Friday, May 28, 2010

Google Wi-Fi or Google Wi-Spy?

I've got some good news and some bad news for today. The good news is I don't feel forced to write about the current anti-privacy champion Facebook. The bad news is Google is vying for Facebook's throne. Yes, its a clash between two corporate behemoths - each trying to "out anti-privacy" the other.

As some of you probably already know, it turns out Google has a little bit of a "spying" problem. But before I get to that, let me give some backdrop on the company's long and sordid past when it comes to protecting user privacy. Google's "belligerence" when it comes to this issue shouldn't be understated once the size and scope of the company is taken into consideration.

Now, I've posted a lot about Google's less than stellar record on privacy in the past, from their lobbying efforts in Congress, to cloud computing to Google Buzz to Google books to its increasing usage and expansion of behavioral marketing techniques. And that's just to name a few...

In other words, Google has made a fortune from spying on what consumers do online, including what web sites they visit; creates dossiers on users’ online behavior without their prior permission; then harvests this private information to sell hundreds of millions of dollars in advertising.

But, the ante has recently been raised with the company's admission that Google’s StreetView cars were gathering private information from unaware local residents - yet again demonstrating the company’s lack of concern for privacy and the need for government inspection of the data the company is collecting and storing.

This flagrant intrusion into consumers’ privacy only came to light because of tough questions from European regulators. Late last Friday the company acknowledged gathering “payload data” from WiFi networks. Less than a month ago Google had denied accumulating the information. Google engineers attributed the discrepancy to a “mistake.”

But it get's better. Suits have been filed in Washington D.C., California, Massachusetts and Oregon by people who accuse Google of violating their privacy because the cars also collected data from open Wi-Fi networks.

The court then ordered Google to make two copies of a hard drive containing data from the United States and turn them over to the court - data that was scooped up by the company's Street View cars as they photographed neighborhoods, part of an escalating legal and public relations problem for the search engine giant.

Google has sent fleets of cars around the world for several years to take panoramic pictures of streets. People using Google's online atlas for locations and directions can often look at photographs collected by the Street View project and classified by address. Google says it uses the location of Wi-Fi networks to enhance location-based services on smartphones.

It first revealed that Street View cars were collecting wireless data in April, but said that no personal data from Wi-Fi networks was involved. But after an audit requested by Germany, Google acknowledged it had been mistakenly collecting samples of "payload data."

Even three U.S. lawmakers, concerned Google may have violated U.S. privacy laws, asked the company on Wednesday to tell them how much personal data was gathered. California Republican Representative Joe Barton, California Democrat Henry Waxman and Massachusetts Democrat Edward Markey said in a letter to Google's Chief Executive Eric Schmidt that they also wanted to know how Google planned to use that information.

John M. Simpson, consumer advocate with the nonpartisan, nonprofit group Consumer Watchdog (which has been all over Google's anti-privacy practices for the past few years now), took the argument against Google further, stating, “While the activity is likely a violation of federal laws, we believe there is a good possibility it also broke state wiretap, privacy and unfair business practices laws in many cases...We call on each attorney general to investigate the extent to which this is the case in his or her jurisdiction.”

The group's letter, addressed to James McPherson, executive director of the National Association of Attorneys General, states, Google’s claim that its intrusive behavior was by ‘mistake’ stretches all credulity. In fact, Google has demonstrated a history of pushing the envelope and then apologizing when its overreach is discovered. Given its recent record of privacy abuses, there is absolutely no reason to trust anything the Internet giant claims about its data collection policies.”

The letter continues, "the FTC has the authority and public trust necessary to get to the bottom of Google’s dubious data collection practices. The probe should reveal exactly how consumers’ privacy has been compromised and what remedies are required."

None of this should really be a surprise of course. As I stated to the PUC a few months back, with Google lobbyists in the room no doubt:

"...one Google product after another – from Google Buzz to Google Books - has been a virtual privacy train wreck. The company's refusal to make public how often information about their users is demanded by, or disclosed to the government, is all the more disconcerting."

Google’s CEO, Eric Schmidt recently stated "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Schmidt also said:

"… the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities."

