Google privacy chief blasts Microsoft’s “Scroogled” campaign at RSA Conference

Chief privacy officers at Google, Microsoft, Mozilla and Facebook go public

You know people are sensitive about their online privacy when Microsoft seeks advantage over Google by running TV ads that claim anyone using services like gmail gets "scroogled" because Google sells keyword and behavior data to marketers.

Google chief privacy officer Keith Enright, speaking on an RSA Conference panel this week featuring fellow chief privacy officers from Microsoft, Facebook and Mozilla, took the opportunity to shoot back at Microsoft’s "Scroogled" advertising campaign, which features people talking about how using gmail will result in getting advertising from marketers. The "don’t get Scroogled" campaign, which is running on primetime television and as an online petition against Google, is "misleading" and "intellectually dishonest," Enright said.

Microsoft’s Brendon Lynch countered that it was helping consumers "make an informed choice."

Not surprisingly, the panel drew a big crowd at the conference, with moderator Trevor Hughes of the International Association of Privacy Professionals keeping it lively by prodding panelists to share how privacy policy really evolves in the powerful organizations where they work. They acknowledged it can be an awkward balance between what might be the consumer's wish to be spared the subject of massive data collection and marketing, versus the corporate interest in making a buck.

"Someone's surprise in a negative way could be someone else's surprise in a positive way," Microsoft's Lynch said.

[FROM THE SHOW: Hot Products at RSA]

One big topic tackled by the panel is the push toward adopting "do-not-track" functionality in browsers, and Lynch said "privacy is increasingly becoming a feature," with Microsoft enabling this by default in Internet Explorer 10. He said Microsoft believes that 35% of its customers have indicated they are concerned about tracking of cookies.

Alex Fowler, chief privacy officer at Firefox maker Mozilla, said Mozilla's software development in terms of privacy-enabling features now adheres more or less to Apple's Safari browser model. By way of example, he said if someone looked at four sites one morning, it would be typical for 120 third-party companies to set 300 cookies, but at the browser re-set, those cookies would disappear. What Mozilla is doing is "not as extreme as stopping all cookies," he said.

RSA privacy

Privacy panelists at RSA Conference: Trevor Hughes, Erin Egan, Keith Enright, Alex Fowler, Brendon Lynch

Panelists seemed to agree that there is no complete "do-not-track" technical standard at the World Wide Web Consortium that would form a uniform basis for how cookies can be allowed or dis-allowed in a browser by the user and recognized by the web site. "We're working with the W3C to get the world to a place where there's a common standard," said Lynch.

Enright, senior privacy counsel at Google, made the argument for the role of advertising in enabling free services like gmail, though he admitted there's a need for balance.

But moderator Hughes noted that the privacy issues are only growing bigger, with powerful new technologies such as geo-location data from mobile devices only likely to give marketers more information about the consumers they want to reach. He asked what Facebook and Google have planned in that regard, say for instance with Google Glasses that people would wear.

Facebook's Erin Egan said it's an ongoing engineering discussion, with the knowledge that the potential is there that "in 10 years, everyone will know where everyone is." Facebook, like others, is examining geo-location as an interface with Apple or Google devices.

Google's Enright would only say location data might be "transient" or "permanent" as a persistent anonymous identifier, and the question of an "opt in" to have something done for you was under discussion. "It's about building a product that's valuable to users," he said, but admitted making any of these geo-location ideas adhere to government regulatory requirements related to privacy around the world would be "challenging."

Hughes posed a question about whether it's possible to actually "overbuild privacy" given that surveys show that consumers do love the free services they get.

Keeping it all free — or coming up with an alternative choice that would be a subscription-based model in which there would be a charge for services but no advertising or marketing — is something that has been discussed at Facebook, said Egan. But there's no indication this would happen.

These chief privacy officers say their role is having a say regarding the impact to user privacy in virtually all products and services that their companies roll out. One of the hard parts is striving to stay out of trouble with regulatory authorities around the world that may have strong and radically differing laws about protecting online consumer privacy.

One of the main struggles is explaining all this complexity about privacy and policy to the user in a straight-forward, easy-to-understand way. "We have to make sure everyone understands what our polices are," Microsoft's Lynch said.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies