So, you know when Google's Street View cars, the ones taking photos down every street, were also accidentally scooping up people's unencrypted Wi-Fi traffic? Turns out the engineer who wrote the software did it deliberately, and his boss knew he did. I for one am not the least bit surprised. Google is, at its heart, a software research, development and engineering company that's built and operates one of the biggest and most complex set of computer systems on the planet. It has done so by hiring the smartest people it can find, paying them well above industry rates and letting them, for 20% of their time, play and tinker about with whatever they like. When you start typing in the words you want to search for on your laptop, Google reminds you about similar things you've searched for previously -- no matter where on the planet you're connecting from. The results are tailored to your personal interests as indicated by previous searches, the contents of your Gmail, your current location, the websites you visit and whatever else they know about you. Instantly. If you then start typing the same search into your Android phone, Google suggests the search you've just done on your laptop. Or just speak the words into Google Voice Search and your speech is decoded pretty damn accurately. Instantly. Google does all this and much, much more for a billion-plus internet users. It provides email for 350 million Gmail users. It does all of this globally with very, very few outages day in, day out. Do you imagine all this could happen if random, unknown pieces of program code "accidentally" found their way into operational systems? As reported in the LA Times and elsewhere today, the US Federal Communications Commission's investigation indicates that Google may have gotten off lightly. So far ...
"The engineer who intentionally wrote the software code that made it possible for Street View cars to capture emails, passwords and other data from unprotected wireless networks told fellow engineers and a senior manager that he had done so, according to the report."
Google had wanted to keep the report secret, but caved in:
"We decided to voluntarily make the entire document available except for the names of individuals," Google spokeswoman Jill Hazelbaker said in an emailed statement. "While we disagree with some of the statements made in the document, we agree with the FCC's conclusion that we did not break the law. We hope that we can now put this matter behind us."
As the LA Times puts it, the engineer was:
"... interested in collecting data from unencrypted wireless networks to see if the data could be used in Google's other products and services ... "The engineer weighed privacy concerns but dismissed them because the vehicles would not be near 'any given user for an extended period of time' and because none of the data gathered would be presented to users of Google services in raw form, the report says. He did note as a 'to do' item that he should discuss the matter with a product counsel, it says."
Didn't he think that Google itself looking at private data was a breach of privacy? Didn't he think that a breach, even a little one, is still a breach? Sometimes it really does feel like Google considers itself to be in a privileged position it simply does not have. And checking the legal and ethical status of your actions is an afterthought? What sort of corporate culture does that indicate? As I wrote in a 2010 Crikey Clarifier, in Australia such Wi-Fi sniffing is illegal:
"Under the Cybercrime Act 2001 it's illegal to access computer data without authorisation even if, in effect, the door is wide open -- just like walking into your house is still trespassing and illegal entry even if the door is unlocked. It could also constitute an illegal communications intercept under the various state and federal acts."
Our private information is the currency with which we pay for Google's services. Despite the massive costs of providing those services, they still turn a profit of about $10 billion a year. When the currency is measure in dollars, we don't jot down "Is this legal?" as a to-do item for later. The same needs to happen when the currency is data that provides a detailed map of our personal lives. And as I wrote for ABC The Drum, also in 2010:
"'Do no evil' is, after all, only Google's unofficial motto. When it comes to actual corporate policy, the closest is point six of Our Philosophy: Ten things we know to be true. 'You can make money without doing evil.' As it stands, that's merely a hypothesis about the world, not any kind of commitment. And the very next words are 'Google is a business'. "And that raises the most important question of all. What assurances do we have that some time in the future, when founders Sergey Brin and Larry Page have moved on and their personal views are long forgotten, that point six is quietly dropped?"
The FCC report says this engineer told fellow engineers and a senior manager that he was recording the private Wi-Fi data. Who else knew? And why did no one stop it happening? Is this Google's News of the World moment?