According to the BBC, the Buzz development team bypassed Google's standard trial and testing procedures in order to launch the product quickly. Apparently, the company only tested it internally with Google employees and failed to test the product with a more diverse range of users who are more likely to have brought up the issues which were so glaringly obvious after launch. Google has apologized and moved to correct the most eggregious privacy flaws, though problems - including security issues - continue to be raised. PC World has a good overview of Buzz's evolution since launch.
Meanwhile, damage has been done not only to Google's reputation but also to an unknown number of users who found themselves and their contacts exposed in ways they did not choose or want. Exposing vulnerable users without their knowledge or choice even for a few hours can potentially have irreversible consequences. While Google is scoring some points around the tech policy world for reacting quickly and earnestly to the strident user outcry, the Electronic Information Privacy Center (EPIC) has filed an official complaint with the FTC, and that Canada's Privacy Commissioner has expressed disappointment and asked Google to explain itself. (UPDATE: A class complaint has been filed in San Jose, claiming that Google broke the law by sharing personal data without users' consent.)
Earlier this week I asked people in my Twitter network how they're feeling about Buzz after the fixes they've made. Some are now reassured but others aren't. For example, Joseph Lorenzo Hall wrote:
@rmack totally lost me for good.. I just can't believe that they won't do it again. It will have to be very useful/different to get me backSome are leaving GMail altogether. Judson Dunn reported:
@rmack my boyfriend deleted his long time gmail account for good :(I was so concerned about exposing people in my GMail network during the first week after launch that I stayed off Buzz entirely until Monday afternoon. By then I felt that the worst privacy problems had been fixed, and I understood well enough how to tweak the settings that I could at least go in without doing harm to others. After playing with it a bit and poking around I posted some initial observations and invited the people in my network to respond. There are still plenty of issues - some people who claimed in Twitter that they had turned off Buzz are still there, and I think Buzz should make it easier for people to use pseudonyms or nicknames not tied to their email address if they prefer. From Beijing, Jeremy Goldkorn of the influential media blog Danwei responded: "I like the way Buzz works now, and it seems to me that the privacy concerns have been addressed."
I've noticed that some Chinese Buzz users have been using it to post and discuss material that has been censored by Chinese blog-hosting platforms and social networking sites. If Buzz becomes useful as a way to preserve and spread censored information around quickly, it seems to me that's a plus as long as people aren't being exposed in ways they don't want. My friend Isaac Mao wrote:
It's more important to Chinese to make information flowing rather than privacy concern this moment. With more hibernating animals in cave, we can't tell too much on the risks about identity, but more on how to wake up them.The "Great Firewall" is already at work on Buzz, at least in Beijing. While most people seem to be able to access Buzz through GMail on Chinese Internet connections, numerous people report from Beijing that at least some Google profiles - including mine and Isaac's - are blocked, though people in Shanghai and Guangzhou say they're not blocked. Others in China report having trouble posting comments to Buzz, though it's unclear whether this is a technical issue with Buzz or a Chinese network blocking issue, or some strange combination of the two. [UPDATE 2/21: Isaac (at the bottom of this buzz thread) and others (including somebody in the comments section of this post) report that our Google profiles are now accessible. It's not clear why they weren't at least for some people before.]
Buzz has unleashed some potentials on sharing which just follows my Sharism theory, people actually have much more stuff to share before they realize them.
But I agree with any conerns on privacy, including the risks that authority may trace publishers in China. It's very much possible to be targeted once they were notified how profound the new tool is.
It will be interesting to see how things evolve, and whether activists in various countries find Buzz to be a useful alternative to Facebook and other platforms - or not. Whatever happens, I do think that Google fully deserves the negative press it has gotten and continues to get for the thoughtless way in which Buzz was rolled out. There are senior people at Google whose job it is to focus on free expression issues, and others who work full time on privacy issues. Either the Buzz development team completely failed to consult with these people or were allowed to ignore them. I am inclined to believe the former instead of the latter, based on my interactions with the company through the Global Network Initiative and Google's support for Global Voices. Call me biased or sympathetic if you want, but I don't think that the company made a conscious decision to ignore the risks it was creating for human rights activists or people with abusive spouses - or anybody else with privacy concerns. However, if we do give Google the benefit of the doubt, then the only logical conclusion is that in this case, something about the company's management and internal communications was so broken that the company was unable to prevent a new product from unintentionally doing evil. Nick Summers at Newsweek thinks the problem is broader:
Google is so convinced of the righteousness of its mission statement that it launches products heedlessly. Take Google Books—the company was so in thrall with its plan to make all hardbound knowledge searchable that it did not anticipate a $125 million legal challenge from publishers. With Google Wave, engineers got high on their own talk that they had invented a means of communication superior to e-mail—until Wave launched and users laughed at its baffling un-usability. Last week, with Buzz, Google seemed so bewitched by the possibilities of a Google-y take on social networking that it went live without thinking through the privacy implications.
