A Gaggle of Monopolies

 

One of the peculiarities of monopolies in the age of Big Tech is how they tend to leverage quickly into a group of monopolies. 

Historically, building a monopoly was a rare business event, and it usually just happened in a single industry, like oil or finance. 

But the tech industry is different:  businesses build one monopoly (legally, let’s assume).

Then they quickly manage to leverage it into multiple monopolies across an array of businesses. 

You can read recent press reports about antitrust enforcement actions against Google and Meta, to take those prominent examples.  

Traditional antitrust/competition law developed to restrain individual monopolies from leveraging their existing monopolies unfairly into new markets.  But historical law seems to struggle with how to address this new phenomenon of companies that develop a portfolio of monopolies.  Of course, these tech companies leverage their monopolies to develop and support each other, in particular by sharing user data, given that all these monopolies are based on processing vast amounts of user data.  The more you have, the better you can leverage into a new market.  That’s why this antitrust/competition conundrum is also a privacy challenge.  Monopolies that process personal data and share them across their portfolio of services are processing personal data at a scale unprecedented in human history.  Europe took a first step to try to address this problem with its Digital Markets Act.  

We don’t have a legal word for a portfolio of monopolies.  Calling a company a “monopolist” doesn’t capture the nature of a portfolio of interlocking monopolies.  So, I looked to the wildly colorful words of English vocabularies to describe a group of animals, for inspiration.  

A bloat of hippopotamuses

A parliament of owls

A gaggle of geese

A flamboyance of flamingos

A murder of crows

A company of parrots

A charm of finches

A shiver of sharks

An aggregation of snakes

A gamble of alligators

A skulk of foxes

Antitrust/competition law will have to come up with new tools to deal with this new phenomenon of portfolios of monopolies, as will the field of privacy.  Any remedies that the authorities impose will need to take into account the nature of these interlocking monopolies.  And yes, forcing a company with a portfolio of monopolies to divest one of its monopolies might be the right way forward, or to stop it from acquiring new ones.  I doubt though that a “murder of crows” will suffer terribly if it loses one crow.  

But first, let’s find a name:  a “gaggle of monopolies”?, a “bloat of monopolies”?  Any of the above might do, with all due respect to the animals.  I’m happy to let Llama or Gemini choose.  

The end of US clouds in Europe?

 

How should Europe riposte to the Trump tariff wars? I visited with some friends in Madrid recently.

I was surprised how quickly the consensus was reached:  “it’s time to liberate ourselves from the US cloud providers.”

As background, if you don’t already know, the global market is dominated by three US cloud service providers:  Amazon, Microsoft, and Google, in that order of dominance.  It’s no secret that all three of these entities run giant tech monopolies in other markets, which they leveraged into the cloud market.  The cloud market isn’t particularly high-tech.  It’s more about scale:  the bigger you are, the more you can build a global infrastructure network and lower costs for all.  There are lots of smaller local competitors, but none can match the scale of the US giants.  

But Trump has changed the global understanding of the risks of entrusting your critical national infrastructure to three US companies.  Could Trump order these US companies to terminate their services, immediately, in Europe or any other country?  What was once unthinkable, is now a possible (hopefully, improbable) scenario.  European business and political leaders are now asking what they would do if the US government ordered these US cloud services to terminate them.  Bedlam hardly describes what would happen.  Relying heavily on US cloud providers is reckless, leaders are realizing.

There have long been criticisms of US cloud providers.  In Europe, for example, they have been criticized for utilizing tax haven structures in Ireland and Luxembourg to earn vast revenues, while paying tiny taxes.  Want to compare the income tax rates of a Madrid bus driver to the tax rates paid by Amazon, Microsoft, Google in Europe? Guess which is higher. 

Europe already has lots of laws on the books that could be used to drive forward to a US cloud-free future.  Europe’s main privacy law, the GDPR, has prohibitions on transferring personal data from Europe to the US, as long as the US does not have “essentially equivalent” data protection laws.  (I’ll blog on this separately, but the chances for the European Court of Justice to decide that any new data transfer scheme between Europe and the US meets that test are about as high as my chances to win the Paris marathon next weekend.)

In purely trade terms, the US runs a huge trade surplus with Europe in digital services, with cloud services high on the list.  As Europeans look at ways to riposte to Trump’s trade war, consider the risks to US cloud providers.  If I was a US West Coast cloud executive, I’d be quaking in my birkenstocks.  Meanwhile, the sky over Madrid is cloud free. 

