DOCSLIB.ORG

Kurt Ladendorf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Kurt Ladendorf

Kurt Ladendorf

CSC 540

Dr. Lyle Google’s Privacy Infringements

Google has come a long way from its creation in 1998. 3 The company’s name has become a common term for looking for information on the web. But Google isn’t exclusively a search engine provider. Google provides services including e-mail, ad space, and multiple applications such as Google Maps. Google has also acquired multiple companies, including

YouTube for $1.65 billion dollars, and continues to expand their reach.16 Google has become a technology giant raking in billions each year. Money isn’t the only thing Google is collecting.

Google collects something else that is extremely useful and profitable, information. Google’s users reveal a lot about themselves to the company. For example, when a user uses the search engine to find products that they are interested in, Google uses that information to tailor advertisements towards the searched topic. Users are fully willing to divulge copious amount of information to Google, but can Google be trusted with all of this information? Google does not have the best history when it comes to privacy issues. The company has been fined multiple times for violations. The question becomes, should you trust Google with your personal information?

Google has even infringed upon the privacy of people who Google had explicitly told would not be tracked. In August of 2012, the Federal Trade Commission released a statement that, “Google Inc. has agreed to pay a record $22.5 million civil penalty to settle Federal Trade

Commission charges that it misrepresented to users of Apple Inc.’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC”.1 Google had stated that Safari users were automatically opted-out of Google’s DoubleClick policy. 1 Even though Google said that it would not place cookies upon Safari users, Google did. This was not done by accident, Google intentionally placed cookies upon Safari users’ systems. “Google exploited an exception to the browser’s default setting to place a temporary cookie from the DoubleClick domain. Because of the particular operation of the Safari browser, that initial temporary cookie opened the door to all cookies from the DoubleClick domain, including the Google advertising tracking cookie that

Google had represented would be blocked from Safari browsers.”1 This action was a blatant breach of trust by Google to the users of the Safari web browser. Google’s “Code of Conduct” begins with the mantra, ‘Don’t be evil’ and continues on to say “Trust and mutual respect among employees and users are the foundation of our success, and they are something we need to earn every day”.2 Do the actions discussed build trust between users and Google? What about respect? Google’s actions showed a disregard for Safari users’ privacy.

Another one of Google’s products, Gmail, has recently been under scrutiny. G-mail is

Google’s e-mailing service. Microsoft has taken it upon itself to be the whistle blower on

Google’s invasion of Gmail users’ privacy. Microsoft has created an ad campaign that brings attention to Google’s use of e-mail content to sell ads related to topics discussed in e-mails. This can be seen as an invasion of privacy, because Google is collecting information based upon what many users assume is private communication. Google uses “…your Google search queries on the Web, the sites you visit, Google Profile, +1’s and other Google Account information to show you more relevant ads in Gmail”.6 Google pools information from as many of its applications as possible to create a profile of interests about individuals to improve the chances that an advertisement will be successful. Google does limit the content of what ads will be displayed based upon the information collected, “When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health”.4 Google also keeps your personal identity from those purchasing advertisement space, “No email content or other personally identifiable information is provided to advertisers”6. Many people do not like the idea that Google monitors their e-mail conversations. E-mail conversations are commonly thought to be private communication. While a human is not reading e-mails, the idea that advertisements are being sold based upon e-mail content seems like a big brother feel to Google’s products.

Whom can one believe in a situation like this? Both parties, Google and Microsoft, have lots to gain and lose based upon the outcome of this issue. Microsoft’s main goal in this ad campaign is to scare Gmail users, and then console them with the privacy of Outlook,

Microsoft’s e-mail application. Microsoft is doing a service by bringing large attention to the fact that peoples’ personal e-mail correspondences are not as private as people assume and utilized by Google to sell advertisements. Microsoft claims that, “Google does not enable Gmail users to opt out of seeing ads based on the content of emails”.5 This is not entirely true, users can restrict the scope of where these ads will be displayed. There is a Google support page that explains the Gmail ad policy, and there are instructions on how to opt-out of most of the Gmail ads, “you may still see contextual ads based on the message you are reading as well as other relevant ads”.6 This basically says that Google can and will still use the content of your emails, but only while viewing the specific email. This can still be considered an invasion of privacy, and Google may not be releasing all the facts upon how they utilize the data collected from your e-mails. There are legitimate concerns about how Google treats the privacy of Gmail users. If the Microsoft campaign is successful, Google may be forced to change their policy and increase the privacy of users. This will only happen is enough people decide that it is unacceptable for

Google to be selling advertisements based upon their e-mail content, and change their e-mail service. Do you trust Google with the information that is contained in your e-mail?

