Not that anyone is offering, but Google's IPO is probably something I am going to pass on. I love the engine and am fond of saying "if you can't find it on Google it doesn't exist", but it's quite different when you look at it from an investment perspective. For now, Google is a one-trick pony, less revolutionary than Netscape in its day, and vulnerable to predators large and small. Google's leadership certainly knows this, and is racing to develop additional services to diversify and stay one step ahead of the competition. I wish them well. A new service, which is not yet available for general release but has already drawn the wrath of several privacy advocates is Gmail. Listening to some of these people, you would think that John Poindexter had moved his Total Information Awareness project from DARPA over to Google.
Google astounded the Internet when they first announced Gmail: one Gigabyte of free email storage - several hundred times more storage space than the competitors, with archived email organized and easily accessible like everything else in Google's universe. A very cool concept - so cool that some beta testers were offering their beta accounts for sale on eBay. But the day after the announcement provided a nasty hangover courtesy of some privacy advocates. A shocker - Google wasn't providing a much improved webmail service out of a sense of community, but they had a clear profit motive and plan.
Gmail seeks to capitalize on the archival of messages by delivering relevant advertising content as you read messages. How do they intend to do this? By reading your email, of course, and cross referencing the content with keywords designated by the advertisers. So, presumably if you are engaging in an email thread with a friend about the fact that you plan to buy a car, you will see automobile advertisements. Obviously Sergey Brin doesn't have time to read this email personally, so the work is done by bots, similar to Google's existing search bots, but tuned for this task.
Privacy groups jumped on this service as though the Bill of Rights was being put through a shredder. How dare Google read someone else's mail and what else might they do with this information? Some of these folks quickly made the jump from decrying the service to demanding that Google discontinue it, at least the part that they can make money off of.
The first thing I'd like to say is that this is a voluntary service, if you believe that this service violates your privacy in any way, don't join up.
The second thing I'd like to add is that if you do use Gmail, it won't be the first and only application that is reading your data and trying to understand context. If you are one of the many of us dependent upon Microsoft Office, Word has been reading your words: making sure they are spelled right, making sure the grammar is sound (I ignore this feature, obviously) and providing you with a multitude of formatting tips. I don't really know what the distinction is, and what would prevent Microsoft from collecting and forwarding juicy bits of data out of Office documents such as pre-released earnings numbers and executive memos - besides sanity, that is. It is a hot trend within the information security industry itself to utilize technologies to learn about the behaviors of networked systems and try to identify the anomalies that occur, which may indicate some sort of a security breach - these same technologies read your sensitive data.
Thirdly, if an advertisement is delivered to your inbox, how exactly is your privacy compromised and to whom is your personal information delivered?
The fourth thing I want to say is that this type of functionality sounds very much like the agents we were promised several years ago, tiny techno-butlers that are on the lookout for information that is important to us, either based upon pre-determined preferences or by letting these agents learn from our own behavior. The only difference is that this is a "virtualized agent", where the code that delivers personalized content is located somewhere else. It is ridiculous to assume that Google is secretly profiling Gmail users and all the dirty laundry contained in their email for nefarious purposes.
Chief Security Officers need to take a stand here. One side has to do with the traditional preservation and protection of proprietary intellectual property, which says that any public webmail system is not a good corporate custodian. From this standpoint, existing corporate policies regarding electronic mail usage, non-disclosure agreements and other dictates are likely sufficient to communicate the rules and keep corporate data safe. However, I would also like to see CSOs take a more sophisticated and nuanced position than the privacy shills, and recognize that there is a difference between software programs than deliver personalized content and the personal information itself. Let's not get confused between code and data - Google has developed a service based upon personalization software and is doing nothing with personal data. CSOs should appreciate this type of capability and support its intelligent usage. Why should CSOs care? Because your own company will someday want to provide a more personalized service to your customers and Gmail-type technology may be just the ticket. Don't paint yourself into a corner by not being able to make the distinction.
CSOinformer is edited by Jim Reavis, founder of SecurityPortal and longtime industry analyst. This monthly newsletter is targeted at people who must take a strategic, multi-year view of the information security industry, and we promise insights you will not find anywhere else.
CSOinformer is a service of Reavis Consulting Group, and is published on the second Tuesday of each month.