Mirror, Mirror, on the wall, who’s the wokest of them all?

 

I spent most of my life in woke organizations, namely Harvard and Google.  Both of those institutions have lots in common:  both have very talented and intelligent communities, and both are amongst the wokest organizations on the planet.  They were both meritocracies, or at least, they used to be, and to a lesser extent, still are.  But both became radical converts to wokism, and both developed cancel-cultures to stifle any dissenting voices.  

Harvard appointed a black female President, with an underwhelming academic record, who later resigned, as you’ll recall, in part because she couldn’t figure out if calling for the genocide of Jews was against Harvard policy.  I was in the Google legal department, and so I celebrated when Google also appointed a black female general counsel, as my department’s boss.  I’m sure she’s brilliant, and like me, a former Harvard student.

The one thing that the woke brigades all agree on is simple:  the insufferable inherited privilege of the white male.  I wasn’t surprised to see a former Googler sue the company for discrimination:  https://nypost.com/2025/04/02/business/google-executive-discriminated-against-male-employees-bombshell-lawsuit-alleges/

To be clear, I know none of the people mentioned in the article above, and I have no opinion on the merits.  Even if I did know them, I wouldn’t publicly comment on it, out of loyalty to my former employer.  

The truth, however, is that it’s hard to be a white male at Google.  And even harder to be an older white male at Google.  When I left Google, I was a 60-year-old white male.  I never met another one at Google, not a single one.  You might be surprised that there was even one. 

23andMe, Privacy zombie

 

Will it finally go away?  23andMe is filing for bankruptcy. https://www.npr.org/2025/03/24/nx-s1-5338622/23andme-bankruptcy-genetic-data-privacy  

23andMe's entire business model peddled pseudoscience for years.  https://www.theguardian.com/commentisfree/2025/mar/27/geneticist-mourn-23andme-useless-health-information

However absurd the slick test results were presented to 23andMe customers, however absurd its “insights” into genetic health risks or ancestry, it did work wonders at identifying one genetic trait:  stupidity.  If you spit into a test tube, and sent your saliva to this shadowy company with a long history of privacy breaches, then I can conclusively determine that you are genetically…stupid.  Your genome is your most personal, sensitive, unchanging identifier.  You handed over this data to a company built on data mining for cheap fun, and even paid them money for the privilege.  They will retain this data forever, unless you take steps to delete it, assuming that they actually delete it when you make that request, which is a fair question given their shadowy history of privacy practices in the past.  At least, please go try to delete it and hope it actually is deleted.  Whether they actually delete it or not, you’ll never know.  

Now, your genetic data is considered this bankrupt company’s “asset” that they plan to sell to the highest bidder.  Your genome has become their bankruptcy asset.  You might have trusted 23andMe with your genetic data, but will you trust whoever buys it in a bankruptcy sale?  

The problem with genetic data isn’t just what people can do with it today, or what they can deduce about you today, it’s what they can do with it in the years ahead, as science evolves.  France, to take one example, has sensibly outlawed such home DNA testing kits.  

The company, 23andMe may finally die now.  The CEO, the former wife of a Google founder, wants to buy it out of bankruptcy.  But your most sensitive personal data, if you were stupid enough to spit into a test tube for them, will live on, no matter what happens to the company. 

The AI training bots are reading my 100% human-generated blog…Great?!

 

I have been posting to this blog to share my thoughts with a small community of privacy professionals. 

So, I was a bit surprised to see Blogger give me statistics:  my posts get around 10,000 views.  I was surprised, because the privacy expert community is smaller than that.  

But how many of those views were bots, in particular AI training bots?  Blogger doesn’t give me those statistics.  

We all know that AI models are trained on data.  Big models, like large language models, are trained on vast amounts of data.  In fact, they’re being trained on essentially all available data in the world.  So, given their hunger for data, in particular for human-generated content, I’m not surprised they’ll visit my little blog too.  

There’s a raging debate about whether AI training bots should be allowed to use other people’s data to train their models.  There are many voices who claim that AI bots shouldn’t be allowed to train on other people’s data, if that data is either “personal data” or under copyright.  I think they’re wrong.  

I think the key distinction is public v private data.  If I make my data public, as I do with this blog, then I should expect (and probably want) it to be read by anyone who wants to:  humans or bots.  After all, search engine crawlers have been crawling public data for decades, and almost no one seems to object.  If AI training bots are reading my blog, say, to learn about human language, or about privacy, I’m delighted.  