While Google had vehicles collecting pictures to use in their Street View application, the vehicles were also collecting data from open Wi-Fi networks. Google was collecting this information to help devices determine their location. Many applications today use the location of the device in one way or another. The location of these open Wi-Fi networks is very useful to

Google. Paul Ducklin, a writer for Naked Security, said in an article about Google’s Wi-Fi data collection, “Most WiFi access points stay in one place, and use the same name, for years. So once you know where an access point is, you can pinpoint anyone who is currently within range of that access point“.7 Peter Fleischer, Google’s Global Privacy Counsel, authored a post on

Google’s blog, titled “Greater choice for wireless access point owners”, addressing this technique and said that it is preferred over “…other approaches, like GPS, because it’s faster, it works indoors, and it’s more battery-efficient”.8 But collection of this information to facilitate this method of device location came with consequences. A release by Connecticut’s Attorney

General George Jepsen explained how Google obtained the data. “Equipped with antennae and open-source software, the Street View vehicles collected network identification information as well as data frames and ‘payload data’ being transmitted over unsecured business and personal wireless networks as the cars were driving by”.9 The data collected consisted of network traffic that was occurring, including “…URLS of requested Web pages, partial or complete email communications, and any confidential or private information being transmitted to or from the network user at the time”.9 Collecting this information is a violation of the privacy of the users that were on the network at that time. Michael Liedtke wrote an article for the Associated Press titled “Google grabs personal info off of Wi-Fi networks” about these consequences. According to Liedtke, “About 600 gigabytes of data was taken off of the Wi-Fi networks in more than 30 countries…” 10 Liedtke went on to say that Alan Eustace, a Google executive, said that “some experimental software was being used in the Street View project, and that programming picked up the Web surfing on publicly accessible Wi-Fi networks if the company's vehicles were within range of the signal.”

Eustace continues to say that, “Google only gathered small bits of information because its vehicles were on the move and its tracking equipment switched channels five times a second.”

Google has enough resources to do the research and understand the features and consequences of the software that they used for this venture. Google did not do their due diligence on this software, and the people whose privacy was infringed upon paid the price. Should you trust your personal information to a company that does not review open source software that it is using upon your personal information? What other products has Google not researched and are currently controlling information that Google has collected on your internet browsing behaviors?

In a release by Connecticut’s Attorney General George Jepsen, Jepsen “…announced a $7 million multistate settlement with…Google Inc., over its unauthorized collection of data from unsecured wireless networks nationwide through Google’s Street View vehicles”.9 This agreement goes further than just the monetary fine:

“The agreement also requires Google to: engage in a comprehensive employee education

program about the privacy or confidentiality of user data; to sponsor a nationwide public

service campaign to help educate consumers about securing their wireless networks and

protecting personal information; and to continue to secure, and eventually destroy, the data collected and stored by its Street View vehicles nationwide between 2008 and March

2010”. 9

Google never asked for explicit permission to use the information of the affected Wi-Fi routers, and a used this information for their own monetary gains. Google made the decision that those whom own the routers held no reservation about having this information recorded. Google utilized these routers as a sole means to create an advantage for their devices that would result in monetary gain for Google. Once Google had been caught and fined, Google added a way to opt- out of this: Google, according to Fleischer’s post, allows router owners to opt-out by “…

[changing] the wireless network name (or SSID) so that it ends with “_nomap “. This seems like a very simple and easy solution, but it is a calculated attempt by Google to continue their Wi-Fi location method with minimal reduction in participation. An article by Lisa Vaas, a writer for

Naked Security, titled “Google controversially forces users to opt-out of Wi-Fi snooping” presents a question about the feasibility of this opt-out method.11 What if another company decides to create another method for opting out, or into, of a service for routers? There is nothing holding that company to follow the convention that Google has arbitrarily established.

Also, the Wi-Fi devices that were recorded were open Wi-Fi devices. If the owners of the Wi-Fi devices had not configured the routers to be protected, and in some cases have not even changed the SSID of the device, how likely are they to add the “_nomap” ending to their SSID? The

“_nomap” solution is an ingenious ploy by Google. Google gets to have its cake, apologizing and regaining public goodwill, while eating it too, continuing to use the Wi-Fi location method.

