Google admits it is in breach of UK data privacy

The BBC has reported that “Google has admitted that it had not deleted users’ personal data gathered during surveys for its Street View service. The data should have been wiped almost 18 months ago as part of a deal signed by the firm in November 2010. Google has been told to give the data to the UK’s Information Commissioner (ICO) for forensic analysis”.

When it was originally reported that Google had obtained private data from unsecured wireless networks whilst it was gaining images and spatial data for Street View, the company said it was a mistake and agreed to delete the data by the end of 2010.  However, Google has now contacted the UK’s Information Commissioner to say that not all of these data have been destroyed, asking what it should do with it.

As the BBC continued to report “Possessing data that should have been deleted ‘appears to breach’ the undertaking Google signed in November 2010, said the ICO in a statement. ‘The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern,’ it added”.

Digital Wars by Charles Arthur – excellent new book

Rarely do I use my blog to write book reviews, but rarely do I enjoy books as much as Charles Arthur’s new Digital Wars: Apple, Google, Microsoft and the battle for the Internet.  Not only is this highly informative, but it is extremely well written. I used every spare moment – in other words take offs and landings on recent flights, when laptops have to be switched off – to read it!  He somehow manages to craft an exciting thriller out of what could have been written in a very arid and boring way – the recent history of Apple, Google and Microsoft.  This really excellent book builds on Arthur’s journalistic work over the last 25 years, and combines deep insights about the evolution of these companies with fascinating interviews with people who have been involved from the inside in their evolution.

Digital Wars begins with accounts of some of the key personalities involved – Bill Gates, Steve Jobs, Larry Page and Sergey Brin.  His story then kicks off with Steve Ballmer’s elevation to CEO at Microsoft, and the aftermath of the Antitrust trial, which Arthur sees as having had an enormous effect on the company.  At a rapid pace, the book is then structured around four themes:

• development and control of “search” – seen primarily as a conflict between Google and Microsoft
• the innovative shaping of a digital music industry, in which Apple outplayed Microsoft
• the creation of smartphones
• the emergence of tablets

This book is a “must read” for anyone who really wants to understand some of the changes that have taken place in the ICT industry over the last 15 years.  In some ways, the book can be read as being about the demise of Microsoft, and the rise of Google to be the lead player in search, and Apple the dominant force in digital music (iTunes) and top-end telephony (iPhone).  However, it is much more than this.  Arthur manages to weave into the text fascinating insights into leadership, the ways through which small individual decisions – both good and bad – can shape the future of whole corporations, and the ebb and flow of recent corporate takeovers.

Do get hold of a copy and read it.  There is much to be learnt about the past from Digital Wars to help us shape the future.

Google and Facebook: privacy and security

I have long been critical of Google, but two thing have recently begun to make me begin to think again.  First, they have developed an amazing App – Google Translate!  Whilst the translations are by no means perfect, the idea behind the App is brilliant.  At its best, you can speak the phrase that you want translated, and the App will then give you a translation in more than 60 different languages, all as text and some as a sound file.  Using such software, someone can speak a phrase in Indonesian and then the App will translate it so that someone else can hear the phrase in Portuguese or Russian or Czech.  This is really beginning to use the potential of mobile technologies to help people from many different backgrounds communicate with each other.

However, this is not the main purpose of this note.  Anyone who uses Google software cannot but be aware of the changes to Google’s privacy policy that are due to come into force on 1st March.  This is the important thing – Google, for a change, appears to be trying to be much more open than ever before in explaining the reasons why it is adopting new privacy policies.  As they say, “We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google”. In clarifying the reasons for this, Google claims that it will make it easier to work across Google, it will be tailored for users, it will be easier to share and collaborate, that its fundamental principle of protecting user privacy has not changed, and that it helps users understand how Google uses their data.

Google has five core privacy principles:

1. “Use information to provide our users with valuable products and services.
2. Develop products that reflect strong privacy standards and practices.
3. Make the collection of personal information transparent.
4. Give users meaningful choices to protect their privacy.
5. Be a responsible steward of the information that we hold”.

However, are these principles really as sound as they at first sight appear?  Google’s profits have been built around the fundamental notion that it encourages consumers to give information to the company that is of considerable value to Google  in exchange for ‘free’ services, such as the world’s best search engine, e-mails and document sharing.