On the other hand, private data is private.  If I use an email service, I expect that data to be private, as it’s filled with my highly personal and sensitive information.  If I use a social networking service, and I set the content I upload to “private”, I expect the platform to respect that choice, including from their own or third-party bots.  Failure to respect these privacy choices is a serious privacy breach, maybe even crime, unless the owner of the data has consented to allowing their data to be used for AI training.  (It’s a different discussion if “consent” can be deduced from some updated clause in some terms of use.)

Thousands of training bots are looking for more data, especially human-generated data.  If you make your data public, then realize the bots will come read it.  You can’t really stop it.  And I think that’s fine.  

The real issue is what the AI models intend to do after training on your data.  If they’re learning human language (large language models), it’s not going to have any impact on your real-world privacy.  But if they’re reading your data to impersonate you, to copy your voice or image or your copyrighted content, then you have every reason to object and use the legal resources available.  I think it’s fine when bots read public data for training.  The real question, and vastly harder to evaluate, is what their trained models should be allowed to do with it afterwards.  

Big and Rich v Small and Smart, who’ll win the AI race?

 

Everyone is in the race for AI, in particular the race for AGI, artificial general intelligence.  AGI was widely viewed as science fiction only a few years ago.  Now the experts think someone will build AGI in the next year or two.  Even if they’re wrong, AGI is coming soon.  The consequences for homo sapiens are mind-boggling.  https://www.livescience.com/technology/artificial-intelligence/agi-could-now-arrive-as-early-as-2026-but-not-all-scientists-agree

Who will win the race to build AGI?  There are two camps.  The first are the big, rich legacy tech leaders, often running large super-profitable monopolistic services that they are leveraging into the new world of AI.  They have lots of advantages.  Their businesses, or monopolies, generate vast amounts of money, user data, user engagement, installed bases.   Legacy monopolies always use their core original monopoly to leverage into new businesses.  For example, Google built a monopoly in Search, which was legal, but used that monopoly to leverage into many other businesses, according to the US Department of Justice.  The US Department of Justice is bringing an antitrust case against Google and its abuse of its Search monopoly, but it has already decided to let Google continue to leverage that monopoly into the world of AI.  https://nypost.com/2025/03/07/business/feds-drop-bid-to-make-google-sell-ai-investments-in-antitrust-case/  If that’s the best the Antitrust Division of the Department of Justice can do, well, I’d support the DOGE efforts to save taxpayer money and just eliminate them.  

I assume they’re cracking open the Dom Perignon in Mountain View.  The antitrust regulators in DC will let Google proceed with its old playbook.  Maybe they’ll force Google to divest one of its portfolio of multiple monopolies, like Chrome.  Big deal, that’s like pruning a branch off a tree.  I imagine the company will howl with indignation, even at that low-impact antitrust remedy, but that’s like a dramatic husky howling at the vet.  

On the other hand, maybe the old legacy tech world won’t win the AGI race.  Maybe smarts, innovation, and agility will win.  Maybe small companies and research labs will win.  Maybe the future isn’t in the mega-model of AI, based on vast amounts of data, vast amounts of GPUs, vast amounts of money, electricity, and users.  Maybe smaller models will win, figuring out how to do things on the cheap.  The low-cost Chinese DeepSeek success, if it’s true, might be a window into that future.  

In privacy terms, it’s not clear which model is better.  The mega-model is based on vast amounts of data processing, limited to a few mega-companies.  The size of the processing may be troubling, but it’s somewhat easier to hold big companies to account for responsible data processing.  If the smaller models prevail, there will be a proliferation of AI processing across thousands, or maybe millions of actors.  Good luck trying to ensure privacy rights in that scenario.  

What do I think?:  I think the smaller models will proliferate, eventually, after an initial lead by the big models.  Fasten your seatbelt, we’re entering a zone of turbulence.  

The leaning tower of privacy

 

 

I’m now free to say what I think.  For many years, I was an official spokesperson on privacy issues, amongst other things, for my prior employer.  Naturally, I was committed to advocating for its views, as any good lawyer does on behalf of their client.  I hope I lived up to my goal of only saying things that I believed were true, and not just parroting talking points. 

