Blog Post

Dear Google: Even If There Is No Harm, You Fouled Up on Privacy

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The controversy over Google’s collection of personal data via its Street View photo-taking program continues to grow, but the company appears reluctant to acknowledge the full importance of the lapse, saying no harm was done. Although co-founder Sergey Brin has admitted Google “screwed up,” CEO Eric Schmidt said at the Zeitgeist conference in the UK that no one was harmed by the incident, and as such, “No harm, no foul.” Others, however, clearly disagree. The company is facing a class-action lawsuit in Washington and Oregon, two legislators in Washington, D.C. in a letter to the Federal Trade Commission have raised the issue of whether Google’s behavior was illegal, a consumer advocacy group has also complained to the FTC and Germany has begun a criminal investigation.

Google recently admitted that its Street View cars had been collecting data from public Wi-Fi networks — then later admitted that, contrary to its initial statements, such data may have included personal information such as the content of emails and other communications. It also said the data was collected accidentally, and that none of it was ever released or used by anyone. Google has since stopped collecting data from Wi-Fi networks, and says it’s consulting with government and policy groups on the best way to get rid of the information so that users and consumer groups will be satisfied it does so properly.

That said, however, the company maintains that the issue was a simple oversight, and nothing worth getting concerned about. And this isn’t the first time Google has played down complaints about its behavior on privacy. After Buzz was launched and a number of users criticized the company for connecting them with all their email contacts whether they wanted to be connected or not — subsequently publicizing those connections without making it clear they would be public — Google CEO Eric Schmidt told attendees of one conference that the issue was blown out of proportion, that there was no harm caused and that the situation was primarily a result of users misunderstanding the service.

Yet the criticisms aimed at Google have continued. Privacy authorities from 10 countries, led by the Canadian Privacy Commissioner, sent a strongly worded letter to the company last month about its privacy practices. The group said that Google too often had “failed to take adequate account of privacy considerations when launching new services,” and that it needed to build privacy safeguards and controls directly into new products as they were being designed, rather than trying to apply them later.

In addition to the letter from the two U.S. legislators about the Street View data collection, the advocacy group Consumer Watchdog has sent a letter to the FTC asking it to investigate Google’s practices. The group also launched a site called Inside Google to call attention to what it believes are the company’s failings in various areas, including privacy. As the growing furor over Facebook and its approach to privacy has shown, there is mounting concern about social networks and web companies, what kinds of data they’re collecting and how they’re using it. And yet, like a drunk driver who maintains he did no harm because no one was hurt, Google continues to downplay the importance of what was a serious breach of personal privacy.

Related content from GigaOM Pro (sub req’d): Why New Net Companies Must Shoulder More Responsibility

Post and thumbnail photos courtesy of Flickr user Blyzz

This article also appeared on

17 Responses to “Dear Google: Even If There Is No Harm, You Fouled Up on Privacy”

  1. Tim Jeffes

    I would like to understand how a WiFi sniffer is a necessary box on a Streetview car. You don’t accidentally bolt one of these to your data collection system! There was some BS excuse about improving location based services that Google touted. I just don’t buy it.

  2. The house analogy tells us something: you should take reasonable steps to protect what you thing it’s important.
    So if you leave your garage door open and go on vacation, you’re not protecting your house properly. Usually people that care about their house will buy protection systems and all sorts of stuff.

    Now, if you’re don’t want to broadcast data for everyone to listen, then you should at least spend 3 minutes to set up a password in your router.
    Whoever got data grabbed by Google by broadcasting is probably broadcasting it for months or years, compare that to the ~0.2 seconds worth of data that got recorded by Google, if it got recorded at all (the car must have been driving at the right time and location to grab any piece of data).

  3. I just love that establishment “interests” have setup InsideGoogle as a “watchdog”. Below is an excerpt from an interview with Jean Baudrillard, who I believe would have responded to this “watchdog” with comments similar to those which he made in the interview.

    “That is exactly what makes our times so oppressive. The system produces a negativity in trompe-l’oeil [a reference to illusion painting], which is integrated into products of the spectacle just as obsolescence is built into industrial products. It is the most efficient way of incorporating all genuine alternatives. There are no longer external Omega points or any antagonistic means available in order to analyze the world; there is nothing more than a fascinated adhesion. One must understand, however, that the more a system nears perfection, the more it approaches the total accident.”

    • Jean Baudrillard is author of Simulacra & Simulation (which Hollywood relied upon in their Matrix movie trilogy).
  4. The problem is, ANYONE can grab data that’s sent across public unencrypted wifi. I can go download the software myself and drive around until I find unecrypted networks and park myself there and grab all the data. And you’d be surprised at the kind of information I’d get.

