This is a column I never expected to write and never wanted to write. It is part of the never-ending saga of corporate misbehavior, misrepresentation, and even lying at Google. Ok, if you are not a computer scientist, not familiar with the Google's claims and the actual facts, you might let them get away with calling this wriggling to escape responsibility. But this is all occurring, over and over, at the mother of "don't do evil" corporate culture.
"The design made me do it":
Systematic privacy violations at Google Play
The Facts: Google has been caught, again, in a systematic violation of their users' privacy. If you buy something from the Apple App Store it is a private transaction between you and the App Store. If you buy anything from the newsstand on the corner, maybe a newspaper and some gum for $.99, it is an anonymous transaction. But if you buy anything from Google Play, the Google App store, your personal information is transmitted to the seller. Your name and address, your email account information, even your telephone number. Really. For any transaction, no matter how small. This is not stated in Google's privacy policies for the app store, at least not in any way clear enough for users or sellers to figure this out. This surfaced only recently.
In this instance, the actual offense is less egregious than Google's response to it when caught. It is the systematic violations of the law and of its own consent decree, and its evasive and disingenuous response when caught, that justify a harsh response, not the details of this specific violation.
Google's Claims: We had no choice, we had to violate your privacy and we had to violate our own privacy policies on the app store. It's not our fault. The design of our app store made us do it. With our design, it was the only way to share enough information with the merchant for us to be able to complete the transaction. In an email that Google widely distributed, it defended its actions, saying simply, "Google Wallet shares the information necessary to process a transaction, which is clearly spelled out in the Google Wallet Privacy Notice." This is equivalent to saying "that because of our faulty design, we needed to share all of your information to for us to be able to complete your transaction." Likewise, it is equivalent to saying "that because we said we would share whatever information we needed to share, and because you should have known that we were using a unique and uniquely bad design, you should have known that we were sharing all of your information." No, Google did not say those last two things explicitly, but they are implicit in their defense, and indeed without them their defense is meaningless.
Analysis: Faulty design is never an excuse in a consumer product liability case as long as alternative designs were available and should have been known to the designer. Yes, litigation is more complicated than this. But legal precedents are clear. The Ford Pinto detonated during moderate speed rear end collisions because of a faulty design, Ford executives could have solved the problem but chose not to do so, and Ford was found liable. A jury awarded the two plaintiffs and their families $3 million in compensatory damages and $125 million in punitive damages. Faulty design is no defense in cases involving surgical implants, consumer electronics, or any other products. If you build a defective product and you know you are building a defective product, you can be held liable.
A simple alternative design was possible. Google could have chosen to download purchased apps direct from their app store, Google Play, with no sharing with the app developer of any personal or identifying information about the buyer. Google could have paid the developer directly, either with an individual transaction each time it concluded a sale, or with a simple bulk payment that transfers funds to the developer at the end of each day. We know this is possible because every retailer in the country, from online giants like Sears, to low-tech corner grocers, have figured out how to sell me towels and tangerines without giving my personal information to their suppliers. Apple's App Store works quite well, has sales significantly larger than Google Play, and operates without systematic privacy violations.
Most consumers would not have assumed that violating their privacy was an essential feature of transactions on Google Play. Designs that do not share merchant information with the ultimate manufacturer or supplier are possible. Indeed, such safe designs are nearly universal, the Privacy Notice on Google Wallet was at best misleading and at worst deliberately false.
Yes, it would be nice to provide the merchants with aggregate statistics, like how many customers purchase from different regions, or within different age groups. But technically there is no reason for any privacy violation to be built into the design.
If privacy violations are built into the design of Google Play, deliberately to enable snooping, accidentally because of incompetence, or for no reason at all, this is a violation of its customers' privacy. Since the systematic sharing of private information is not necessary to complete transactions, the fact that it was occurring should have been clearly declared in the Google Play statement of their Privacy Notice. Google has violated a public privacy statement, in clear violation of their Consent Decree, and has violated it over a billion times.
Proposed Remedy: It is clear that Google has once again violated consumer privacy, and once again has done so on a massive scale. It is clear that Google was aware that it was violating consumer privacy. And it is clear that the Google Play privacy statement misrepresented the privacy policies of Google Play.
Fortunately, there is a readily available remedy. Google is already under a consent decree for violation of its own privacy policies. The consent decree is clear enough and it imposes fines of $16,000 per offense per day for subsequent violations of its stated privacy policies. Google has already violated the consent decree once with virtually no penalty. This time the FTC might consider actually imposing the full penalty, perhaps to atone for its own violation of consumers' trust when it decided not to continue its investigation of Google.
At $16,000 per violation, times approximately 25 billion downloads from Google Play, the penalty for violating the consent decree could be as high as $400,000,000,000,000, or $400 trillion. A reasonable settlement would have to allow Google to pay that off over time. The $125 million judgment against ford was reduced by 97.5% on appeal; perhaps Google could get its penalty reduced to $10 trillion? Even that seems high.
The most reasonable solution might allow Google to negotiate the settlement down to a manageable sum, perhaps $16 billion. This seems like a large sum but it represents only 33% of the company's $48 billion in cash and short-term investments at the end of 2012. The remaining $9.984 trillion could remain as a suspended penalty, due the next time Google violates the consent decree.
Actually, splitting the penalty into a manageable $16 billion now and a contingent payment of $10 trillion in the event of future abuses, would have only good results. The most likely outcome is that the federal government would receive a massive cash infusion of $10 trillion, which would please me greatly; think of what that could do for Social Security, or education, or other worthy programs. Less likely, Google might actually impose some reasonable corporate governance mechanisms on its employees and introduce some form of compliance function, befitting its position as the 3rd largest company on earth. The second outcome, while unlikely, would please me even more.