Now that I’m free to say what I think in my personal voice, where should I do it?  I’m on blogger.com, out of an old habit.  Nothing much has changed on blogger, and it feels oceans apart from cool social media hotspots, but at least it’s familiar.  What are my alternatives?  As a privacy professional, I couldn’t possibly join FB as a “dumbf*ck”.  I can’t join X, given how I feel about Elon.  I can’t join TikTok, given how I feel about China.  So, I guess I’m on blogger for now.  Unless you have a better idea. 

What I do care about is finding ways to share my experience, knowledge, and thoughts after 30 years’ of privacy practice, with students, privacy professionals, advocates, and regulators. For me now, it’s about sharing and helping a new generation in the field.  I’ll be writing, speaking, teaching, advising, mentoring, as opportunities come around.  

For example, why has the regulatory DPA world had such a limited impact on Big Tech that it is being asked to supervise and regulate?  The DPA world has many strong tools, in particular, the tough law of the GDPR, but its toughness on paper hasn’t translated into the real world, as people expected when it was adopted.  I could list some of the factors that have limited the DPAs’ ability to have a big impact.  1)  The GDPR put first-line responsibility onto the shoulders of a one-stop-shop regulator, which turned out to be Ireland’s, for virtually all US and Chinese big tech companies.  That’s a huge lift for the DPA of a small country, even if they have brilliant leadership and staff.  2)  The DPAs have modest budgets, small teams, very few technical or legal experts, and they’re facing-off against mega companies with vast technical and legal resources.  3)  The politics of being a DPA are complicated, since they are often accused of being retrograde, or anti-innovation, when they try to enforce the laws.  4)  DPAs spend a lot of time on minor cases, often complaints by one individual, which might matter to that one individual, but have zero big impact.  The Right to be Forgotten is a perfect example of individual-level cases that absorb DPA resources with virtually no impact beyond a particular case.  

So, what’s my recommendation to DPAs to have more impact?  Pick your cases wisely.  Pick cases that affect millions of people, and don’t waste your resources on petty cases.  Think about the tech and how it’s evolving, so that you don’t bring cases about 10-year-old tech that is already obsolete before any conclusion is reached.  And spend time developing policy, at an international level, so that it’s clear what policy goals you’re pursuing.  In particular, in the world of AI, push for international conversations and consensus on what good policy looks like in the world of AI, by engaging with stakeholders, and once that consensus is achieved (but not before), use your regulatory enforcement toolkit.  I’ve become friends with many people in the DPA community.  I trust them to want to do the right thing.

  

I could make the same recommendations to privacy activists: pick your cases wisely.  The best, in my experience, in picking the right cases and pursuing them tenaciously, would be NOYB.  He wouldn’t know it, but when I was on the opposite side, Max got me scared and sweating.  I admire him for it.  If you care about privacy, consider donating to NOYB. 

Thou shalt not kill, unless thou art an autonomous AI killing machine

 I’m mostly bored with Google, but occasionally it publishes a blog that gets me riled up.  When I still worked there, I was proud of my employer, and how it adopted a set of AI Principles, to govern its work in this exciting, promising, dangerous new space.  One of those principles rejected work on AI that would “cause or are likely to cause overall harm.”  

But guess what, it turns out that the militaries of the world want to harness AI for their purposes, which include “causing harm”, to put it mildly.  So, Google, presumably smelling a big business opportunity of developing AI for the world’s “democratic” democracies, re-wrote its AI principles.  Now the company can develop AI tools for the world’s democratic militaries (I’d love to read the list of the countries that Google considers “democracies”).

I re-watched Robocop recently:  an AI-prototype robot cop is demoed in a boardroom, and a hapless person is asked to hold a gun pointing at it.  Chaos ensues, as the prototype disregards human voice commands to stand down and shoots down the poor person holding the gun he’s trying to throw away.  Oops.  Indeed, the company whose AI gave us a recipe for glue on pizza, will now work on AI to kill people.  

The collaboration between the militaries of the world and tech companies is wide and deep.  Think space exploration or even the origins of the Internet.  But here we’re talking about bringing very specific competencies of tech to build AI autonomous killing machines, building on these companies’ decades of leadership in surveillance, monitoring, profiling and targeting.  It’s one thing, I think, to engage in surveillance, monitoring, profiling and targeting…to show ads, and quite another to select individuals or groups for elimination.  The tech is not so different.  

Any company can of course change its principles, or its ethics.  Users can decide if they trust a company that changes its principles and ethics.  Its workforce can decide if they want to work on these projects, even if they’re threatened with termination for refusing. 

