Google and the Schmidt-Schneier Privacy Duel

Security expert Bruce Schneier responds to comments from Google CEO Eric Schmidt that perhaps people shouldn't do something they don't want Google to learn about through its search engine. Schmidt also noted that Google does not abuse the information it collects on people because it would damage users' trust in the company and send them to Microsoft Bing, Yahoo or elsewhere for search. Perhaps Google should create some sort of instant analysis engine that gleans user data as it enters the system, uses it to improve search -- think personalized search in real-time -- and then nukes it into the digital boneyard forever.

News Analysis: When CNBC's Maria Bartiromo asked Google CEO Eric Schmidt if people should treat Google as their most trusted friend Schmidt stepped into the damned-if-you-do, damned-if-you-don't pitfalls all companies who harvest computer users' data find themselves in at one point or another.

This is how Schmidt responded to the question in the "Inside the Mind of Google" segment CNBC aired Dec. 3:

"I think judgment matters. If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."

Of course, privacy and security pundits had a field day when they learned of Schmidt's comments, which point to a certain liberty Schmidt and Google are taking: that people shouldn't do anything that they would be embarrassed about, or do anything that might implicate them in criminal or other matters. The suggestion is that perhaps some people shouldn't use search engines because they will be, well, exposed.

Bruce Schneier, a renowned security expert, responded accordingly:

"Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance. We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.

For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that -- either now or in the uncertain future -- patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable."

Ironic that Schneirer notes that people will lose their individuality because everything Google does is geared toward dissecting users' collective Web surfing habits and serving them ads based on their interests. By granting Google our user data, we may feel as though we cannot deviate from socially accepted, normal behaviors because it might be used against us.

Bartiromo also asked Google CEO Eric Schmidt if he sees Google as the most powerful company in the world. He was genuine when he said: "No, not at all." "You have a lot of information though about people..." Bartiromo responded.

"But we don't use it and we don't misuse it," Schmidt said. "We could misuse it, but if we did, we would quickly become much less powerful because everyone would flee to our competitors. So part of the answer to the criticism, that's implied by your question... is that if we broke our trust with end users, they would leave and we wouldn't be very important anymore."

It goes to Google's whole "the competition is just a click away" campaign. Google's position is that people should trust their data with the company because it would not do anything with it to break that trust.

Google may well not abuse user data, but who is to say authorities won't under the Patriot Act, whose latitude is suspect to the point of being Orwellian? This is what keeps privacy advocates up at night and part of what makes Google a target for federal scrutiny.

So what is the solution? Forget data anonymization because no one is quite comfortable with that. Perhaps Google should create some sort of instant analysis engine that gleans user data as it enters the system, uses it to improve search -- think personalized search but in real-time -- and then nukes it into the digital boneyard forever.

Earlier this week Google proved it can index search results in real-time, so the idea that Google could create algorithms to scrape useful user data and do real-time analysis that helps construct contextual advertising targeting is a real possibility.

That way Google wouldn't have to store user data and mask it with anonymization techniques. Google likes to solve technological challenges, so it makes sense that it would turn to technology to solve any privacy problems.