An alternative perspective is offered by those who see this as a deliberate move to combine information about individuals from across the platforms that it now owns, and use this to generate even greater profits.  As the BBC has commented, “Critics have hit out at Google’s decision to merge personal data from YouTube, Gmail, search, social network Google+ and dozens of other services”.  As the BBC report goes on to note, “Data is a hugely valuable commodity as firms seek ways of making money from users’ web habits with ever more targeted adverts”.

It is not only Google, though, that is combining aspects of its various services, and the information it gleans from them.  As the competition between Google and Facebook hots up, Facebook is also combining the different data it holds about people.  Again, as the BBC comments “Facebook is also moving to merge people’s data, with tweaks to how user information is displayed. Its new feature, Timeline, shares users’ past history on the site in a more readable way. While it does not expose any more information that was previously available on its traditional profile page it does makes it easier to view older posts. Currently the system is voluntary, but Facebook is making it compulsory”.

The forthcoming IPO (initial public offering) of Facebook provides an interesting opportunity to reflect on the balance of power between the top valued companies that have built their businesses on the technologies of the Internet, and an apparently endless desire by people to find out about each other and share information about themselves.  A recent report by Keith Woolcock in Time Business captures this well: “The upcoming IPO of Facebook, the flak surrounding Twitter’s decision to censor some tweets, and Google’s weaker-than-expected 4th-quarter earnings all point to one of the big events of our times: The crazy, chaotic, idealistic days of the Internet are ending. Once, the Prairies were open and shared by everyone. Then the farmers arrived and fenced them in. The same is happening to the Internet: Apple, Amazon and Facebook are putting up fences — and Google is increasingly being left outside. The old Internet on which Google has thrived is still there, of course, but like the wilderness it is shrinking. Often these days, we sign up for Facebook or Amazon’s private version of the Internet. At other times, we use a smartphone and download an App instead of using Google search. Investors are already placing their bets on who the winners of the new Internet will be: Over the past five years Amazon’s shares, despite their recent fall, have risen 370%. Apple’s are up 438%. Google’s, meanwhile, have merely risen by 17% in all that time.  It is still the early days of this long-term trend, but my hunch is that this gap in performance will widen over the coming year — and that Google’s long slow decline has already begun”.

Perhaps I should start feeling sorry for Google after all.  At least I began this blog by encouraging people to start using their great translation App!  Ultimately, though, we should all reflect a bit deeper on what it is we are giving away for free when we sign up for a service that is free for us to use.  We should all also be much more careful about just how much information about ourselves we make available publicly – just in case one day we regret the profit that others have made out of it!

Google and privacy

I am often criticised for my concerns over Google’s ethical claims. Most people seem to like the apparently ‘free’ services that the company offers, and are not greatly concerned about the implications of sharing private information with a corporate giant that claims to do no evil.  I was therefore very pleased to see a report yesterday on the the BBC’s news site that Google is to be audited over privacy concerns relating to its social network Buzz.  Highlights of the article noted that:

• “Google will be subjected to independent privacy audits for the next 20 years over charges that it “violated its own privacy promises”.  The US Federal Trade Commission (FTC) said that the search giant wrongly used information from Google Mail users last year to create its social network Buzz”
• “When companies make privacy pledges, they need to honour them,” said Jon Leibowitz, chairman of the FTC. “This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations.”
• “Buzz’s launch in February 2010 came under heavy criticism from users. According to Google, the system was designed to bring together members’ personal and private lives. One widespread complaint was over a feature that allowed it to publicly list other Gmail contacts a user was most frequently in touch with. While this feature could be turned off, the default setting was to leave it on – potentially revealing a user’s contact with an ex-spouse, employer or similar.”
• “The FTC said “deceptive tactics” were used to populate the network with personal data gained from use of Gmail, and that when users were given the change to opt-out of Buzz, they were still enrolled in some of its features”
• “The FTC said Google violated its privacy policy which stated: “When you sign up for a particular service that requires registration, we ask you to provide personal information.”
• “Reflecting on the latest settlement, Alma Whitten, Google’s director of privacy, product and engineering, said: “We’d like to apologize again for the mistakes we made with Buzz. “While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.”