Does this seem like it follows the mantra of “Don’t be evil”? Hopefully there is some benefit to come out of this quagmire. Some people will be educated on how to properly configure their

Wi-Fi routers, and become more aware of how internet companies utilize their personal data. The collection of information from Wi-Fi networks was a large violation of privacy. Google has created a solution that does give Wi-Fi network owners a way to opt-out, but the solution has multiple problems and is very beneficial for Google. Will this incident change how Google operates, or will Google continue with business as usual?

Google’s new privacy policy is under scrutiny by the European Union. An article titled

“EU tells Google to make its new privacy policy clearer and giver users easier opt-out” by Lisa

Vaas of Naked Security reported that Google released a new privacy policy on March 1, 2012.12

This new privacy policy combines “…60+ separate policies into one and pooling data collected on individual users across its services, including YouTube, Gmail and Google+”12. The

European Union data regulators contacted Google with concerns about the new privacy policy.

The combination of privacy policies is very important to Google, because it allows Google to pool the information collected from all of its applications to improve the relevancy of targeted advertisements. Improving the relevancy of advertisements could result in more advertisement clicks and thus higher profits for Google. Because of the monetary incentive, Google will contest the European governing bodies as much as possible to avoid changing the policy. Vaas refers to an article by Sarah Dilorenzo, an AP business writer, saying that the main issues the

European Union has with Google’s new policy is that the explanation of how data will be collected and utilized is vague, opting out of data collection is difficult, and “Google doesn’t always say how long it will hold onto data”.12 According to Eric Pfanner of the New York

Times, at least six European investigations are taking place as of April 2013.13 Pfanner says that having multiple different investigations “…reflects the reality that privacy laws are fragmented across the European Union, giving Google little incentive to yield”13. This is another prime example of Google infringing upon users’ privacy. It is important that government agencies, and users alike, push for protection of people personal information and privacy. This is an ongoing story, and whether or not Google will face consequences from any of these investigations will be interesting to see and is very important to millions of peoples’ privacy.

Buzz was an attempt at social networking by Google. Paul Ducklin of Naked Security authored an article in November of 2010 about the results of Google Buzz. Ducklin writes,

“Buzz is a Gmail application, premiered in February 2010, which drew the ire of those concerned about privacy.”15 Buzz had some misguiding elements, according to a release by the

Federal Trade Commission:

Although Google led Gmail users to believe that they could choose whether or not they

wanted to join the network, the options for declining or leaving the social network were

ineffective. For users who joined the Buzz network, the controls for limiting the sharing

of their personal information were confusing and difficult to find …On the day Buzz was

launched, Gmail users got a message announcing the new service and were given two

options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.” However, the FTC

complaint alleged that some Gmail users who clicked on “Nah...” were nonetheless

enrolled in certain features of the Google Buzz social network. For those Gmail users

who clicked on “Sweet!,” the FTC alleges that they were not adequately informed that

the identity of individuals they emailed most frequently would be made public by default.

Google also offered a “Turn Off Buzz” option that did not fully remove the user from the

social network.14

Users were not properly informed about the consequences of the choice that was presented to them. Google should not have automatically enrolled people into Buzz, especially when they have declined to even explore the features of the product. The fact that it is a default option to release the identity of other users that one sends e-mails to is a large invasion of privacy, for both the sender and receiver of the e-mail. The backlash to these privacy violations came in the form of a class action lawsuit.15 Ducklin reports that Google “…will stick U$8.5 million into an independent fund to "support organizations promoting privacy education and policy on the web".EN15 While this is not a crushing blow to the financials of Google, hopefully this money will fund programs that will successfully educate users. The Federal Trade Commission also “…bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years”14

Hopefully this agreement will help to prevent, catch future privacy violations, and impose higher fines. This agreement has already resulted in fines for Google from the Federal Trade

Commission; the Safari incident discussed earlier. Buzz has been discontinued by Google.

