Sophos Cloud Optix
In response to an itsy-bitsy $7 million fine, Google has admitted that Yes, its Street View cars hijacked your privacy.
The fine, announced Tuesday, will settle a multi-state investigation in the US that looked into Google’s grab of private data – including emails, text messages, browsing histories and passwords – from unsecured wireless networks as its cars patrolled neighborhoods, snapping photos around the world.
The agreement covers 38 states and the District of Columbia, representing part of the area wherein Google intercepted such communications from households and businesses between early 2008 and spring 2010.
Google has been mea-culpa-ing the breach for quite a while, and Tuesday was no exception. Its statement:
"We work hard to get privacy right at Google, but in this case we didn't, which is why we quickly tightened up our systems to address the issue."
The reaction from privacy advocates and Google critics has been mixed.
Some are calling the settlement a breakthrough for Google, a company whose critics perceive it as a “serial violator of privacy,” in the words of the New York Times.
Others think that the US settlement over the Street View privacy invasions – aka the Street View WiSpy scandal – will pave the way for a hard-core privacy battle over Google Glass and its record-everything-you-look-at capabilities.
The NYT quoted Scott Cleland, a research analyst and consultant for Google’s competitors who maintains a Google Privacy Rap Sheet that tracks the company’s privacy affronts:
"Google puts innovation ahead of everything and resists asking permission. But the states are throwing down a marker that they are watching and there is a line the company shouldn't cross... If you use Google Glass to record a couple whispering to each other in Starbucks, have you violated their privacy?... Well, 38 states just said they have a problem with the unauthorized collection of people's data."
The settlement lets Google off the hook when it comes to admitting wrongdoing.
Instead, beyond the fine, the settlement requires Google to do the following, among other things:
- Teach Google employees about users’ data privacy or confidentiality. This includes an annual privacy week, as well as privacy certification programs for certain employees, refresher training for lawyers overseeing new products, and training for employees who deal with privacy matters.
- Sponsor a nationwide public service campaign about wireless networks and protecting personal information. It’s required to create a YouTube video explaining how to easily encrypt data on wireless networks and to run a daily online ad promoting it for two years. Google will also be required to run educational ads in the biggest newspapers in the 38 participating states.
- Continue to secure, and eventually destroy, the data its Street View cars collected.
(Regarding No. 2, there are some who would suggest that the best public service campaign Google could muster up would be to convince people not to trust their privacy to Google, or to the cloud in general, but I digress.)
Should we trust that Google is finally getting the message about user privacy?
I kind of doubt it.
As Cleland said in a blog posting about the settlement, were one to “fact-check Google’s representations of privacy earnestness,” you’d see little progress reflected on its privacy rap sheet since the WiSpy scandal broke.
In fact, you’d see 40+ public Google privacy problems or failures in the 33 months since Google pledged “to learn all the lessons we can from our mistake,” Cleland notes.
Not encouraging, he said:
In short, Google's overall privacy track record over the last 33 months has gotten demonstrably worse, not better, in part due to Google Android's breakneck pace and corner-cutting to dominate the mobile OS and advertising markets. Sadly, the overwhelming public evidence shows Google has learned very little from the Street View WiSpy scandal.
Simply, Google is not walking its privacy talk.
Not walking its privacy talk, indeed. And probably laughing all the way to the bank to cash in on its very astute monetization of personal data, to boot.
Unsecured wifi and man with binoculars images from Shutterstock
As an Company, I like Google. I like their innovation. I like that they're an American Company. I like that they have Google Voice.
I'm also okay, for the most part, with more and more of my personal data being open to others. I'm wary about it but, hey, the genie is out of the bottle, right? I like using the internet and I accept the open privacy issues. I therefore think that as a society we need to focus more on what "is done with our personal information", the action, more than on "the collection of that data". That is, focus on what individuals, companies, and nations do with our personal information. Both are important but it is almost a given that we can't control "the collection" to the extent we can "the action".
Here's another way I can influence Google. Like I said, I basically like Google. I was also thinking about purchasing a Nexus 4 Phone or the next model. I was thinking about purchasing a Chromebook or the Nexus 10 Tablet. I just googled all of them and I'm sure in the coming weeks that Google will be making a few pennies off of me since the various sites I frequent will miraculously have Nexus 4 and Chromebook advertisements on them. I'll also be getting a few unsolicited emails with additional adverts on these Google Products.
So what can I do? I'm thinking twice about a Google phone, Tablet or Netbook. I read articles like these and it really does make me stop and think about my purchase decisions. It's what I can control. It's the most effective way I not only CAN but WILL influence Google.
There are a few things you can do to minimise your exposure to Google. For a start you can:-
1. Ditch Chrome and get a different browser.
2. Use Startpage as a search engine. It uses the same algorithms as Google but is far more private.
3. Install Ghostery on your new browser and stop tracking cookies.
4. Install HTTPS Everywhere.
Four really simple steps to prevent Google having your internet history.
Out of morbid curiosity, how did google end up retrieving "text messages" (SMS/MMS i am assuming) scanning unsecured Wifi?
Is is like when cell phone was being used as a "portable hotspot" for tethering and was unsecured?
Or it is was when celll phone was connected to an unsecured home network, that google scanned.
Any input on this will be highly appreciated.