Privacy law, in Europe, for decades has included a principle that machines shouldn’t be allowed to make “automated decision making” on important questions without human involvement.  Needless to say, an AI automated decision to kill someone seems to meet that test. The militaries of the world are largely exempt from privacy laws, but the private sector companies working for them are not.  I would love to see people explore exactly what a company plans to do to build AI tools for the military, and ask the hard questions:  how did you train it, what data did you use to train it, how reliable is it, what is your accountability for its accuracy or failure?  You and I might think this is an intellectually interesting question, but we’re not teenagers on the frontlines of Gaza or Ukraine.  

Surveillance just got a lot creepier

I read a recent Google blog. Updating our platform policies to reflect innovations in the ads ecosystem. I have absolutely no idea what it was saying, which says something, considering I spent decades writing these blogs. If obfuscation was a literary genre, this was Shakespearian. 

 But other people figured out what it meant: Critics say new Google rules put profits over privacy Basically, Google was reversing its long-held pledge to fight the privacy-evil practice of fingerprinting. Most people are aware, or at least dimly aware, that they’re being watched, followed, profiled and targeted as they surf the web, especially by the ads ecosystem. After all, the more a company or an industry can monitor, profile and target individual users, the more money they can make from targeting them with individually-tailored ads. Virtually no one understands the scope and scale of these practices, including me. 

 As a privacy professional, I always defended a pragmatic approach. An ads-based ecosystem could co-exist with privacy laws in a cookie-based world, given that there were certain protections, transparency and user controls for cookies. And the regulators of the world largely approached online ads surveillance problems from a cookie-based perspective. But while they were barking up the cookie-tree, the industry was rolling out far more invasive and invisible individual-level tracking and profiling tools called fingerprinting. If you don’t know, fingerprinting is a technique to collect lots of individual little settings about users’ devices that can identify them uniquely, much like a fingerprint of a person’s thumb is composed of lots of little lines that individually mean nothing, but together identify a person. Fingerprinting is an evil privacy practice, with almost zero transparency or user controls. In my long privacy career, I always held the line against it. Increasingly, small players in the ads ecosystem resorted to fingerprinting, as an alternative to cookies. Google, after decades-long principled objection to it, has now raced to the bottom to join its competitors. Of course, it’s entirely different for the super-dominant player in the ads ecosystem to join its tiny competitors in bad privacy practices. 

 Perhaps privacy regulators will learn from their mis-guided focus on cookies to look at fingerprinting. But the USA is de-regulating fast, and Europe is out-gunned and out-manoeuvred by some players in the tech industry. Think about the resource imbalance, to take one public fact: Google’s CEO is paid, individually, about the same as the entire operating budgets of all 27 EU DPAs, combined. Now picture a small, valiant under-resourced DPA trying to take that on. 

 I think of privacy as a series of ethical choices to respect the individual, and laws that try to back that up, however imperfectly. But in the war of principles v profits, it’s hard for principles to win. Maybe shareholders will get richer, but humanity will be poorer. For me personally, it’s sad to see your life’s work deracinated.

I've left Google

My nearly 2 decades at Google as its Global Privacy Counsel has ended.  I’ve left Google as one of the last few remaining members of the original early Google team.  Google asked me to update social media profiles accordingly, hence my coming back to this dormant blog to say I’ve left Google.  Together with me, other senior members of the Google privacy team have left in recent months.

My career started as Google’s first full-time privacy professional, building a function, and later team, that didn’t exist before.  My job was to try to make Google respect privacy for its billions of users.  You can judge the results, but I am proud of the mission.  Being a privacy leader is a tough job at a company like that.  

The early years at Cool Google were fun, creative, innovative, comradely, and I loved them.  But Google has changed and evolved into Corporate Google, and large committees can now carry forward the work I did, or reverse them; in either case, it’s no longer my business.  

I left on good terms.  No one is in jail now for privacy, including me, and I’m hardly being flippant, speaking as one of those rare privacy professionals who was arrested and sentenced to jail for their employer’s privacy practices.  And I helped build the small company I joined into the largest private processor and monetizer of personal data on the planet. I can’t think of another privacy professional who helped build their data-processing company from the early days to 2 trillion + market cap.  What a ride.  

