{"id":1139,"date":"2010-06-28T15:55:47","date_gmt":"2010-06-28T23:55:47","guid":{"rendered":"\/?p=1139"},"modified":"2010-06-28T18:34:06","modified_gmt":"2010-06-29T02:34:06","slug":"what-could-google-do-with-the-data-its-collected","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1139","title":{"rendered":"What Could Google Do With the Data It's Collected?"},"content":{"rendered":"

Niraj Chokshi<\/a> has published\u00a0a piece <\/a>in The Atlantic where he grapples admirably with the issues related to Google's collection and use of device fingerprints (technically called MAC Addresses).\u00a0\u00a0It is\u00a0important and encouraging to have\u00a0journalists like\u00a0Niraj\u00a0taking the time to\u00a0explore\u00a0these\u00a0complex issues.\u00a0\u00a0<\/p>\n

But I have to say that such an exploration\u00a0is really hard<\/strong> right now.\u00a0<\/p>\n

Whether on purpose or by accident, the Google PR machine is still handing out contradictory messages.\u00a0 In particular,\u00a0the description\u00a0in Google's Refresher FAQ<\/a>\u00a0titled “How does this location database work?”\u00a0is currently completely\u00a0different from (read: the opposite of)\u00a0what\u00a0its public relations\u00a0people are telling journalists like Nitaj.\u00a0 I think reestablishing credibility around location services requires the messages to be made consistent\u00a0so they can\u00a0be verified by data protection authorities.<\/p>\n

Here are some excerpts from the piece\u00a0–\u00a0annotated with\u00a0some comments by me.\u00a0 [Read the whole article here<\/a>.]\u00a0<\/p>\n

The Wi-Fi data Google collected in over 30 countries could be more revealing than initially thought…<\/p>\n

Google's CEO Eric Schmidt has said the information was hardly useful<\/span><\/a> and that the company had done nothing with it. The search giant has also been ordered<\/span><\/a> (or sought<\/span><\/a>) to destroy the data. According to their own blog post<\/span><\/a>, Google logged three things from wireless networks within range of their vans: snippets of unencrypted data; the names of available wireless networks; and a unique identifier associated with devices like wireless routers. Google blamed the collection on a rogue bit of code that was never removed after it had been inserted by an engineer during testing.<\/p>\n

[The statement about rogue code is\u00a0an example of the PR ambiguity Nitaj and other journalists must deal with.\u00a0 Google\u00a0blogs don't\u00a0actually\u00a0blame the collection of\u00a0unique identifiers\u00a0on rogue code,\u00a0although\u00a0they seem crafted to leave people with\u00a0that impression.\u00a0 Spokesmen\u00a0only blame rogue code for the collection of unencrypted data content (e.g. email messages.) – Kim]<\/em><\/p>\n

Each of the three types of data Google recorded has its uses, but it's that last one, the unique identifier, that could be valuable to a company of Google's scale. That ID is known as the\u00a0media access control (MAC) address and it is included — unencrypted, by design — in any transfer, blogger Joe Mansfield explains<\/span><\/a>.<\/p>\n

Google says it only downloaded unencrypted data packets, which could contain information about the sites users visited. Those packets also include the MAC address of both the sending and receiving devices — the laptop and router, for example.<\/p>\n

[Another contradiction: Google\u00a0PR says it “only” collected unencrypted data packets,\u00a0but\u00a0Google's GStumbler report\u00a0 says\u00a0its cars\u00a0did collect and record the MAC addresses from encrypted<\/em> data frames<\/em> as well. – Kim<\/em>]<\/p>\n

A company as large as Google could develop profiles of individuals based on their mobile device MAC addresses, argues Mansfield:<\/p>\n

Get enough data points over a couple of months or years and the database will certainly contain many repeat detections of mobile MAC addresses at many different locations, with a decent chance of being able to identify a home or work address to go with it.<\/p>\n

Now, to be fair, we don't know whether Google actually scrubbed the packets it collected for MAC addresses and the company's statements indicate they did not. [Yet the GStumbler report says ALL MAC addresses were recorded – Kim<\/em>].\u00a0 The search giant even said it “cannot identify an individual from the location data Google collects via its Street View cars.”\u00a0 Add a step, however, and Google could deduce an individual from the location data, argues<\/span><\/a> Avi Bar-Zeev, an employee of Microsoft, a Google competitor.<\/p>\n