Whatever the case may be in terms of Google's internal thinking or intentions, we have a right to be concerned. Too many of us depend on Google for too many things. They have a responsibility to netizens around the world to develop more effective mechanisms to ensure that the concerns, interests, and rights of the world's netizens are adequately incorporated into the development process.
I'd very much like to hear your ideas for how netizens' concerns around the world - particularly from at-risk and marginalized communities who have the most to lose when Google gets things wrong - might be channeled to Google's development teams and product managers. Rather than wait for Google to figure this out, are there mechanisms that we as netizens might be able to build? Are there things we can proactively do to help companies like Google avoid doing evil? Can we help them to avoid hurting us - and also help them to maximize the amount of good they can do?Powered by ScribeFire.
Google's premature rush to rollout Buzz may very well have to do with its ongoing discussion with China over the google.cn affair. Buzz raises the stakes, even though it first appeared as if Google was delivering a New Year's gift to China as mentioned in last week's Morozov article. By linking Buzz with Gmail it has put China in the position of possibly taking another international censorship hit if they end up blocking Gmail, both http and https. This may very well be an interesting strategy poorly executed. Though they have corrected some of the privacy issues, they aren’t off the hook for not externally testing a new product, despite CEO Schmidt’s “nobody was harmed” statement yesterday. One has to wonder what Google’s intentions were for stupidly rushing Buzz into all Gmail accounts. I have written about this extensively on my blog over the past week.
Posted by: Jim Gourley | February 18, 2010 at 08:33 AM
they might have botched the launch of Buzz because they overlooked a couple of factors, some of the complaints were overblown and some were justified but Buzz has potential, it incorporates open protocols and built upon open standards it can utilize the social web concept in which the whole Internet is your social network and you are not limited to an enclosed specific social environments and from there the potential for overcoming government firewalls and censorship efforts is huge.
they are working hard to mend things i say lets hold further judgment until we see the following iterations on this new service.
Posted by: Jon | February 18, 2010 at 10:17 AM
Excellent post. Of course if Google continues to treat privacy cavalierly, then it won't do any good to channel our concerns and feedback. However if they decide to treat this fiasco as an opportunity to wake up to their responsibilities as a huge and successful corporation, then we should think about how we as netizens can help. At Microsoft in the early 200s, the FTC consent decree with Hotmail and the Windows Media Player "phone home" fiasco were watershed moments in getting the company to take privacy a lot more seriously. Let's hope a similar thing happens here.
Shameless plug: this is the kind of topic we discuss at the Computers, Freedom, and Privacy conference (where Rebecca gave a great keynote last year). It's in San Jose, California, this year, June 15-18 ... and there are still a few days left to submit proposals. Please do!
jon
Posted by: jon | February 18, 2010 at 10:20 AM
Good write-up. Like many other people, I found this quite troubling.
However, let's not forget that Gmail still has two huge privacy advantages:
1. It does not transmit your IP address to the recipients of your emails, if sent via their webmail interface. So they can't check from which geographic region you sent the mail, or (if you are working at a university or big enough company and are using Gmail to send private mails from your workplace) to identify your employer.
2. It has long offered complete SSL encryption and recently has made it the default (after some prodding in the form of an open letter from security resarchers). The importance of this for people living under an oppressive regime should be well-known.
Can anybody recommend a reasonable alternative to Gmail which offers these two?
(Posted earlier at http://www.freedom-to-tinker.com/blog/rmackinnon/google-buzzkill)
Posted by: Anonymous and prefer to remain so | February 20, 2010 at 03:07 AM
I can access your Google profile and Isaac Mao's profile without any problems in Beijing.
Posted by: Blake | February 21, 2010 at 11:12 PM