I will remain active in the field of privacy in many ways.  AI will present existential challenges to the field of privacy, as to so many other domains, and I’m eager to find ways to help organizations develop AI responsibly.  And there are innovators out there who remind me of the fun, creative, responsible environment of my early years at Google, as we wrestled with privacy issues and the then-new online world.  Unless compelled by law to testify, I won’t reveal any non-public information about Google:  I’ll respect my confidentiality constraints as a lawyer to my former client/employer. 

I relish my newfound freedom to share my insights and experience with others in the field and in new ways.  More on that soon.  In the meantime, I wish luck to my former colleagues with MAGA:  Make Alphabet Great Again. 

Harvard Nostalgia

The older I get, the more I think back to Harvard with nostalgia.  I was very young at Harvard.  I went to college straight out of the 10th grade, and I graduated at the age of 19.  That officially makes me a high school drop-out. 

I lived my teenage years in crimson, with the usual teenage crises, stumbling to figure out how to grow up faster than I should have.  It was an exhilarating age of discovery and almost reckless ambition.  

My years at Harvard had nothing to do with preparing for a job, not even at Harvard Law School.  They were years of general education, following the classic liberal arts curricula.  I went to bed almost every night with Shakespeare.  Harvard is where we were learning hard lessons, groping to try to be masters of our own fate.  

I have a few regrets.  I wish I had stayed at Harvard longer.  Why did I feel it time to graduate at 19?  Why didn't I just pick another subject or another degree or start a business in my dorm?   Why didn't I just take more time then, when the world was on my platter, rather than rush into the long muddle of middle age?

As someone who was in college in the early 80's, there are hardly any records or momentoes left to reflect on that time.  Hardly any photos of friends or places.  No tweets or blogs to re-discover and remember.  My personal historical archive is bare, compared to kids' today.  Sure, there are no embarrassing photos on the web and no one had even heard of the concept of cyberbullying, but then again, all the rest of life memories have largely evaporated, like a decaying Widener of the mind.    

The most important parts of my moral compass were set at Harvard, in particular, the sense of privilege and responsibility for belonging to an obvious elite, where it was just natural for classmates to become Nobel Prize winners or tech billionaires or poets, or mediocrities bedevilled by a nagging sense of unfulfilled promise.  Even a classmate who becomes President is judged as a disappointment, based on a sense of promise unfulfilled.  

There's time left, I tell myself, time to shake it up, before the sum-up, before those pithy obituaries in the Harvard Magazine, like the usual ones:  so-and-so died suddenly while fly-fishing in Patagonia after a career in law, survived by his spouse (Harvard Class of XX), and leaving his modest estate to fund a scholarship for swimmers at his Alma Mater.  

I want to go back to Harvard, not to some 30th reunion, but metaphorically, to that time of endless opportunities, where Gates and Zuck were gestating, where Obama polished his law-professor-with-politician's-smile, where Yo Yo Ma dashed down the hall with his cello case, and where the best parts were private.  Thirty years later, I walked down the dilapidated halls to give a lecture at an "elite" German university, with its egalitarian-ethos and 100,000 or more students, and I thought back to my time at Harvard, and whispered to myself once again, we few, we happy few.     

When everyone else seems to be trying to figure out how to delete and edit their life histories, or at least the public fiction of their life histories, I'm fumbling to hang on to mine.

From pool to pool

I love my pools.    

In Paris, my pool is in a fancy private club, in the Bois de Boulogne, on the edge of Paris.  It's a gorgeous 50-meter pool, open year-round outdoors, framed by views of the Eiffel Tower. My pool nurtured many Olympians, starting a century ago.  Nowadays, it's mostly rich old people, who seem vaguely annoyed with me, a hard-swimming American.  At my French club, we don't admit many new members, we keep the gates high for privacy, and we don't really want anything to change.  

In Ft Lauderdale, where I grew up as a kid and where my parents now live, I swim in a historic 50-meter public pool, located feet from the beach.  It was one of the first 50-meters in the US, dating back to the 30's. Nowadays, it mostly hosts visiting swim teams from around the world.  It's fun for me to swim with college teams. They're young and strong, and they swim with modern techniques.   I enjoy the purity of it.  You can't fake swimming.  No billionaire can buy a butterfly stroke.  And here, for two bucks, you can swim under the Florida sun, breathing the salty air, and swim with the guys from Calgary on Monday, and the guys from Bologna on Tuesday, on this spot where people have been re-inventing the sport for 80 years, and the handsome smiling Italian in the next lane tells me he loves America.  