    The house analogy doesn’t hold because, to enter someone’s place of residence without permission is in fact against the law (trespassing). Grabbing public radio signals is not illegal (see old arguments by law enforcement about radar detectors and police scanners). Google broke zero laws when it grabbed that data off those public radio signals.

    If people want to be up in arms about privacy they need to understand what they’re talking about before they start crying foul. My issue is that everyone is all upset with Google but no one is educating the consumer about ways to protect their privacy online. To not point the finger at the people who sent unencrypted data doesn’t help the public to realize “hey you need to pay attention to what you’re doing when on a public wifi network!”

    • I agree that the house analogy is less than perfect, Michael. As for whether it’s illegal or not to pull personal information from wireless networks, the law is still unclear, according to the EFF: But illegal or not, it was a mistake by Google to do so, as they have admitted. And arguing that no harm was done — or that it’s not illegal — isn’t going to change the fact that it makes many people uncomfortable. You are right that they bear some responsibility too, but that doesn’t absolve Google of the same.

      • Eo Nomine

        “The house analogy doesn’t hold because, to enter someone’s place of residence without permission is in fact against the law (trespassing). Grabbing public radio signals is not illegal (see old arguments by law enforcement about radar detectors and police scanners).”

        Actually, that depends on where you are. While “grabbing public radio signals” may or may not be a breach of federal wiretap laws in the US, the collection of personal information contained in those signals without the person`s knowledge or consent is CLEARLY against the privacy laws of many countries, including Canada and most (if not all) European nations.

        To overuse the house analogy, I’d say this is akin to walking through an unlocked door into someone`s house and taking random pictures. To then say “well I didn’t steal anything or do anything with those pictures” does not excuse the act of taking those pictures or the accompanying violation of privacy.

      • Jonathan Camenisch

        Actually, it’s akin to walking by on the street and snapping pictures of your house. There’s no “walking through an unlocked door” going on.

    • Dilip Andrade

      Saying that Google didn’t break any laws is a statement fraught with problems. The laws are different in different countries, so they may very well have broken the laws.

      The problem here isn’t that they received the data, but that they stored it. Not only was it stored, it was stored for more than any short period of time from what we can tell. If I’m in a coffee shop having a conversation with someone, I may not have the right to get upset that you overheard what I was saying (and you’re right, if it is confidential I shouldn’t be saying it in public), but that doesn’t mean that you have the right to record it without me knowing about it.

      What we have here is a 3rd party recording information when they are not a party to the “conversation”. Should people be more careful? Of course. Does that excuse Google? No.

  5. It doesn’t matter it if was encrypted or not. Google’s still at fault for collecting it. Just like it’s illegal to wander into someone’s house becuase their doors are unlocked (try telling the judge “well it’s their fault for not locking the door, if they don’t want me in their house the door shouldn’t have been unlocked”) it’s wrong for Google to be collecting unencrypted wifi signals.

    Now, I’m not saying it’s not foolish on the part of the people to not have encyrpted wifi (a lot of people still don’t get this), but their failure to encrypt the signals doesn’t absolve Google, a tech company, of blame for deliberately collecting these signals.

    • Jonathan Camenisch

      Google did not wander into anyone’s house. This data was being broadcast across the air into public spaces. How can that possibly be considered private???

      If I throw sensitive information into my trash and take it out to the curb, it is perfectly legal for you to dig through my trash, find said information, and take it home with you. It makes no difference how ignorant I may be; I have discarded that information and placed it in a public place.

      If you go out and use that information to steal my identity or something, then you’ve broken the law. If you store it in your file cabinet at home, you haven’t. Even if you share it with my enemies, I don’t think you’re breaking any laws. It’s still on me.

      Now Germany’s laws might be different, but I haven’t yet seen any information to that effect.

  6. So explain to me how it’s Google’s fault that people were broadcasting personal data over UNENCRYPTED wifi?

    I see this more as a problem in the public’s education of what exactly PUBLIC means. When you connect to an unencrypted network your data is out there for anyone with the proper tools to view (PS you can download these tools on the internet).

    If people don’t want their personal data going over WiFi where people can see it, then they need to ensure the data is encrypted. It is the user’s job to ensure their privacy to the best of their ability.

    In my opinion Google did nothing wrong here. Now if they had cracked the encrypted wifi to get at that personal information, then my opinion will change.

    • Michael, it’s not Google’s fault that people were broadcasting their data (likely without knowing it). Obviously that’s their fault — but that doesn’t absolve Google of blame in collecting that data. I might criticize you for leaving your door unlocked, but that doesn’t give me the right to help myself to your valuables.