Google is a large company that has collected lots of information on how their users use

Google services. The way Google has used this information has come into question over the years. From Gmail using e-mail content to sell relevant advertisements to collecting data from open Wi-Fi routers, Google has shown a lack of regard toward the issue of privacy. These incidents need to be considered by every Google user. Users should ask themselves if the use of

Google services is worth the price of their privacy. Users also have to question whether or not they trust Google to safely store and utilize their information in accordance with Google’s own privacy policy, which Google has blatantly disregarded in the past. Users should review the privacy settings upon their account. Ultimately users should show their approval or disapproval of Google’s privacy related actions by voting with their use of Google products. These past and ongoing events show a pattern of behavior that brings a question to mind. Can Google ever be trusted again? Sources 1 – “Google Will Pay $22.5 Million to Settle FTC Charges it Misrepresented Privacy Assurances to Users of Apple’s Safari Internet Browser” Federal Trade Commission, 8/9/2012 http://www.ftc.gov/opa/2012/08/google.shtm Web. Accessed: 4/26/2013 2 – “Code of Conduct” Google 4/25/2012 http://investor.google.com/corporate/code-of- conduct.html Web. Accessed: 4/26/2013 3 – “Our history in depth” Google No publish date given. http://www.google.com/intl/en/about/company/history/ Web. Accessed: 4/26/2013 4- “Privacy Policy” Google 7/27/2012 http://www.google.com/policies/privacy/ Web. Accessed: 4/26/2013 5 –“Don’t get Scroogled by Gmail” Microsoft 2/6/2013 http://www.microsoft.com/en- us/news/press/2013/feb13/02-06Gmail.aspx Web Accessed: 4/26/2013

6 – “Ads in Gmail” Google 3/29/2013 http://support.google.com/mail/answer/6603?hl=en Web. Accessed 4/26/2013

7 –Ducklin, Paul “Australian Privacy Commissioner lays the hard word on Google as WiFi data capture saga continues” Naked Security 8/8/2012 http://nakedsecurity.sophos.com/2012/08/08/aussie-privacy-commissioner-lays-the-hard-word- on-google/ Web. Accessed 4/26/2013 8 – Fleischer, Peter “Greater choice for wireless access point owners” Google 11/14/2011 http://googleblog.blogspot.com/2011/11/greater-choice-for-wireless-access.html Web. Accessed: 4/26/2013 9 –“Attorney General Announces $7 Million Multistate Settlement With Google Over Street View Collection of WiFi Data” Connecticut Attorney General 3/12/2013 http://www.ct.gov/ag/cwp/view.asp?Q=520518&A=2341 Web. Accessed: 4/26/2013 10 –Liedtke, Michael “Google grabs personal info off of Wi-Fi netwroks” Associated Press 5/14/2010 http://web.archive.org/web/20100528181755/http://finance.yahoo.com/news/Google- grabs-personal-info-apf-2162289993.html?x=0 Web. Accessed 4/26/2013 11 –Vaas, Lisa “Google controversially forces users to opt-out of Wi-Fi snooping” Naked Security 11/17/2011 http://nakedsecurity.sophos.com/2011/11/17/google-forces-opt-out-wi-fi- snooping/ Web. Accessed: 4/26/2013 12 –Vaas, Lisa “EU tells Google to make its new privacy policy clearer and to give users easier opt-out” Naked Security 10/16/2012 http://nakedsecurity.sophos.com/2012/10/16/eu-tells- google-to-make-its-new-privacy-policy-clearer-and-to-give-users-easier-opt-out/ Web. Accessed: 4/26/2013 13 –Pfanner, Eric “Google Faces More Inquiries in Europe Over Privacy Policy” The New York Times 4/2/2013 http://www.nytimes.com/2013/04/03/technology/google-to-face-national- regulators-over-privacy-policy.html Web. Accessed: 4/26/2013 14 –“FTC Charges Deceptive Privacy Practices in Google’s Rollout of Its Buzz Social Network” Federal Trade Commission 3/30/2011 http://www.ftc.gov/opa/2011/03/google.shtm Web. Accessed: 4/26/2013 15 –Ducklin, Paul “Buzz over Google’s $8.5 million lawsuit settlement” Naked Security 11/3/2010 http://nakedsecurity.sophos.com/2010/11/03/buzz-over-google-lawsuit-settlement/ Web. Accessed: 4/26/2013 16 – “Google to Acquire YouTube for $1.65 Billion in Stock” Google 10/9/2006 http://googlepress.blogspot.com/2006/10/google-to-acquire-youtube-for-165_09.html Web. Accessed: 4/28/2013

Load more

Recommended publications