in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption: Google Engineer At Center of WiSpy Meant To Collect Data

Last week, I had offered some observations on Google's problems with their "WiSpy" case.  Since then, of course, more revelations have been brought forth, such as the name of the Google engineer who's at the center of the controversy.

It's quite obvious now that, contrary to Google's claim, the collection of personal data in their Street View project was not "accidental."  From cnet.com:

The FCC speaks of a rogue engineer who deliberately wrote code to collect the data, and the agency questions whether the employee's colleagues and managers knew, or should have known, about the code. Among the claims made by FCC investigators in the full document, as reported by the Times:

  • The engineer told two colleagues, including a senior manager, about the code.
  • The engineer also distributed to the Street View team a document that said the data collection would take place.
  • A senior manager said he had preapproved the document before it was written; Street View managers said they hadn't read the document; and a colleague recalled receiving the document but didn't remember any reference to such data collection.
  • A different engineer, who worked on a line-by-line debugging of code for the Street View project, said he didn't see the data-collection code.
  • Engineers on the project told the FCC they weren't required to get approval from project managers before modifying the code.
  • The rogue engineer was working on Street View only as a side project and was interested in collecting the data to see if it could be used in other Google products. He dismissed privacy concerns because the Street View cars wouldn't be near "any given user for an extended period of time" (though he made a note to discuss the issue with a product counsel).
  • The engineer reviewed the data at least once for info on frequently visited Web sites, thinking the data could help Google's search team. But when a member of the search quality team said such data had no value, the engineer dropped the idea.

The FCC also accuses Google in the report of holding back an e-mail that discussed the engineer's review of data with a senior manager on the project, the LA Times reports.

Does this in any way change the position that I held last week?

Nope.  What happened is, obviously, legal in the US (but not so in other parts of the world).  Did Google "do evil"?  I still don't think so.  At least, I don't think there was any evil intent behind the collection of data.

Was it a stupid move?  Yeah, it was.  This part is especially galling:

He dismissed privacy concerns because the Street View cars wouldn't be near "any given user for an extended period of time" (though he made a note to discuss the issue with a product counsel).

In other words, an extremely smart guy took such issues into consideration and then just waved them away like so many flies without actually looking into the situation.

But you know what?  To me, it's still understandable.  Prior to my own research into European privacy laws I, too, would have assumed that collecting such data was not illegal based on the circumstances.  On the other hand, even with that assumption, I'd probably have consulted with the legal department knowing that the project would be global in its scope.  And, if your reasons are pure, you tend to think that no harm will come of it.

What's not understandable is how Google can claim that this is the job of one engineer and that no one had no idea it was going down.  If he had put in the effort to hide what he was doing, maybe such a tale wouldn't sound outlandish.  But that's not what happened; he was very forthright about collecting data.  The engineer appears to have sent communiqués on what he was up to.  No one, absolutely no one, read his missives?

Whatever the facts may be, Google must excuse the public at large for doubting the company's claims of innocence.  Like many of its products and services, the claim is just too convenient.

PS - As an aside, the recent goings-on remind me of Seth Godin's lecture at Google.  If you watch the video, at around the 6:00 mark, Godin talks about an incident he had in New York:  He was walking around in a Google shirt, and some lady selling peaches wants to know whether he works at the company, and tells him that Google is her friend.  Godin is forced to admit that "nobody cares about you (your brand)...but people care about Google."

But, he notes, "if you blow it just a few times in a row, they won't care about Google anymore."


Related Articles and Sites:
http://economictimes.indiatimes.com/tech/internet/marius-milner-engineer-who-scooped-up-personal-data-from-googles-street-view-project-identified/articleshow/12948400.cms
http://www.baltimoresun.com/business/sns-rt-us-google-engineerbre83s0bq-20120429,0,7788495.story

 
<Previous Next>

Data Encryption Software: Accretive Health Asks Court To Throw Out MN AG Lawsuit

Big Data: ICO Aggregating Data To Fine Private Sector

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.