Evernote clarifies its 'poorly communicated' angst-rousing privacy policy update

There has been great concern over the last day or so following an update to Evernote's Privacy Policy. The update said that Evernote employees might be able to access unencrypted notes as part of a human review of machine learning technologies. Users were unsurprisingly rather concerned, and there was much talk online of a mass exodus to OneNote and other alternatives.

In the face of a user backlash, Evernote CEO Chris O'Neill has issued an apology for any "angst we may have caused" and stressed that "privacy has always been at the heart" of the company. He concedes that the changes to the Privacy Policy were "communicated poorly"... but then managed to half-shift the blame for upset back onto users by saying the change "resulted in some understandable confusion".

O'Neill's post on the Evernote blog adopts an astonishingly patronizing tone. The change to the privacy policy came about because of the company's increased use of machine learning. O'Neill talks down to users, saying: "Machine learning might sound like science fiction where computers make their own decisions. In reality, machines still need a human to check on them".

Employees of the company are granted a status-enhancing job description when he goes on to say:

Evernote data scientists need to do spot checks as they develop the technology. We'll introduce this change on January 23, 2017, but you control whether or not your data is used for this purpose at any time.

But, as we learned yesterday, opting out of machine learning does not mean your unencrypted notes are necessarily kept away from prying eyes. O'Neill says today:

Privacy has always been at the heart of Evernote, and we’re as committed as ever to upholding our Three Laws of Data Protection. These laws guide everything we do, and, I believe, represent industry-leading standards for privacy.

In enforcing these laws, Evernote employees do not view the content of user notes except in very limited cases. Like other internet companies, we must comply with legal requirements such as responding to a warrant, investigating violations of our Terms of Service such as reports of harmful or illegal content, and troubleshooting at the request of users. The number of employees who are authorized to view this content is extremely limited by our existing policies, and I am personally involved in defining them.

In reality, it is unlikely that Evernote's attempts to put out the fires that the policy change ignited will work. Even in attempting to calm concerns about unencrypted notes being read by employees, O'Neill says:

If you choose to participate in these experimental features, you'll enjoy a more personalized experience. Select Evernote employees may see random content to ensure the features are working properly but they won’t know who it belongs to. They'll only see the snippet they're checking. Not only that, but if a machine identifies any personal information, it will mask it from the employee.

Evernote says that it will also provide "additional clarity in an updated FAQ page over the next few days". Quite why this could not be done immediately -- or why it was not done in the first place -- is likely to lead to further concerns that the delays are merely designed to allow lawyers sufficient time to draw up a tightly worded FAQ that has asses covered.

Image credit: dennizn / Shutterstock