Google Apologizes For Collecting Too Much WiFi Data—And Then Gives Up

Written by Frank Hayes
May 17th, 2010

Pushing the envelope is risky, but no one makes any progress without doing it. Google rediscovered that reality when it had to apologize this week after accidentally capturing a lot more WiFi data than it intended for the Street View feature of Google Maps. The upshot: The search giant has now decided to end its entire WiFi survey. And that’s exactly the wrong lesson to learn from an incident like this.

Consider Amazon, which stumbled when it first let customers look inside the books it sold. It turned out customers could easily sidestep security mechanisms and copy large chunks of the books. Or think about Target and Starbucks, which learned last week about the data dangers of moving into mobile gift cards. When a technology is young, problems and mistakes happen. In fact, they’re necessary to shake out weaknesses and sharpen advantages. The answer isn’t to abandon the effort. It’s to patch it, learn from the experience and move on.

And Google? The company managed to mistakenly collect 600 gigabytes worth of data fragments from unencrypted WiFi networks. According to Google Engineering VP Alan Eustace, “In 2006, an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software–although the project leaders did not want, and had no intention of using, payload data.”

Got that? Google made its big mistake three years ago. It didn’t discover what it had done until a German privacy agency asked for an audit of what the Street View cars collected. The company says it never used the data in any Google products. None of it was ever visible to the public. As privacy breaches go, this data leak was perhaps the least worrisome ever: Instead of private data leaking out to become public, private data leaked into Google–and essentially vanished.

Now the company has apologized, and it’s bringing in third-party observers to confirm that Google is actually deleting the data. But in the face of howls from privacy advocates and stern frowns from government bureaucrats, Google has halted the Street View program. And once it restarts, Google will not collect any WiFi-related information. None. Nada. Zip.

After years of weathering complaints about the customer data it intentionally collects and default privacy settings that aren’t tight enough to satisfy some critics, Google hasn’t just blinked, it has folded its cards on this project. That’s disappointing. It sends a terrible message to e-tailers, and it’s exactly the wrong thing to do. If retail wants to advance, such mistakes are unavoidable. We need these bumpy patches, all the scrapes and bruises, to find out what works and what doesn’t. Foul-ups are inevitable. That means projects have to be fixed when they stumble–not abandoned.

That approach can be a tough sell for some executives and investors, who are all too ready to pull the plug when problems appear. Do Web and mobile E-Commerce show signs of being insecure? If so, avoid it, argue the naysayers. Is it slow going for acceptance of chip-and-PIN smartcards? Maybe mag-stripes are good enough, they grumble. Are pay-with-a-mobile-phone efforts gaining no traction among consumers or retailers? It’ll never fly, they insist.

OK, it’s true: For every smartcard, there’s a CueCat. But we’ll never get anywhere folding at the first whiff of failure. We’ve got to keep trying. The edge of the envelope is where there’s a chance to steal a march on competitors, to offer customers services they just can’t get anywhere else and to gain advantages that are hard or impossible for others to overcome. Without such risk, there’s no chance of reward.

After all, that’s how Google got its start. The company decided early on to try unorthodox approaches to creating technology. Long before Google could afford to build giant data centers wherever it could find low-cost electricity, its founders were wiring together piles of cheap PCs for its search engine. And on the software side, Google became a strong advocate of the often-hyped but mostly unused development technique called code reuse. (In simple terms, that means using whatever programming code is lying around whenever possible, as long as it does the job.)

For Google, that approach has usually worked fine, even if the reused code has features that aren’t needed for the project that will use it. This time, however, it meant Google ended up collecting private data that it didn’t want, didn’t need, didn’t have a use for and didn’t even know it had. That’s a problem. But the right fix isn’t to pull the plug on parts of Street View, it’s to rewrite the code so Google only collects what it intends to collect.

And when Target and Starbucks discover that their gift cards are insecure, the answer isn’t to dump gift cards but to make them harder to hack. When a startup like Blippy discovers it exposed customer credit card numbers during a test, the thing to do is make sure tests are done with dummy data not valid numbers. When TJX learns that hackers are capturing its transactions via WiFi, the fix is to lock down the network not abandon it.

Is there a time to give up on a retail technology project? Sure. Sometimes a better technology overtakes whatever you’re using. Sticking with what you’ve got means competitors will leapfrog you. Sometimes your executive support dries up. Sometimes regulatory changes or customer reaction make it clear that it’s time to start over. And sometimes a “drop-dead” signal is a lot more difficult to spot.

But bumps and bruises, or even a high-profile embarrassment? That doesn’t mean it’s time to give up. Rather, it’s simply time to fix the problems and keep pushing the envelope. Just try to ignore the paper cuts.


One Comment | Read Google Apologizes For Collecting Too Much WiFi Data—And Then Gives Up

  1. A reader Says:

    That’s a bold statement. Did you sit in on all the internal Google meetings, weighing this decision? Did you study ways to potentially monetize this data versus the legal risk and public outcry of keeping it?

    What makes you think you have studied this decision so well that Google must obviously be wrong?


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.