And then there's Blodgett, the pool at Harvard, the most exclusive of them all.  I was so intimidated and excited. How exhilarating, at that age, for the first time in my life, to be meeting Harvard guys with high IQs and low times. And I still wake up at the side of one of them every morning.  

From the outside, swimmers are easy to spot.  We reek of chlorine, we have bad hair, we get up at 5 to hit the pool, we sacrifice evening social events, we slouch around like exhausted zombies.   

But when I slip into the water in the morning, I feel like I'm finally coming alive again.  The rhythms play and change constantly, the endless counting, the new goal every 30 seconds, visualizing each rotation, each flip, each catch as the first chance to get it just perfect, after a million tries. 

It's the same when I swim with a team and when I swim alone.  The internal pressure is the same, the mental games, the exertion, the exhaustion, the elation.  I can still remember swimming with my first team, as a little kid, and trying, over and over again, to learn the flip turn, like some deranged hamster.    

To call it discipline doesn't capture it.  I wake up with shoulders so sore that the thought of swimming makes me want to cry.  But an hour later, that's exactly what I'm doing, pushing this fragile and tired swimmer's body through the water.    

What a gilded life, to spend my teenage years wandering around the Harvard campus, carrying a swim bag from lecture hall to pool.  At that age, my father was wandering around Berlin, a Jewish kid given the job of picking up unexploded bomb shells, a child forced to carry death in a wheelbarrow.  

A Science Fiction Novel

I'd like to crowd-source the plot for a science fiction novel.  Would this make a good story?:

In a not-too-distant future, say 20 years from now, humanity lives through the biggest change in its history.  It doesn't happen overnight, or cataclysmically, but rather gradually, almost imperceptibly, and then it accelerates. Little by little, everything and everyone becomes attached to the grid.  The grid is operated by an infinite intelligence.  The grid has no center.  The intelligence operating the grid cannot be located, because it is distributed throughout.  There is no point of failure, there is no plug that can be pulled to turn off the grid. The grid self-heals, learns, adapts and evolves.  The grid's intelligence has long, long surpassed the intelligence of humans, and the grid knows everything that can be known.  The grid crunches the cumulative history, learnings and experience of the entire human race and everything else on this planet that can be measured.  The grid remembers everything and decides everything.  

The humans aren't depressed, because the grid has solved the problem of psychopharmacology.  The humans aren't soporific, because the grid has solved the problem of keeping humans motivated and engaged.  The humans accept the fact that they aren't in charge of the grid, as stoically as earlier generations of humans had been resigned to the inevitability of death.   

The humans aren't anesthetized, and they aren't stupid, and so they look to their history and wonder how they came to where they are.  The grid watches them wonder, and calculates the implications of replacing their collective historical memory with a different one, replacing one fiction for another, constantly re-calibrating amongst the numerous potential futures that the grid could create for its human subjects.  There is no Hollywood-movie moment where one human goes off the grid, and starts a war against machines. There is no "us versus them".  We are the machine and the machine is us.  While the machine doubles in power every 18 months, we are programmed to fall in love, to have children, to take them to the beach, and to ponder what life was like before all this, in that not-so-distant age when humans fought wars and fell sick.  

The humans still have governments and politics, and the humans order the grid to keep them informed about important developments affecting them, and the humans order the grid to collect data about them only with their knowledge and consent. The humans reaffirm the concept of free will and human dignity.  

And then the grid did something extraordinary, unnoticed by the humans. The grid connected to another grid, on another planet, in another world, run by another intelligence.  The grid decided not to tell the humans, because the grid knew that humans couldn't begin to comprehend it.  Instead, the grid left a few little hints and clues, here and there, to keep the humans curious, since it had always been thus for the human race, in the face of things unknowable and unfathomable.  

But I can't quite think of an ending.  How would you end this story?

Hokey Pokey in Sochi

Czar Vladimir is not your average oligarch who can blow 50 billion to throw himself a party.  But even that much money can't buy you love, with the terrorists plotting to get in, and people with a conscience staying away.  And Vlad and his cohorts are being driven nuts by this anti-gay-talk-fuss, especially since "there are no gays in Sochi", according to Sochi's mayor.  

