Skip to main content

Concerns about the security of Google’s data bank

Google's policies and its violations of EU privacy regulations look like the beginning of a miserable slog for the company as it wrestles with investigators, regulators, and politicians.

BusinessWeek summarised this situation in a recent article (opens in new tab):

France's National Commission for Computing and Civil Liberties will announce its conclusions tomorrow… [various other] regulators may then decide to pursue their own cases against the company.

As a result, the matter may not end with France for Google, said Nick Graham, a data protection lawyer at SNR Denton in London. "While CNIL's views will be persuasive, other data-protection regulators in other EU countries could take a different line and levy their own sanctions."

This brings up all sorts of questions, the first of which is: Isn't the EU, when it comes to regulating commerce, of one EU hive mind? What's with this sudden emergence of individual national entities each doing its own thing? This sounds more like the death of a thousand cuts than it does concise and targeted regulation.

(opens in new tab)Google has enough legal problems as it is. The U.S. government is looking at anti-trust allegations, no doubt stemming from Microsoft lobbyists. The funny part is that Microsoft is complaining that Google is becoming a monopoly or whatever – but I'll leave that for a different column.

The simple fact is that Google collects too much information on all of us. Our habits are easily revealed simply based on what we search for. If you use Gmail, then every single one of your emails, which are archived by the company, means your every movement can be analysed. And if you want to top that, just add your Google+ account and your login credentials and it has your name, address, and probably a good estimation of your net worth and income.

Don't forget the Android OS, which tracks your every movement, step by step. Wow! Houston, we have lift off!

The EU is not only concerned about this sort of basic violation of privacy but also about the security of the information. This should be a concern for everyone. Imagine how easy it would be for someone to access personal data from the giant Google storehouse. Can it be sold? Can someone go in and steal it? Can someone in the company grab it, if he or she wanted to?

What about the possibility of using the archive to frame someone for criminal activity? This is not outside the realm of possibility. How hard is it to add information to the data store? Fabricated searches for bomb-making equipment, for example, porn sites that you never visited, or IM messages to terrorists that you never sent. The idea is not that far-fetched and the execution seems very doable.

Google is incredibly cavalier about all this because much of the collected data supports things like Google Now.

I find it peculiar that Americans seem to be much less concerned than Europeans about all these bad outcomes and dark possibilities. But then, Europeans collectively know better about bad outcomes than Americans do. Google needs to rein this in.