Service Provider Cloud

Evernote: 'We Communicated Poorly' on Privacy Change

After stepping on its trunk in a privacy imbroglio, the Evernote elephant issued a clarification on Thursday, saying user concerns were triggered because "we communicated poorly."

"We recently announced an update to Evernote's privacy policy that we communicated poorly, and it resulted in some understandable confusion," says CEO Chris O'Neill in a post on Evernote's company blog Thursday. "We've heard your concerns, and we apologize for any angst we may have caused. In response to the questions you've raised, let me be clear about what's not changing and what is changing." (See Evernote Caught in Privacy Imbroglio.)

Evernote (whose mascot is an elephant, because an elephant never forgets) promises to protect user privacy, but reserves the authority to view user content when legally required to do so. "Like other Internet companies, we must comply with legal requirements such as responding to a warrant, investigating violations of our Terms of Service such as reports of harmful or illegal content, and troubleshooting at the request of users. The number of employees who are authorized to view this content is extremely limited by our existing policies, and I am personally involved in defining them," O'Neill says.

This week, Evernote announced an update to its privacy policy, effective Jan. 23, 2017, giving users concerns that Evernote employees would be able to access confidential data more freely. Some threatened to quit the service.

O'Neill clarifies the updated policy in his blog post Thursday: Evernote plans to improve its machine learning to "automate functions you now have to do manually, like creating to-do lists or putting together travel itineraries. Machine learning might sound like science fiction where computers make their own decisions. In reality, machines still need a human to check on them. To get there, Evernote data scientists need to do spot checks as they develop the technology," O'Neill says.

"Select Evernote employees may see random content to ensure the features are working properly but they won't know who it belongs to," O'Neill says. "They'll only see the snippet they're checking. Not only that, but if a machine identifies any personal information, it will mask it from the employee."

That change is scheduled for Jan. 23. Users can opt out of the new machine learning capabilities, which will also opt them out of Evernote employees gaining access to data.

O'Neill's statement generated mixed reactions on social media.

"[S]till cancelling account," says Quinn Murphy on Twitter, who identifies himself as an operations engineer and game designer.

"I applaud @Evernote for taking responsibility, owning their misstep & providing clarity. Thx," says Christi Avampato on Twitter, who identifies herself as a freelance writer for the Washington Post and product director at a healthcare AI startup.

Meanwhile, on reddit.com/r/evernote:

"Sometimes the CEO needs to step into place and clarify things. [The] legalese made it sound a lot more [scary] than it really is," says "rechnergott." "Also - this is why PR is a thing."

Want to know more about the cloud? Visit Light Reading Enterprise Cloud.

But "iwannabethecyberguy" notes that Evernote says that data is encrypted in transit, but does not say whether it's encrypted at rest. "This means if Evernote were to be [compromised] all of your data would open to view. Sure, you probably don't care because [all] you have [are] recipes, saved articles, and harmless notes, but if that's the case, send me your Evernote username and password (and two-factor tokens) so I can look at [y]our notes. [They're] harmless notes so you won't mind right?"

Also, see discussion on this Reddit thread: Users seem equally split between (1) Dumping Evernote because they feel the privacy imbroglio is the latest of a series of bad decisions that mean the company is doomed and (2) Staying with Evernote because they don't believe there's an alternative.

As for me: I'm a heavy Evernote user, very concerned about the privacy policy, but I'll stick with them for now.

Related post:

— Mitch Wagner, Follow me on TwitterVisit my LinkedIn profile, Editor, Light Reading Enterprise Cloud

Michelle 12/18/2016 | 5:57:57 PM
Re: weasel words I agree the aplogy was weak and didn't really help. It's good they eventually ditched the updated policy. 
mendyk 12/16/2016 | 9:49:28 AM
weasel words As corporate "apologies" go, this is slightly better than, "We sincerely apologize for any confusion or inconvenience caused by a misinterpretation of our policy changes," but only slightly.
Sign In