Fraud

Google's long-time cavalier approach to privacy and security are catching up to the company as its latest wardriving privacy scandal, appears to be spiraling out of the control of Google's legendary PR machine. 

First, the House Energy and Commerce Committee sent Google a tough investigative letter on its wanton wardriving of the U.S. The most problematic question for Google got to the root of Google's privacy scandals: "What is Google's process to ensure that data collection associated with new products and services offered by the company is adequately controlled?" This line of inquiry makes it clear this is not just a probe of this privacy incident, but of Google's systemic weaknesses in internal/management controls concerning privacy.

Goobris: (noun) Google's frequent total lack of self awareness when it says something publicly. 

In the Reuters article "Google to fight Government if AdMob deal blocked," Google CEO Eric Schmidt exhibited characteristic goobris in criticizing the FTC's review of the Google-AdMob acquisition.

First, Mr. Schmidt amazingly complains that the FTC's extended review of the acquisition left AdMob at a "significant disadvantage" competitively vs. Apple.

Google's wanton "wardriving," i.e. detecting, accessing, and recording residential WiFi networks in 30 countries for over three years, was not simply a "mistake," "inadvertent," or an "accident" as the Google's PR machine has spun it. The evidence to the contrary is overwhelming to anyone who bothers to examine it closely. 

• Google's wanton wardriving was either: gross incompetence/negligence or wrongdoing. 
  • Government investigators must determine for themselves via subpoena, whether or not anyone at Google, in a supervisory or management position, knew that this private "payload" data was being collected, and whether or not this private data had been accessed, copied, analyzed, or used by Google in any way.

The case for why Google's wanton wardriving is more than just a "mistake."        

I.  Identifying the questionable practice: "Wardriving"

Google's latest privacide admission -- that all of Google's roving StreetView vehicles around the world have been recording some of people's WiFi traffic/web behavior since 2007 -- should prompt privacy officials and the media to ask the simple question: why does Google serially keep having privacy scandals?

Simply Google will continue to have privacy scandals because Google has deep systemic privacy flaws and vulnerabilities -- by design.

• At core Google philosophically believes in "publicacy" that the world is a better place with more openness/transparency rather than closed systems or private/proprietary information.
• Thus Google has a publicacy mission, culture, business model, and no serious of effective system of management and internal controls to protect people's privacy.    

1.  Publicacy Mission: Google's infamous publicacy mission is to "organize the world's information and make it universally accessible and useful." It is their mission to collect whatever information they can, where ever they can, whenever they can without regard to whether it is private or proprietary information. As Google's repeated privacy flaps prove, they believe it is more efficient to ask for forgiveness than for permission.   

New evidence suggests Google blatantly misled public investors about its own assessment of the antitrust risk involved in Google acquiring AdMob.

On Google's webpage on the AdMob acquisition, in the Q&A section, Google said at the time of the acquisition:   

• Question: "Do you have any concerns about regulatory approval?"
  • Answer: "We don't see any regulatory concerns with this deal..."
• (At the time, Precursorblog posted that Google was clearly misleading people about the antitrust risk the deal faced.)

Now we learn from a Bloomberg/Business Week story:

• "Google CEO Eric Schmidt was so intent on buying AdMob that two people with knowledge of the deal say he agreed to pay a "kill fee" of around $700 million if the deal failed to close for some reason, such as an antitrust motion from the Justice Dept." 

It is important to put this $700m AdMob deal "kill fee" in perspective.

I have publicly debated Susan Crawford and found her to be intelligent, likable and zealously committed to the FCC broadband "public option," i.e. mandating that broadband become public-utility regulated as a common carrier. 

• I was disappointed and stunned to read Ms. Crawford's latest assertions in her op-ed in the New York Times today, that totally and unabashedly misrepresented core facts; Ms. Crawford and the New York Times Editorial Board should know better. 

First, Ms. Crawford's characterization of a potential unilateral FCC decision to regulate broadband for the first time -- as simply a "relabeling" of Internet access services -- is blatant mis-representation. 

For skeptics of Google's need for more transparency and accountability, consider the latest disturbing example of Google Chrome not asking tens of millions of Internet users for their permission to gain wide open access to their computers and content -- when it clearly should ask for permission -- like every other Internet browser provider does.    

Per ComputerWorld's article: "Google's Chrome now silently auto-updates Flash Player." 

• "Unlike other browsers, Chrome updates itself automatically in the background without asking for permission or prompting users that security fixes or new features are available." 
• "Google uses a unique approach, they don't ask users [for permission to update], they just do it" said Peter Betlem, Senior Director of Flash Player Engineering.  

What this means is that unlike all other browsers or Google competitors, Google does not believe it needs permission from users to gain wide open access to users' entire computer software and all its private contents.

A very important investigative scoop by Appitalism's Simon Buckingham (that has been submitted to the FTC's Google-AdMob antitrust investigators) uncovers how Google unilaterally, not-openly, and without advertisers' permission, changed the default settings in all of Google advertisers' accounts, which effectively "duped advertisers out of hundreds of millions of dollars."  

In a nutshell, Mr. Buckingham's investigation found that  two years ago, Google quietly changed the defaults of all its advertiser clients' accounts so that their ads were served not only to all desktop pcs/laptops, but also to all IP enabled mobile devices too.

• This significantly expanded the number of ads Google served and advertising revenue generated by Google via clicks, but without a consequent increase in the value delivered to the advertiser customer by Google  in return. 
• As Mr. Buckingham explains it, mobile devices simply can't functionally handle most of the ads Google sends to mobile devices because they require Adobe Flash (which mobile devices generally do not have) and mobile devices have much smaller screens so large-screen-oriented ads are basically dysfunctional in the mobile device market.
• Mr. Buckingham estimates that this deceptive practice likely has costed Google advertisers over several hundred millions of dollars over the last two plus years.

This investigation prompts several disturbing takeaways. 

First, this underscores how truly opaque the Google "Black Box" advertising business model is.

It appears Google impetuously over-reacted to the big cyber-security breach of Google and a reported ~30 other companies. Google alone publicly blamed China and only Google publicly pledged to stop censoring search results in China in retaliation.    

What is the evidence that Google impetuously over-reacted here?

First, Forbes reported: "Researchers Call Google Hackers 'Amateurs' -- A new report says the attack on the search giants network was far less sophisticated than it has claimed." Specifically:

• "A great play is being made about how sophisticated these attacks were," says Damballa's vice president of research Gunter Ollman. "But tracing back the attacks shows that they were not sophisticated, and that the attackers behind them have a history of running multiple botnets with a variety of tools and techniques," many of which, he says, were far more rudimentary than Google or the cybersecurity industry has portrayed."

People incorrectly assume that because of Google's popularity, brand and reputation for innovation, that Google is  secure and cutting edge on cyber-security -- when in reality they are not.