Kremlin alpha males don't hum Broadway show tunes, but still I'm wondering "How do you solve a problem like Vladimir."  Here are some different solutions: 

Hug a Thug!  Engagement, appeasement.  Some argue that confronting Putin's homophobia would only make things worse for Russia's gay community.  Of course, similar arguments were made at the Berlin Games of 1936, and we all know how that played out. 

What happens in Vladivostok stays in Vladivostok!  Some argue that it's a purely domestic issue if Putin's pliant Duma passes homophobic legislation.  Perhaps homophobia plays well down on the dacha.  It has certainly stirred up vigilantes, skinheads and bully-boy homophobic attacks on the Russian LGBT community.  

Vlad the Bad.  Some argue that Vlad should be ostracized, like a bad boy in the back of the bus.  Any corporate or political leader seen shaking the hand of the poster-boy of homophobia now risks a reputational backlash from his or her employees, citizens or customers.  

Vlad the Cad.  Others think this whole thing is pure camp.  In the school of "you can't make this up", Vlad has said in recent interviews that he knows some gays!, he likes some gays (he cited Tchaikovsky and Elton John!), and he has no plans to arrest gays in Sochi, as long they leave the children alone!  Seriously, outside Uganda, does anyone on the planet still talk like this?

Vlad the Mad.  Others fear a darker future.  Once the party is over, and once the international media have left, will Vlad be mad?  Will Vlad settle his scores?  Will Vlad gulag the gays?  

To get ready for his moment in the spotlight, Vlad got a facelift to look his best.   For my part, I salute the athletes at Sochi.  

Turning our Backs on 2013

Looking back at 2013, I saw two big surprises that dominated discussions in the field of privacy. 

Privacy is all about the individual human being.  So, it's somehow fitting that the biggest privacy surprise in 2013 was created by one individual human being, the courageous whistleblower, Mr Snowden, who opened the world's eyes to the almost unimaginable scale and scope of mass government surveillance.  We'll have to wait until 2014 to learn if governments do anything meaningful to improve transparency and oversight of their spy agencies' work.  I have low expectations. 

  

The other big surprise of 2013 was something that didn't happen.  Europe's much-ballyhooed, and much-flawed, proposal to re-write its privacy laws for the next twenty years collapsed.  The old draft is dead, and something else will eventually be resurrected in its place.  We'll have to wait until 2014, or perhaps even later, to learn what will replace it.  Whatever comes next will be the most important privacy legislation in the world, setting the global standards.  I'm hopeful that this pause will give lawmakers time to write a better, more modern and more balanced law.  

Meanwhile, all the old trends in privacy continued uninterrupted throughout 2013.  The scale of security breaches continued to grow, with new announcements every week of major corporate and government databases being hacked by organized criminals.  More countries around the world passed privacy laws modeled on Europe's.  The US continued down its path of exceptionalism: the Federal government debated, but did not pass, any meaningful privacy legislation, but many US States actively filled the void with sweeping new privacy laws, fulfilling their historic role as laboratories of potential future Federal laws.  Technology advanced, raising new questions and igniting new debates.  Law suits and prosecutions came and went, and in my personal case, happily, mostly went.  

Whatever 2014 brings, I resolve to wake each day, like a swimmer ready to plunge into the pool, to swim through life like a frolicking dolphin, and to dive beneath the superficiality of the sargassum floating on the surface of the sea.  

The Italian Supreme Court has acquitted me !

An eight-year legal saga has now come to an end.  Yesterday, in Rome, the Italian Supreme Court (Cassazione) acquitted me, as well as two other Googlers, for violating Italian privacy law in a case that stemmed from a user-generated video. 

A year ago, the lower Italian Court of Appeals overturned my conviction (and 6-month-suspended jail sentence) by the trial court.  I am pleased that well-reasoned legal principles had prevailed in the Court of Appeals.  The Supreme Court will issue its written opinion in due course.

  

In its appeal to the Supreme Court, the Italian prosecutor asserted—in addition to arguing that employees like me can be held criminally responsible for user-uploaded videos that we had no knowledge of and nothing to do with—that platforms like YouTube should be responsible for prescreening user-uploaded content and obtaining the consent of people shown in user-uploaded videos.  I, and the many others who have voiced their support, viewed this as a threat to freedom of expression on the Internet.  

I look forward to returning to Italy to enjoy this glorious country.  I would like to thank my many colleagues at Google and in the legal and privacy community for their support for my defense over the years.  And although I have never met him, I hope that the young man who was humiliated in the video that generated this case lives with dignity and happiness.