In another recent report from the BBC, it is also interesting to note that the US Department of Justice has approved a New York court ruling that blocked an agreement between Google and publishers over the publication of books online.  As the report noted, “An agreement between Google and publishers over the web firm’s publication of books online has been blocked by a US court. The web giant has scanned millions of books and made them available online via its eBooks platform. Google had negotiated the deal to settle a six-year-old class action suit claiming infringement of copyright. But the New York court said the deal would “simply go too far”, giving Google an unfair competitive advantage”.

UK government set to re-examine Google’s infringements of privacy

Great to see the announcement reported by the BBC that Britain’s privacy watchdog is to re-examine the personal information that Google has gathered from private wi-fi networks.

As the BBC article commented, “The Information Commissioner’s Office had investigated a sample earlier this year after it was revealed that Google had collected personal data during its Street View project. At the time, it said no “significant” personal details were collected. But Google has since admitted that e-mails and passwords were copied. … Google’s admission of more detailed data has prompted further action by the ICO. “We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers,” a spokesman said.‬ Google’s director of privacy Alma Whitten said the company would work with the ICO to answer its “further questions and concerns”.”

Many popular Android apps share location and unique identifiers with advertisers

A recent report on the BBC website notes a study by researchers from Intel Labs, Penn State and Duke University which shows that “Some of the most popular apps written for Google’s Android phones do not tell users what is done with data they gather… . Half of 30 applications studied share location information and unique identifiers with advertisers”. Two-thirds of these popular third-party apps showed suspicious handling of personal data.

Information from the ‘phones was sent to advertisers without the users being told that data was being shared with them.  As the BBC report goes on to note,  “Some apps gathered and despatched location information even when an application was not running and some sent updates every 30 seconds.”

Whilst users should always be wary of downloading any apps that they do not necessarily trust, this seems to be yet another example of Google not being the fully trustworthy company that it would like people to believe it is.  It would be a relatively simple matter to ensure that all users are automatically warned about this when software is downloaded. As the researchers conclude, “Android’s coarse-grained access control provides insufficient protection against third-party applications seeking to collect sensitive data”.

This is definitely a powerful reason why Android ‘phones should be avoided, and once again raises serious concerns about Google’s lack of ethical probity.

Glitch with using Google Mail View – be warned!

Wow – managed to track down an elusive error!  Has anyone else come across this glitch? Guess they must have….

A colleague was transferring data from a large number of .doc forms completed in Microsoft Word into an Excel spreadsheet, and instead of downloading the .doc files, simply opened them in Google Mail’s View function.  However, the data ‘appeared’ different to what was shown when the files were downloaded and opened in Word – so, most of the figures incorporated into the spreadsheet were actually wrong.  Basically, Google View represented the figures  incorrectly.

The problem seems to have been because the forms on the original .doc documents had been completed using drop-down menus, and therefore that the View function did not pick these up correctly.  There was no way of knowing that the figures were wrong, unless the original files were actually opened and checked.  I wonder how many other people have therefore incorporated incorrect data into their work as a result of this glitch?

So, don’t rely on Google Mail’s View function if your document includes such things as drop-down menus!  Just wondering, is this actually a subtle way of Google trying to undermine Microsoft?

Google waves goodbye to Wave

So perhaps Google is not so all-seeing and all-wise after all.  After a year of dismal take-up, Google has decided to stop developing Wave as a stand-alone product according to Urs Hölzle (Senior VP Operations and Google Fellow) in an update on Google’s official blog on 4th August 2010.

Wave was launched in 2009 with a great fanfare – and was described by Google at the time as “how e-mail would look if it were invented today”.  In essence, it combined e-mails with instant messaging and features to allow people to collaborate in real time on documents.

However according to Urs Hölzle on Google’s blog, “Wave has not seen the user adoption we would have liked. We don’t plan to continue developing Wave as a standalone product, but we will maintain the site at least through the end of the year and extend the technology for use in other Google projects”

For other reports:

• BBC Report on 5th August 2010

Google admits that its Street View cars collected WiFi information

The Guardian newspaper reported yesterday that “Google has been accidentally gathering extracts of personal web activity from domestic wifi networks through the Street View cars it has used since 2007”.

Can anyone really believe that Google did this by accident? The ‘discovery’ was made because Germany’s data protection authority demanded an audit of Google’s data. As the Guardian report continued “As well as systematically photographing streets and gathering 3D images of cities and towns around the world, Google’s Street View cars are fitted with antennas that scan local wifi networks and use the data for its location services”.

