I think the portion of that statement that's sparked the most outrage is the "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" part. That's a colossally boneheaded thing to say, and I'll bet Schmidt lives to regret being so glib, if he didn't regret it within minutes of it leaving his mouth. As many people have pointed out, there are a lot of things you could be doing or thinking about that you don't want other people to be watching or to know about, and that are not the least bit inappropriate for you to be doing, such as using the toilet, trying to figure out how to cure your hemorrhoids, or singing Miley Cyrus songs in the shower.
As Bruce Schiener points out in his prescient 2006 rebuttal of Schmidt's point:
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that -- either now or in the uncertain future -- patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
And this is even if you're not living under totalitarian rule and are only fearful of embarrassment. When you take into account the danger of an over-reaching government using what it knows about you to persecute you for your ideas, the thought of ubiquitous surveillance becomes even more terrifying.
What Eric Schmidt actually said isn't defensible, but what I think he was actually trying to say does deserve some consideration. The cautionary statement that makes up the second part of the quote is, I believe, quite worth saying. And worth remembering. For various reasons, Google and everyone else keeps information about the searches you've made, and these searches are associated with an IP address that, with the cooperation of your ISP, can be traced back to you. Unless you're purposely obscuring your actual origins using something like TOR, and assiduously managing your browser add-ons and cookies, you're going to be leaving a trail of breadcrumbs when you're conducting your normal business online.
Depending on which country you live in, government agencies have various powers to compel online service providers, such as Google and your ISP, to give them whatever information they might have about your identity and activities. As for the US, to which Schmidt was referring specifically, like it or not, the post-9/11 Patriot Act made it easier for law enforcement agencies to get this information. The only way for a company like Google to avoid having to give this information over is to either not collect it at all or not store it for very long. And this is where the conflict lies. Service providers have to make a tradeoff between convenience and privacy.
It's convenient for the service provider to keep your information, because your profile and history make it easier for them to customize their offering to you, both for your own benefit (targeted content) and theirs (targeted advertising). We even willingly sign up for services like this. I personally find it very convenient that when I'm logged into Google, I can go back through a history of my searches, to be reminded of a site I found a while back that I'd like to find again.
There's also a big difference between personal information that's being kept for a matter of convenience and information that's being kept because it's integral to the service's function. Obviously, there's no way to have any kind of webmail without the service provider holding onto an awful lot of very personal information. Even if Google were fanatical about expunging ephemeral personal information such as your search history, there's no way around holding onto all your embarrassing love letters or correspondence with Al Qaeda if you're using Gmail. And even if Google were scrupulous about never using or looking at your email that it holds for you, it's powerless to prevent the government from snooping in, in accordance with local law.
As more and more people are depending on online apps, and especially if Chrome OS and its ilk herald in wide adoption of computing devices that store much or all personal documents and data with online services, this tradeoff between convenience and privacy will come to the fore.
There are actually a whole multitude of privacy issues to worry about:
- The idea that governments have made it easy and automatic for themselves to gain access to private information online, and in many cases are data mining or surveilling everyone, not just crime or terrorism suspects.
- Private companies have in some cases been too compliant when the government has requested information even outside of what's required by law. (AT&T, for instance)
- Companies keep more information, and keep it longer, than they reasonably need, even considering their services' functionality and the convenience factor.
- People are ignorant or blasé about entrusting sensitive information with online services.
- People who would never trust some foreign totalitarian regime don't notice that their freedoms have been undermined by their own governments, usually in the name of fighting "terrorism" or "crime."
- Once governments have access to widespread surveillance powers, they always end up over-reaching, and use that surveillance in any way they see fit, not just for "anti-terrorism."
- Even when the government's not involved, there's always a temptation for a company to sell whatever information it has about you to whoever will pay, and once your data starts to spread through the marketplace, it becomes an easily exploitable commodity. Sensitive personal data on anyone can generally be bought for a few dollars.
- It can be extremely difficult to stamp out false or easily-misinterpreted information about you that's contained in the various commercial databases out there.
- You'd be astounded at what personal information about you any random private citizen has access to. Read this recent Wired story for an example.
- When you bring "black hat" techniques into the picture, your privacy is even more tenuous.
And even if your current government is virtuous, or the current management of a company is principled, you're always just one election, revolution or corporate takeover away from a new, less-ethical regime. If the infrastructure is in place for abusive surveillance, at some point it will be used. As they say: who watches the watchmen? This is why privacy advocates are constantly fighting the erection of scaffolding, even when most people find the scenarios far-fetched.
"Security by Obscurity" is a term of derision among computer security professionals. If your security regime isn't based on proper fundamentals but instead is based on tidbits of secret knowledge, it can be trivially easy to guess or brute-force the secret tidbit. And while it makes little sense for software engineers to depend on keeping the door key under the mat, when it comes to protecting your privacy, particularly from the government, security by obscurity can ironically be the most effective.
If you don't want governmental or corporate busybodies viewing or misusing your personal information, the best solution is to keep them unaware of it. Even strong encryption is inferior to old fashioned inaccessibility in the sense that a concerted effort can often thwart encryption, and even if it can't, the existence of mysterious encrypted data can arouse enough suspicion to prompt the law enforcement authorities to investigate other areas of your life with increased vigor. Keeping your personal information out of the hands of the myriad online service providers serves your privacy interests mostly because it's so easy for someone to gather up and analyze that data (without your knowledge) if it's out of your control. Of course, if you're so conscientious about good data security (such as encrypting everything) that you have an abnormal data profile, that can cause you to be branded a suspicious individual. So to some extent, there're security by obscurity in also trying to look like a normal person and blend into the crowd.
The important political point to make is that guarding privacy is a two-front battle: fighting against the erosion of freedoms leading to overly-powerful government, while also promoting good data security practices that would thwart abusive surveillance if it were to come to pass. In other words, fighting the totalitarian infrastructure while witholding the raw material that the surveillance society depends on.
So back to Eric Schmidt and Scott McNealy. Schmidt is correct that his company is powerless to withhold your information from the government, and is unwilling to sacrifice the features and convenience that Google users eagerly utilize every day. McNealy is correct in that we have less privacy than most of us think we have (though it's not zero). But they're dead wrong (and they should be ashamed) that there isn't a legitimate desire to keep private things private and that we should "get over it."