[Google] could (opposite of cannot) yield your identity if you've used Google's services or otherwise revealed it to them in association with your IP address (which would be the public IP of your router in most cases, visible to web servers during routine queries like HTTP GET). If Google remembered that connection (and why not, if they remember your search history?), they now have your likely home address and identity at the same time. Whether they actually do this or not is unclear to me, since they say they can't do A but surely they could do B if they wanted to.<\/p>\n

Theoretically, Google could use the MAC address for a mobile device — an iPod, a laptop, etc. — to build profiles of an individual's activity. (It's unclear whether they did and Google has indicated that they have not.) But there's also value in the MAC addresses of wireless routers.<\/p>\n

Once a router has been associated with a real-world location, it becomes useful as a reference point. The Boston company Skyhook Wireless<\/span><\/a>, for example, has long maintained a database of MAC addresses, collected in a (slightly) less-intrusive way<\/span><\/a>. Skyhook is the primary wireless positioning system used by Apple's iPhone and iPod Touch. (See a map of their U.S. coverage here<\/span><\/a>.) When your iPod Touch wants to retrieve the current location, it shares the MAC addresses of nearby routers with Skyhook which pings its database to figure out where you are.<\/p>\n

Google Latitude<\/span><\/a>, which lets users share their current location, has at least 3 million active users<\/span><\/a> and works in a similar way. When a user decides to share his location with any Google service on a non-GPS device, he sends all visible MAC addresses in the vicinity to the search giant, according to the company's own description<\/span><\/a> of how its location services works.<\/p>\n

[Update: Google's own “refresher FAQ<\/span><\/a>” states that a user of its geo-location services, such as Latitude, sends all MAC addresses “currently visible to the device” to Google, but a spokesman said the service only collects the MAC addresses of routers. That FAQ statment is the basis of the following argument.]<\/p>\n

This is disturbing, argues<\/span><\/a> blogger Kim Cameron (also a Microsoft employee), because it could mean the company is getting not only router addresses, but also the MAC addresses of devices such as laptops and iPods. If you are sitting next to a Google Latitude user who shares his location, Google could know the address and location of your device even though you didn't opt in. That could then be compared with all other logged instances of your MAC address to develop a profile of where the device is and has been.<\/p>\n

Google denies using the information it collected and, if the company is telling the truth, then only data from unencrypted networks was intercepted anyway, so you have less to worry about if your home wireless network is password-protected. (It's still not totally clear whether only router MAC addresses were collected. Google said it collected the information for devices “like a WiFi router.”) Whether it did or did not collect or use this information isn't clear, but Google, like many of its competitors, has a strong incentive to get this kind of location data.<\/p>\n

[Again, and I really do feel for Niraj, the PR leaves the\u00a0impression that if you have passwords and encryption turned on you have nothing to worry about,\u00a0but Googles’ GStumbler report says that passwords and encryption did not prevent the collection of the MAC addresses of phones and laptops from homes and businesses. – Kim]<\/em><\/p>\n

I really tuned in to these contradictory messages when\u00a0a reader first alerted me to\u00a0Niraj's article.\u00a0\u00a0\u00a0It looked like this:<\/p>\n

\"\"<\/p>\n

My comments\u00a0earned their strike-throughs\u00a0when a Google spokesman\u00a0assured the Atlantic\u00a0“the Service only collects the MAC addresses of routers.”\u00a0 I pointed out that my statement was\u00a0actually based on Google's own FAQ, and it was their FAQ (“How does this location database work?”) – rather than my comments –\u00a0that deserved to be corrected.\u00a0\u00a0After verifying that this was true, Niraj\u00a0agreed to remove the strikethrough.<\/p>\n

How can anyone be expected to get this story right given the contradictions in what Google says it has done?<\/p>\n

In light of this, I would like to see Google issue a revision to its “Refresher FAQ<\/a>” that currently reads:<\/p>\n

\"\"<\/p>\n

The “list of MAC addresses which are currently visible to the device” would include the addresses of nearby phones and laptops.\u00a0 Since Google PR has\u00a0assured Niraj that “the service only collects the MAC addresses of routers”,\u00a0the right thing to do would be to correct the FAQ so it reads:<\/p>\n