This is a clear invasion of privacy, and is absolutely typical of Google’s cavalier attitude towards the ways in which ICTs have transformed our approaches to what can be deemed ‘public’ and ‘private’ information.

Google’s blog on the 14th May, included a statement by Alan Eustace, Senior VP, Engineering & Research who commented that “Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect. In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products”.

Google went on to say that this was quite simply a mistake: “So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data”.

The point is that mistakes do happen; no digital system is entirely secure.  This is one of the reasons why they should not be collecting such data in the first place!  If they make mistakes such as this, how can anyone believe them when they say that they are not using the data?  They use all other data that they collect, such as information from searches on Google, and the e-mails people send using Google mail!

Eustace concluded by saying what Google would do about this incident: “Maintaining people’s trust is crucial to everything we do, and in this case we fell short. So we will be:

• Asking a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that we deleted the data appropriately; and
• Internally reviewing our procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future…

The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake”.

Google have not had my trust for a very long time.  Yes, they have a great search engine – but they should stick to that, and stop “ogling” at us in other ways!

It is also a timely reminder for those who do not protect their WiFi networks, that they should indeed do so with robust passwords!

Other reports on this announcement include:

• Times online
• v3.co.uk

Go and ogle in Southampton and beyond…

Having just posted my last reflection on “Go, ogle”, I was in Southampton on Sunday and there it was – “Ogle Road”! This must be where the Google camera van/car/snowmobile/tricycles hang out when it’s dark and they cannot take the photos that their ‘masters’ want.

It did, though, also make me reflect further on the ethical issues surrounding Google’s Street View ‘technology’.  Much has already been written about this, but with the advent of Google’s 4th generation cameras that take near-HD quality images, and continuing debate in the EU about privacy issues associated with Street View,  for which we should all be grateful, it is worth once again highlighting some of the issues that this raises.

A recent report by Claudia Rach for Bloomberg Businessweek has some interesting comments from Michael Jones, Google’s chief technology advocate and founder of Google Earth:

• “I think we would consider whether we want to drive through Europe again, because it would make the expense so draining”
• “I think that privacy is more important than technology but for privacy people it is only about privacy but for us it is also about technology”

The first of these was partly in response to the suggestion that Google should only keep unblurred images for 6 months instead of a year.  Again, quoting from Rach’s report, Peter Fleischer, a Google lawyer in charge of privacy issues, said  “The need to retain the unblurred images is legitimate and justified — to ensure the quality and accuracy of our maps, to improve our ability to rectify mistakes in blurring, as well as to use the data we have collected to build better maps products for our users”.  This means that Google keep all this information unblurred on their servers – which, of course, means that Google and its relevant employees have access to it.  What happens when someone hacks into this information, or a government asks for it in connection with some important state ‘need’?

Jones’ second comment above is indeed surprising.  There is little evidence that Google has ever put privacy above technology.  Its technological prowess has been at the forefront of raising new ethical questions – one of which is indeed about privacy.

So, just to add to the debate, I thought I would come up with a list of ten interesting uses for Street View:

• for car thieves wanting to plan where to steal particular brands of car to order – just look on people’s drives
• for double glazing companies (or for that matter firms offering to redo your drive) to target individual houses that might be ripe for marketing – individualised targeted mailings
• for revolutionaries (or what governments in capitalist countries call ‘terrorists’) to decide where best to plant explosive devices to cause maximum damage
• for people wanting to reconstruct buildings on streets that have been destroyed by earthquakes (or other such disasters) – you can see how it looked a year ago
• for burglars wanting to find the quickest getaway having robbed a property (see Phil Muncaster’s summary on v3.co.uk)
• for recognising what your friends were doing when the Google car passed – yes, of course you can recognise people even with their faces blurred
• for checking out those naked sunbathers
• for finding exactly what that pub that your friends took you to last night looks like in the daylight when you can’t remember where it is
• for checking out what the holiday villa you are thinking of booking really looks like
• and as findaproperty says, “With the panoramic street level photographs you can get a feel for the property, its location and neighbourhood, before visiting it – which saves you a lot of time and means you don’t have to decided whether you want to view a property based solely on the description of the area as provided by the estate agents” – ah, isn’t that nice…