You are here

What else does Google secretly track? Top 10 questions for privacy investigators to ask

Current privacy investigations of Google deserve to be much more comprehensive than just Google's latest StreetView wardriving scandal, given that:

  • Google tracks much more private information than most users are aware of, e.g. it tracks ~99% of all Internet users click paths cumulatively via the overlapping tracking of Google Analytics, Adsense, DoubleClick, Toolbar, Chrome, Android and Google cookies;
  • Google collects many more personal identifiers than just the wardriving WiFi/SSID/MAC addresses under scrutiny, i.e. it also collects: IP addresses, email addresses, phone/mobile/SMS numbers, voiceprints, faceprints, fingerprints, mail addresses, credit card numbers, Social Security numbers, Passport numbers, drivers license numbers, license plate numbers, and other personally identifiable information. 
  • Hackers recently stole Google's most sensitive security/privacy code for its entire password system, putting most all Google stored private information at risk; 
  • Google had another major privacy breakdown recently in rolling out Google Buzz where Google exposed people's private email lists; and 
  • Google's CEO recently appeared to be putting the blame on users for having private information that needs to be protected, by saying on CNBC: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Questions privacy investigators should ask Google:

  1. What are all the types of private and personally identifiable information that Google tracks? Stores? And/or analyzes?  
  2. Does Google have the capability to aggregate all the private information that Google collects on an individual Internet user, or groups of users, across platforms, products and services?
  3. Are Internet users aware of, or notified, that private information are being collected on them? If not, why not?
  4. What is the risk a user's private information could be accessed by law enforcement? By national security services? Or by hackers? Please rank user privacy invasion risk by country of origin.
  5. Can Google cross-reference all the private information Google collects with the specific disclosures indicating that they are being collected?
  6. Is all the world's private information that Google collects all stored together and co-mingled in Google's "Bigtable" omni-database?
  7. Are the storage of private data of EU residents segregated from non-EU residents private data? If not, why not? Is all EU private data stored in EU-based data centers? If not, why not?
  8. What private data was stolen or is at risk of being stolen after the recent security breach where Google's password system computer code was stolen by hackers?
  9. How are non-registered users of Google services, who interact with Gmail, Voice, and Docs users, notified that their comments/private information are being recorded, stored and analyzed by Google?
  10. Does Google have a simple one-click, opt-out, do-not-track option for a user to not be tracked or to not be profiled by Google at all? If not, why not?  


The simple point here, is that the recently-discovered unauthorized tracking of people's WiFi-related information by Google, is only the tip of the iceberg of private information that Google collects on Internet users without their knowledge or meaningful permission.