Google streetview went live in the United Kingdom in March 2009 with 360-degree coverage of public roads in just 25 cities. At the time, the Information Commissioner’s Office (ICO), the UK’s data security watchdog, said in response to privacy concerns that, “Although it is possible that in certain limited circumstances an image may allow identification of an individual, it is clear that Google is keen to capture images of streets and not individuals” and accordingly cleared Google to proceed to Go and collect two hundred pounds.
The search engine company then spent almost exactly a further year crawling all over our roads taking pictures from specially designed cars and tricycles. On 11 March 2010 Google announced that coverage was up to 90% of public roads covering Britain from Penzance in Cornwall to John O’ Groats and the Shetlands. There was, apparently, almost nowhere in Britain that could not be viewed on the internet including the inevitable folks posing for the cameras and people caught doing things they might have preferred to keep private.
Initial concerns about inappropriate images were dealt with and images of children playing naked in their garden and a girl pretending to be an accident victim were swiftly eliminated from the database. In addition, Google used software to blur peoples faces and car number plates and anyone could ask that their property not be included. Some speculated that the service would lead to a crimewave but this failed to materialise and the people of Broughton in Buckinghmshire, who asked the cars to leave their village, were seen as something of an oddity in resisting the forward march of technology. After all, Streetview was launched in the USA in 2007, and was available in Australia, New Zealand, Japan, Spain, France and Italy to different degrees and they were all still standing. One couple in Pennsylvania were sufficiently concerned they took Google to court citing privacy violation, negligence, unjust enrichment and trespassing for showing their home on Streetview. The judge, noting that the couple, Mr and Mrs Boring (I kid you not), had not even contacted Google to ask for their images to be taken down and had included their home address in court documents said this showed that they were perhaps not quite as sensitive or careful of their privacy as they claimed and threw out their case.
The furore, such as it had been, quickly settled down and the nation moved on to the next story. Then in May this year it came to light that as well as taking pictures the Google cars had been collecting data about wi-fi networks. The purpose of this was to collect location information for use in mobile phone apps; Google can tell where you are from the wireless networks your mobile phone can detect and they can then tell you where your nearest Starbucks is, and other no doubt more useful ideas like helping lost children find their way home or directing emergency services to accident victims.
When this came out there was anger that they had been doing this surreptitiously and Google quickly apologised and explained that they were collecting location information only and there was no identifiable personal information in their data. However, ICO carried out an investigation and in June concluded that, “On the basis of the samples we saw, we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data.” And the service was allowed to continue.
You can’t possibly have missed that this week Google have admitted, after questioning by the Canadian authorities, that their equipment has collected not just the location of wi-fi networks but from un-secured networks thay have also collected passwords, usernames and the text of some emails. This has completely reignited the debate in this country about the security of personal data with, as usual, a complete polarisation of views.
On one side of the debate we have those who insist that Google are wrong to have collected the data and should possibly suffer some consequences of a legal nature for their invasion of privacy. These people trot out all the usual cliches about big corporations riding roughshod over the rights of individual consumers and how we shouldn’t be surprised that a company puts itself above the people. On the other side we have the technical community who say that people only have themselves to blame for leaving their networks unsecured and that it is time for indiviuals to take responsibility for their own data security; you lock your front door, don’t you? This argument is really between those who maintain that if I leave my front door unlocked that does not give you the right to walk into my house and steal my TV, and those who maintain that I should not be surprised to find that unlocked doors lead to TV’s going missing and would have no one to blame but myself. Naturally, ICO has leapt to the front of the queue of those wanting to criticise Google and has promised an investigation and legal action if it is warranted. But all this fuss completely misses the point.
It is my contention that arguing about personal responsibility is not the issue here. Debating the legal ramifications of surfing private wi-fi networks is not the issue here and castigating big corporations for doing what big corporations have always done and will always do is certainly not the issue here. These are merely side issues that conceal, like a dustsheet draped over a piece of furniture, the real issue lying beneath. What the people should be asking is this: Why is it that our Information Commissioner’s Office have twice investigated Google and their data collection activities and on both occasions come to the wrong conclusion? The ICO have twice assured the country that they have their finger on the pulse and that the nation need not fear, but both times they were found wanting. They did not know in 2009 that Google were collecting wi-fi data at all, and once they were told this their investigation failed to uncover the personal data being collected. This is supposedly our watchdog, our defender, the warm arms of a loving hug from our mother but this watchdog has not merely been caught napping but sound asleep at the wheel with his pants down, and I think the nation have a right to know what, if anything, is going to be done about it.
Do we have a watchdog who cannot investigate data security, or one who does not? Do we have a watchdog with one arm tied behind its back or one with his snout in the trough? Does “investigate” mean “we reviewed some data Google kindly sent us” or does it mean investigate in the sense of uncovering the truth that lies coneal? Google have been keen to be seen to be apologising for what they are claiming is inadvertent collection of data they do not need and did not even know they were collecting. They have admitted more than they would have liked and have taken it on the chin and have, in a sense, been open about their dishonesty. There are others who are not quite as soft a target as large corporations with reputations to uphold, there are people who will deliberately steal any information about you they can get and will hack into even secured wi-fi networks if they can get away with it. If our watchdog cannot protect us from the inadvertent snooping of a softy like Google what hope do we have of being protected from determined data thieves?