Feeds

Googlegate: Mapping a scandal of global proportions

Google is not above the law

Boost IT visibility and business value

Opinion While the rest of us have generally been enjoying the sunshine and warm weather for the past few weeks, there has been a permanent cloud over Mountain View, as the storm over Google's capturing of Wi-Fi content with its Street View cars has developed.

That storm now threatens significant reputational damage to Google, not least because dozens of countries are considering initiating criminal prosecutions against it and indeed a number of police investigations have already begun.

On April 22nd 2010, news broke that Google's Street View cars had been surreptitiously collecting Media Access Control (MAC) addresses and Service Set Identifiers (SSID) from Wi-Fi networks as they roamed the planet taking photographs of our houses.

Street View has been contentious enough from a privacy perspective, with many people concerned about the dangers such activity presents, and has been in the headlines frequently. But once it was discovered that Google was capturing Wi-Fi identifiers as well, the controversy snowballed.

Some people don't see the problem - they contend that the data Google was collecting is harmless and that the fuss is all about nothing. As a privacy advocate, one does not have the liberty to be restricted to such a narrow field of vision.

We all need to understand that Google already has an overwhelming quantity of data on a significant percentage of the global population, so having the ability to now marry that existing data with geo-location data gives the search giant even more insight into who and where we are.

We accept that some people really don't care if Google has all this data and information on us, but at the same time many of us do care, many people find it offensive and many people feel they have no control over that data or how it is used.

One can talk about human rights or countless other legislative measures designed to protect our privacy, but at a fundamental level it should be pretty obvious that if you wish to leverage commercial value from private and personal data, it should be done ethically and with consent. This is not because the law states it should, but because it is simple common courtesy and illustrates a level of respect which in turn leads to stronger confidence that such data will not be abused or used inappropriately. One can hardly expect people to trust that data is safe from abuse if the organisations collecting that data are doing so in such an underhanded and clandestine manner. This is not the way to instil confidence and is likely to cause damage to a brand's reputation.

That said, had the collection been limited to just MAC addresses and SSID it is likely that by now the storm would have blown itself out and Eric Schmidt would probably be relaxing by one of his pools marking the incident up as another victory illustrating the strength of his brand.

However, within three weeks the scandal gained new traction when Google admitted via its blog that it had also been soaking up the actual contents of unencrypted Wi-Fi communications with its Street View data sponge.

This was a much more serious issue and it was clear from the disclosure that Google knew this as it immediately apologised, calling the collection an accident. This is significant because intercepting and retaining those communications is in many regions a criminal act, so it was critical that Google attempt to mitigate the situation by denying intent – an important factor in assessing a case for criminal prosecution. We were immediately unconvinced that this activity could have been carried out accidentally and having been involved in large technology projects for the better part of fifteen years, it seemed untenable to me that this “rogue code” could have found its way into the project and been deployed without anyone knowing it was there. Within ten minutes of Google disclosing this information on its blog, we released our response on our web site.

Then on my blog I explained the basic principles of project development and deployment in the IT sector, discussing a number of core stages that such projects would generally go through. It was not a specialised view and I accept that many projects may differ in many ways, but those four core stages of design, development, testing and deployment are pretty much the standard framework for all large-scale technology projects.

With that in mind it is clear to see that at some point this code should have been noticed. At the design stage technical specifications should have been written which would have been used to determine the scope and functionality of the project by the development team. It is absurd to suggest that the development team would then create software outside the boundaries of those specifications. It simply doesn't happen that way and no amount of protest by Google will lead me to believe otherwise.

But even if we give Google the benefit of doubt at this stage, the testing stage of the project would use these same technical specifications to audit the data coming back from their simulated tests. Any data which could not be explained by those technical specifications would raise alarms and be investigated. That is the whole point of testing software before it is deployed - to ensure that it is doing what it was designed to do and that it is stable.

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.