So with all that said, here's a few clips from Wired magazine on this burgeoning spying scandal:

The lawsuits...allege that Google violated federal and state privacy laws in collecting fragments of data from unencrypted wireless networks as its fleet of camera-equipped cars moseyed through neighborhoods snapping pictures.

The Massachusetts lawsuit, filed Tuesday by Galaxy Internet Services, is seeking class-action status for all Wi-FI users in the state who may have been affected, and is asking for $10 million in damages....

The Oregon lawsuit is seeking class-action status for residents in Oregon and Washington state whose data may have been collected. Plaintiffs in that case seek statutory damages of $100 a day per plaintiff for each day their data was breached, or $10,000 for every instance of illegal data collection. It also seeks other unspecified punitive damages.

The California suit seeks class-action status for all U.S. residents. Plaintiffs in the suits are also seeking court orders to prevent Google from destroying the data it collected until plaintiffs can examine it in discovery.

...

The company called the inadvertent collection “a mistake”
and said it was the result of a programming error — code written for an early experimental project wound up in the Street View code, and Google says it didn’t realize the error until German privacy authorities began questioning what data Google’s cameras were collecting....

Not everyone believes the plaintiffs in the lawsuits have a winning case. One attorney noted to The Recorder that the Electronic Communications Privacy Act contains a safe harbor for breaches that involve collections of data that is already publicly accessible.The plaintiffs also may not have standing for a suit unless they can prove that their personal data specifically was among the information that was collected.

And to finish the post off,
here's a bit more from CNet's Declan Mcullaugh:

Google
's accidental interception of some Wi-Fi transmissions is, for at least a few politicians, the gift that keeps on giving. The letter comes exactly a week after Markey and Barton called on the Federal Trade Commission to investigate whether the search company's inadvertent collection of Street View Wi-Fi data violates the law. A few days earlier, Google had acknowledged that because of a programming error, its Street View cars had intercepted fragments of data from unencrypted Wi-Fi networks for periods of 200 milliseconds at a time.

...

Wi-Fi networks that aren't encrypted--that is, open wireless networks--are trivial for anyone to monitor. Some of the more popular packet-sniffing tools are even free. But just because it's technically possible to capture packets on an open Wi-Fi connection doesn't mean it's legally permitted.

A federal law called the Electronic Communications Privacy Act says that anyone who "intentionally intercepts" any electronic communication, including a wireless communication, is guilty of a crime. But accidental or inadvertent interception doesn't count.

...

The risk for Google goes beyond this single privacy flap. The bigger problem for the search company is that news of the Street View Wi-Fi interception erupted at a time when politicians, bureaucrats, and activists are paying an unusual amount of attention to tech companies' data collection and use practices.

There was Google Buzz's launch, relaunch, and re-relaunch earlier this year. There was Facebook's loss of face on privacy, culminating in a press conference with CEO Mark Zuckerberg in Palo Alto, Calif., on Wednesday to announce a set of simpler data-sharing settings. Even Apple has been accused of being Big Brother.

When you
're one of the biggest companies in an industry that has the good fortune to fall into Washington's crosshairs at the moment, you don't want even the slightest privacy misstep, let alone one that becomes an international incident. That invites new proposals for more regulation (that even liberal groups don't like very much) and other negative consequences.

Wednesday's letter to Google from Barton, Markey, and Waxman, who chairs the committee overseeing Internet regulation, asks questions like "Have all Street View vehicles documenting United States roads been engaged in the monitoring or data collection of Wi-Fi transmissions at all times during these activities?" And: "Please explain why Google chose to collect the data and how it intended to use the data."

It would be entertaining if Barton were asked why, if he cares so much about privacy, he supported efforts by the Bush administration to expand government surveillance. And if Markey is committed to civil liberties, why did he vote last week for the DNA collection of Americans who have been arrested for, but not convicted of, a crime?

Click here to read the article in its entirety.

Special thanks to Consumer Watchdog for the bulk of the information I posted today...they deserve big props for keeping on Google and exposing the company's practices...practices that conflict with the "brand" they're selling us...to put it mildly...

No comments: