Google: How Many Achilles’ Heels
September 14, 2008
The essay “Another Step to Protect User Privacy” on the Official Google Blog triggered a wave of commentary on Web logs and news services. I’m writing this commentary on September 9, 1008, but it will post on Sunday, September 14, 2008, as I fly to the Netherlands for a conference. I won’t rehash the arguments stated ably and well in the hundreds of links available on various news aggregation sites. Instead, I want to highlight the key sentence in the post and then offer several observations. For me the key sentence was:
We’ll anonymize IP addresses on our server logs after 9 months.
The rule of thumb in online information is that the most current data are the most useful. In any online system, historical data are useful as a base. The action is the most recent data. I’ve seen this in the most accessed documents in a commercial database, in our Point (Top 5%) of the Internet service in the mid 1990s, and I see it now on this Web log. This means that nine months is a long time when it comes to log and usage data. Think of the baseline of data as a bank filled with gold bricks. The current and timely data are the load bearing ore. Once processed, the high value component can be put in the vault and tapped when needed.
You don’t need me to reinterate that the issues of privacy and security are important. Both are intertwined, and I am uniformly critical of online systems that don’t pay much attention to these issues. Martin White and I have a new monograph nearing completion, and we are collaborating on the security section. I won’t repeat our arguments in detail. A one word summary is “Important”.
Privacy and security, therefore, are an Achilles’ heel for many companies, including Google. Google gets headlines because people have been slow to realize what the company has been building for upwards of a decade. Messrs. Brin and Page started with BackRub, learned from AltaVista.com, benefited from the portal craze, borrowed the Overture ad model, and befuddled everyone with lava lamps. Now folks are starting to realize that Google is a different kind of company. I won’t even say “I told you so.” My Google studies made this clear years ago.
The thoughts in my addled goose brain are the following:
- Google is not a search and advertising company. Those are applications running on what Google is. The company is the 21st centruy version of Ma Bell, US Steel, and Standard Oil. The problem is that those outfits were confined to one nation state. Google is supra national; that is, it’s opeating across nation states. This makes it tough to regulate.
- Security and privacy are one point of vulnerability, but one off challenges won’t make much difference.
- Google’s diffusion of its origional ethos is another Achilles’ heel. In the last year, the company has been dinged for going in many directions with little apparent focus. I’m not so sure. Google’s quite good as misdirection.
- Google’s now in the public eye, and the company is finding itself having to reverse directions, often quickly. The license agreement for Chrome is one example. The change in user data retention is another.
How many Achilles’ heels does Google have? I refer to Google as Googzilla and have since late 2004. That means that there are four key vulnerabilities that Google has. So far, none of the charges directed at Google have aimed at these weaknesses. As long as the critics target Google’s tough, protective hide, there is little chance of [a] leap frogging Google’s technology or [b] knocking out one of its four legs.
Stephen Arnold, September 14, 2008