Google's Wi-Fi spygate is its BP moment

Google is under investigation for slurping data from Wi-Fi networks. This may be the leak that brings it to its knees

While it doesn't quite rank up there with dumping hundreds of millions of gallons of crude oil into the ocean while your CEO goes yachting, Google's huge Wi-Fi spying "oops" may become the search giant's BP moment.

To recap: Last month, Google admitted that its Street View vans -- the camera-festooned vehicles that roam highways and byways to capture panoramas of every paved thoroughfare on the planet -- were also slurping up data from unprotected Wi-Fi networks. For three years. All around the globe. Without anyone (including Google) being aware of it.

[ Also on InfoWorld: Is anyone trying to protect your data? Certainly not Facebook or AT&T, as Cringely points out | Stay up to date on all Robert X. Cringely's observations with InfoWorld's Notes from the Underground newsletter. ]

The idea was to use open Wi-Fi nets as location signposts for mobile users -- they're more accurate than cell towers and work better indoors than GPS. The idea was not to also capture data being transmitted along with the locations. But that's what happened.

So Google's data slurping was not intentional. It was, however, incredibly stupid and probably illegal in many of the countries where Google operates. That may now include the United States, if recent data collected by the French National Commission on Computing and Liberty proves accurate.

According to the French, Google may have captured user passwords and email along with the location information. I'm no lawyer, but that sounds like it could be enough to violate multiple state and federal limits on surreptitious data gathering.

It's certainly enough to prompt Connecticut Attorney General Richard Blumenthal to announce a multistate investigation into Google's data collection habits. Hell hath no fury like a passel of state AGs in an election year, especially when their target isn't part of their constituency -- don't expect this to fade into obscurity any time before November.

Unlike, say, the millions of fish, birds, and unlucky humans who were victims of BP's tragic ineptitude, nobody was physically harmed by Google's mistake. We're not even sure they were virtually harmed. And in this case, the victims were at least partially to blame -- they left their networks wide open, though they've certainly got a lot of company in that regard.

(And for that, you can also dump a bucket of blame on the makers of Wi-Fi routers, who could do a lot more to make their products easier for people to use. In this age of Twitter, Facebook, and iPhones, should we really expect consumers to punch 192.168.x.x into their browsers' URL windows and navigate a ridiculously arcane control panel? Hello?)

But what this incident does is shine a hot, white light on the other data Google has been scooping up about all of us since it started in a Menlo Park garage back in 1998: petabytes' worth of data, in almost every conceivable form -- Web searches, calendars, email, shopping transactions, status updates -- and, soon, the shows we watch via Google TV. It's too much data in the hands of one company, one we are all now painfully aware doesn't even know what kinds of info it's been collecting.

Google doesn't have to be evil for people to mistrust it. It just has to be too greedy. It's been there for a while. Wi-Fi spygate is driving that point home to the millions of users who haven't been paying close attention until now.

That's bad news for Google, but good news for the rest of us. A major public smackdown may be the only thing that can quell, if not entirely quench, Google's insatiable thirst for data.

Can Google be trusted? Should Wi-Fi vendors require users to password protect their routers? E-mail me: cringe@infoworld.com.

Tags WiFiGooglemobilitybritish petroleum (BP)securityRobert X Cringely

More about CNNFacebookGoogleNN

1 Comment

Adrian

1

Are the victims to blame when the ISP bundles a low cost wifi router that you CANNOT lock up? How about when the ISP helpdesk tells a non-technical person to perform a master reset and clear all the security settings as the first step in fixing ANY access problem?

Comments are now closed

CoinJar flashes Bitcoin debit card

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
CIO
ARN
Techworld
CMO