You are here

Why isn't Google warning users about their heightened risk of identity theft and fraud?

Surprisingly, Google continues to keep its users in the dark on the new reported cyber-security threat where cyber-crooks have infiltrated Google's searches putting them at heightened risk of identity theft and fraud.  

The San Franciso Chronicle in its article "Hackers infiltrate Google's searches" followed up on the original USA Today article "Google searchers could end up with a new kind of bug."  I blogged on the USA Today story and explained why this problem is a big deal.  

  • Per the Chronicle article, "Google is working on a filter that will find and automatically block such malicious Web addresses, a spokesman said Tuesday. In the meantime, it has been contacting affected organizations to advise them on how to fix their sites' vulnerabilities."
  • WHY ISN'T GOOGLE WARNING ITS USERS!  Google users are the ones that are at immediate risk of losing their identity and private information to crooks forever -- not the websites.  

Apparently, from what I have been able to gather from my sources -- Google is under the illusion that because they don't control the websites that are infected -- they don't have an obligation to warn their users.

Let's review the facts of why Google may have: a budding user trust problem, a potential PR disaster on its hands, and a potential legal contingent liability/class action lawsuit vunerability for shareholders to worry about.

  • Per the Chronicle quote above:
    • Google is "working on a filter" to solve the problem;
    • Google has been "contacting affected organizations" (their website clients) that they have a problem; and
    • Google also has been advising their website clients how to "fix their sites' vulnerabilities."
  • This establishes what Google knew and when they knew it.
    • They have looked out for the interests of their financial partners, the websites which they revenue share with, while they have not looked out for or warned the interests of their users, who do not pay Google at all for search.
    • Every day that goes by where there is stark dichotomy of how Google clients are treated vs users, is a growing contingent liabilty from all users who were infected by the Google transmitted hacker malware and who were de-frauded or lost their identity.
  • We also know per a BBC News article that in the past (2006) "Google warns on unsafe websites."
    • Why aren't they warning users of this danger?

From what I have been able to gather from my sources is that Google is also pointing the finger at the infected websites for not running their sites with the latest anti-malware technology.

  • Apparently. Google is in blame-shifting-mode and implying it has no responsibility if its users are harmed by Google-transmitted malware.

Let's explore why this responsibility-ducking stance by Google is so high-risk and unwise:

  • Let's consider four relevant analogies to this situation and you decide whether or not Google may bear some responsibility for protecting its users in this instance:
    • A car manufacturer learns that its brake pad supplier was duped into supplying the car manufacturer with defective unsafe brake pads, and the car manufacturer's response is to only work with the vendor to get good brake pads going forward. The car manufacturer then neither notifies consumers who bought their unsafe car nor orders a public product recall.
    • A drug company learns that one of its drugs has been tampered with at certain stores and are now unsafe; the drug company works with the affected stores to only stock safe drugs, but does not notify the people who bought the unsafe drugs or notify the press to warn the general public.
    • A stadium owner knows that one of its food vendors is selling tainted meat that could make people sick or die; the stadium owner which shares revenues with the food vendor only works with the food vendor to supply safe meat, but does not notify or warn its attendees directly or through the press that they should look for symptoms, and if they find them, seek immediate medical attention.
    • A bank discovers that one of its afilliates is money-laundering; the bank works with the affiliate to clean up its operations to stop any money laundering, but does not inform the authorities or the affected customers of the illegal activity.

Bottom line:

  • Why isn't Google warning users?
  • Why wouldn't the Governmental authorities want the public informed of this threat and ways they could protect themselves?
  • Ignorance is bliss...