on privacy.

The relationship between privacy and free speech has been a subject of contentious debate between legal scholars -- with people like Eugene Volokh arguing that excessive protection of privacy, no matter how appealing, could also harm free speech -- but what I often found puzzling about such arguments is that they don't seem to account for the fact that, without privacy, it's also very hard to exercise one's right to free expression. Isn't freedom of expression of a rather limited value when one is conversing under constant electronic surveillance? For anyone interested in how we should think about privacy in the digital age -- and why it still matters -- I highly recommend Helen Nissenbaum's new book Privacy in Context: Technology, Policy and the Integrity of Social Life.

I am yet to hear a Google executive mention privacy as one of the values that are constitutive of the freedom of expression. Whenever theytalk about the latter, they always make it very clear that privacy inhabits a completely different universe. I think they operate on a very flawed logic, which makes all their other efforts on this front look very insincere. Moreover, I think it is likely to cause Google much more damage in the long run: what's the point of protecting the email accounts of Chinese human rights activists if you tell the rest of the world who those people are talking to?

Seen from this perspective, a recent decision by the Iranian government to ban Gmail and create their own national email system -- something that must have been inspired by Turkey's Anaposta project-- does not sound that bad. After all, it's probably better to have activists stop using Gmail than to watch them expose their connections to government's agents. I can only hope there will be enough anger in the technology community to force Google reconsider their decision to disclose information that is extremely sensitive and should never be disclosed without prior consent from its users; in the future, all similar sensitive data decisions like should be "opt-in" not "opt-out" by default.

Otherwise, all their promises about their stance on freedom of expression is just empty talk. Their recent partnership with NSA does not make Google look any more trustworthy; Chris Soghoian, an expert on information security, made a hilarious point on Twitter: "How do I sign up for the Iranian government's new emailservice? At least they are not in bed with NSA."