"Through sheer ambition, it is risking the goodwill it built up as a scrappy startup with naively benign objectives," said Schatsky. "It's very dramatic to see the change in public perception from technology wunderkind to Big Brother."
Privacy advocates fear that Google is collecting too much data about its users' search habits.
"Google is amassing an enormous amount of information about people, and it's not just public Web pages," said Bruce Schneier, founder and chief technology officer at Counterpane Internet Security Inc., a security managed-services and consulting firm. "There are enormous concerns that Google knows too much about you." Schneier also worries about the "inadvertent" aspects of Google's products and services that put users at risk. "Google's search engine is so good that hackers can use it to search for vulnerabilities that can be exploited," he said. "We've seen worms that use Google as a reconnaissance tool. These are very serious things that Google needs to address."
A major privacy issue that Google refuses to discuss has to do with its policy on complying with law-enforcement requests for data, said Chris Hoffnagle, legislative counsel for privacy group Electronic Privacy Information Center (EPIC). "On the commercial side, Google's policies look pretty good: they're very clear that they don't sell data to other companies," said Hoffnagle. "But they have refused to comment on the legal side. You have all these different products collecting information, and it becomes a pretty comprehensive and centralized database about individuals. How is Google handling requests from law enforcement? They won't say, which makes me believe that they know their policy is unpalatable."
Simson Garfinkel, a fellow at the Center for Research on Computation and Society at Harvard University, and the author of "Database Nation: The Death of Privacy in the 21st Century," said that Google has done a better job than most companies in making its policies both clear and understandable. "Unfortunately, it is at a disadvantage because of the lack of strong data-protection legislation in the United States," said Garfinkle. "Google should have a chief privacy officer. I don't understand why it hasn't created this position."
