The Future of Google: Privacy

One of the key issues surrounding Google at present is consumer perception of the privacy of the data they store within the company's systems: primarily in GMail and Google docs. Over the years since these services were launched, I have seen negative comments from the media (for example the BBC) as they believe that, as the company produces contextualised advertisements from their data, the company is then reading their data and has access to their intellectual property. Having a mission statement which says that the company will not abuse the privacy of consumer's data may not be enough.

To counter this misconception I propose a system where, for a nominal fee, Google implement public-key encryption (secured by each user's Google Account password) where all data stored by that consumer is transparently encrypted by the popular and trusted encryption software GPG. To do so would require explicit on-screen warnings before activation stating that if the user's password were lost, their data would be completely inaccessible and unrecoverable. It is likely that most users may not wish to accept this, so an alternative would be to found in the form of a secondary key, held by a trusted third party, which would allow them to revoke the primary key and re-encrypt the data. There are a number of research papers discussing encryption key escrow systems by such bodies as the Center for Democracy and Technology, which should be considered before this could be implemented commercially.

Regulatory Issues

Once data held by Google becomes encrypted, it is covered by the Regulation of Investigatory Powers Act Act here in the United Kingdom which allows law officers to demand that individuals under investigation surrender their keys or risk prosecution. Google's liability risk is mitigated by this law as it places the liability for encrypted data upon the shoulders of the individual citizens concerned, in a similar manner to the way “Safe Harbors” are implemented within the United States' Digital Millennium Copyright Act.

Consumer and Business Appeal

I believe that this would create a new revenue stream from consumers who are wary of Google's treatment of their mail and would reduce the reservations that businesses have in handing over confidential data to an online-only system. Implementation into Google Gears for offline access, however, may become a problem as Gears is a Javascript-based framework which may not have sufficient processing power to handle the encryption/decryption required to make this work.

Estimated return on investment: with 146m users monthly, at a 0.1% take-up, annual revenue is $29m based on proposed prices.