Blog Post

How A Minor Google Screwup Turned Into A Privacy Freakout

To get a sense of how overheated the debate over online privacy is becoming, consider the trajectory of a conspiracy-minded article published earlier this week in The Huffington Post. Just two days after the publication of Bob Bowdon’s article-which suggests that the true purpose of Google’s “Doodle 4 Google” art program is to build a giant database of kids’ addresses and Social Security numbers-members of Congress were already proposing an actual hearing on the topic.

Bowdon, who recently directed “a documentary about corruption in American public education,” describes Google’s project-an annual art contest that received 33,000 entries this year-in breathless terms. “A national, commercial database of names and addresses of American children, especially one that includes their dates of birth and SSNs, would be worth many millions to marketing firms and retailers,” writes Bowdon.

Even though Google (NSDQ: GOOG) only collected the last four digits of the SSN-the purpose of which was to knock out duplicate entries-Bowdon notes that it is possible to make guesses about the first five digits, given a person’s date and city of birth, which were also part of the “Doodle 4 Google” form.

Several paragraphs lower, Bowdon notes that his suggestion that Google is participating in any kind of database-building is, in fact, an evidence-free zone. And once contacted, Google explained why it collected the information it did, and stressed that it wasn’t used for any reason other than to conduct the art contest. Recognizing that it probably wasn’t a great idea to collect the info in any case, the company also stopped asking for the last four digits of the SSN, which was more information that it needed to conduct this contest.

But the speed with which the story got picked up raises questions how easily the legitimate concerns over online privacy can be hijacked and turned into scare-mongering. Just hours after Bowdon’s post, New York magazine picked up the story, with this headline: “No Big Deal, But Google May Have Promoted a Contest to Get Kids’ Social Security Numbers.” Not much later, National Journal was calling members of Congress asking what they’re going to do about Google’s collection of personal information from the nation’s innocently doodling children.

The two members of the House of Representatives who are latching onto this, Ed Markey (D-Mass.) and Joe Barton (R-Texas), also pushed for more investigation into last year’s Google WiFi “spying” scandal. Headline-seeking attorneys general in many states have continued to push that issue despite Google’s repeated apologies for2 the accidental data collection, and the FTC absolving Google of wrongdoing.

The remarkable fact about that ongoing scandal is that the only data Google collected was unencrypted data going over public networks. If anything, Google did us a favor by reminding us that public WiFi networks aren’t secure. Any hacker with some rudimentary software can sit outside a coffee shop and collect the data of users at such a location, and possibly use it for nefarious purposes.

That’s not to say that Google and other tech companies haven’t screwed up. A large corporation shouldn’t be trawling WiFi data by accident, and Google was right to apologize for it. And Google should be careful about not collecting more data than it needs, especially in projects unrelated to its core business, like its annual art contest. But in an environment where a minor data overreach like Google’s collection of partial SSNs for contest entrants gets turned into an overheated conspiracy theory, it’s going to be tough to have a serious discussion about what kind of new privacy rules are really needed.

4 Responses to “How A Minor Google Screwup Turned Into A Privacy Freakout”

  1. Some worrying points in your article. How did Google do us a favour by collecting wifi data that is shouldn’t have collected in the first place? And why did it need to collect the full data sets on kids that it chose to purposely collect. Let’s be clear here – Google didn’t collect wifi data or the kids data by accident – therefore it is responsible for ensuring it complies with basic data privacy principles set in law and the privacy expectations of individuals.

  2. Puff piece. There are no privacy concerns. There are only privacy problems. Stop using limp wrist language.

    I advocate early freak out (selectively of course so as not to dilute). It works.