Google and Privacy
A story about Google and privacy on NPR last week caught my attention because it seemed so strange. And now that I know what the real story is, it still seems really strange to me.
Google Map’s Street View function is very cool. It provides street-level camera views of many locations. In Boston, for example, you could type “Prudential Center” in the Google Maps tool, choose “Street View” and then stand virtually in front of the Prudential Center and look around, as though you were actually standing at that spot. You can then (virtually) move in any direction along the street, as though you were traveling in a car. I’ve used the function before visiting new places, trying to find new addresses, to get a sense of what I’ll see when I’m actually there.
To create these street-level views, Google sends people in cars to drive around, video-taping the view at various locations. To facilitate the coordination of the video with actual addresses, the people in the car utilize mobile computing technology to gather GPS information that is then attached to the video. The software that Google used in this project apparently had a feature that captured other kinds data from the airwaves in addition to the data needed to create the street views. In particular, this software sniffed out unsecured wireless networks and captured data such as email addresses, passwords, and IP addresses. After denying that they were capturing such data, Google finally admitted that they were “inadvertantly” capturing it but that the data was never used for any purpose. The data capture was inadvertant because the company was using software that had been developed for other purposes and they simply didn’t realize this capability remained intact.
In Britain, such data capture is illegal. So the story I heard was about the British government deciding whether to fine Google for the “data breach” or not. Instead of fining Google, the British government sought written assurance from Google that they would not engage in such practices again. In addition, the government would like to conduct an audit of Google’s data protection practices. And that, apparently, will be the end of the incident.
I think there are two interesting parts to this story that have not been discussed.
First, there are a ton of wireless networks that are unsecured. What this means is that people set up a wireless network in their house or their business and they don’t encrypt the data that is sent via that network. So all information that is sent on the network can be read by anyone. If you put in a password, it is transmitted in plain text, so anyone (with a sniffer–another type of program, readily available–that’s another post) can read it. If you put in your bank account number, it is transmitted in plain text and anyone (with a sniffer) can read it. In other words, it is a really bad idea to set up an unsecured, unencrypted wireless network. When you buy a wireless router, the setup instructions are pretty easy for setting up a secure, encrypted network. But many people choose not to. I’m not sure why. Of course, it still makes sense to me that it would be illegal to gather private information from unsecured networks. If someone doesn’t lock the door to their apartment, we still think it’s a crime for someone to steal things out of that apartment. It’s the same situation with an unsecured wireless network.
The second thing that I think is interesting about this story is the fact that Google’s software contained functionality left over from some previous project that was unrelated to the current project. This might not seem like a big deal but I’ve seen this in other pieces of software and it is indeed a big deal. A few years ago, Microsoft’s Excel was a hog, using huge amounts of memory and CPU time, far beyond what you would expect given its functionality. I discovered (via the Internet, of course) that the Microsoft programmers had inserted a huge chunk of Microsoft’s Flight Simulator into the Excel code. So if you pressed a bizarre sequence of keys while you were in Excel, you would suddenly find yourself flying a simulated plane, with some of the most realistic graphics available at the time. This is called an “Easter egg.” And here are some instructions for how to get to the Flight Simulator from within Excel. (By the way, I was unable to get this to work on Vista but you can go to Wikipedia to find some documentation of various Easter eggs in Microsoft products.) It was a cool discovery. Most Excel users never knew this functionality existed. And it shouldn’t have existed because it was completely unrelated to spreadsheets. It was (probably) the major reason that Excel was bloated, taking more memory and CPU time than necessary.
So although the story about Google’s privacy breaches is strange, it contains a couple of lessons for the average computer user as well as for software developers. Average user–secure your wireless network! Software developer–resist the temptation to play around as you develop your software.