Google Dodges A Privacy Bullet (Again)
November 12, 2010 - NewsAdmin Staff Writer

If you stop by the Google site with any frequency, you may be familiar with their Street View feature. In a nutshell, the Street View technology appears within Google Maps and gives users an opportunity to view street locations around the world from a panoramic perspective. To date, the technology has been used to map cities throughout the United States, Canada, Europe, South America and Asia. The street images are collected by a fleet of customized cars that are outfitted with directional cameras, GPS units, and antennas that scan 3G and Wi-Fi hotspots. In the event that an area is not accessible by car, Google deploys specially designed tricycles and snowmobiles that are equipped with similar hardware.

Just about everyone I know has used Google's Street View to some extent since its introduction in May 2007, and up to this point I never thought much about the technology beyond its promoted purpose and benefits. That is until recent litigation and investigations have raised legitimate privacy concerns about Google's data collection process. More specifically, in April 2010 Germany's Data Protection Authority (DPA) asked Google to detail the type of information their Street View vehicles were collecting, and how the data was being used. In addition to capturing images, Google initially disclosed that their camera systems also captured data related to Wi-Fi networks within the neighborhoods they were mapping, such as MAC addresses and SSID's (network names).

Google asserted that these were the only details their vehicles were collecting, but when the DPA asked to examine their Wi-Fi data, it was discovered that Google's Street View technology was capturing end-user passwords, email addresses, and web surfing data along with the SSID and MAC details they originally acknowledged. When this information was brought to light, Google simply attributed the breach of privacy to an oversight error. The oversight in this case being a Google engineer who inadvertently incorporated a piece of experimental code into the Street View feature that was designed to sample Wi-Fi data.

I suppose there a couple ways to view this event. We can take Google's word that they knew nothing about the Wi-Fi data collection, but should we then be concerned that there is so little oversight within their company that they failed to notice that an intrusive piece of software was easily incorporated into Street View before it's highly publicized launch? Or is it possible that Google intended to capture this personal data all along, and didn't anticipate the DPA discovering their indiscretion? As an online user, and someone who takes great care with how and with whom I share my personal information, I'm not thrilled with either of the above explanations... a company that has carelessly or intentionally breached my privacy.

If a discovery in June 2010 is any indication, it would appear that Google had every intention to incorporate the Wi-Fi software into Street View for the purpose of gathering data from 3G and Wi-Fi hotspots. To substantiate this claim folks have pointed to a patent application (#776) filed by Google with the U.S. Patent & Trademark Office in 2008. The patent describes a method that would increase the accuracy of its location-based services (Street View) so that Google's advertisers/partners could define the exact location of mobile phones and computing devices. The application goes on to detail a process that involves the intercepting and analyzing of data collected by services such as Street View.

The situation is cause for concern, and so much so that the Federal Trade Commission (FTC) launched an investigation into Google's Street View technology and practices. Unfortunately the FTC ended their inquiry as quickly as they started it, closing their investigation and issuing the following statement:

"Google has recently announced improvements to its internal processes to address some of the concerns raised above, including appointing a director of privacy for engineering and product management, adding core privacy training for key employees, and incorporating a formal privacy review process into the design phases of new initiatives.”

I'm not one for conspiracy theories, but I did find it curious that one week prior to the FTC's sudden ruling, Barack Obama (yes, the same Barack that's the President of the United States) attended a $30,000 per person Democratic Party fundraiser hosted at the home of... drumroll please... Google executive Marissa Mayer. Coincidence? I'll let you be the judge because I don't want to arrive at any conclusions that might prompt guys with dark suits, dark sunglasses, and darkly tinted unmarked vehicles to show up on my doorstep.

Google is the world leader when it comes to collecting and profiting from personal data, so I think it's only fair that should be a leader in the industry when it comes implementing privacy practices. They're no longer a startup operating out of a college dorm room, they're a multi billion dollar company and they should start acting like one. Whether their frequent breaches of privacy and trust are intentional or the result of carelessness shouldn't really matter because the damage is done in either case. It was unfortunate to see the FTC close their investigation so quickly, but hopefully the FCC's investigation or one of the pending class action lawsuits will force them to take responsibility.

Return to the main "News & Commentary" index