return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ What if Google bought ChoicePoint? Or vice versa? What if there was no Chinese Wall? ]

What if Google bought ChoicePoint? Or vice versa? What if there was no Chinese Wall?


Think of the scope of privacy penetration, in near real-time, if the capacities of Google and ChoicePoint were seamlessly merged as a single searchable database.

Why would you think it farfetched? It is certainly not. Both firms harvest personal information but one, Google, currently uses its information to sell ads while the other, ChoicePoint, sells its information directly to purchasers.

When Roger Clarke defined dataveillance as the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons, the interpretation was often tilted to governmental use of personal data. The rise of commercial data warehouses such as ChoicePoint acting as de facto intel agencies have expanded the private-public use of personal data. I maintain that search firms such as Google will join that group either by scope creep or acquisition.

Google still has a white knight image of a 'bringer of technology' and services (societal contributor) while ChoicePoint, has increasingly garnered a reputation as either a private intelligence agency that can collect what government cannot and then sell it to government for profit, or as a purveyor of credit information without sufficient validation and vetting of its customers (societal risk).

I submit that Google is marching inadvertently, at least under its founding management, towards a less savory public opinion. The reason is that many of its functional enhancements designed to "draw eye balls" are architected with less respect to security, secondary effects, and unintended consequences that are the current products of Microsoft now that Redmond has understood the threat both to its own financials and to the national IT infrastructure. Yet Microsoft is pilloried as evil while Google is let off the hook. As Google adds functionality that more aggressively promotes ads, alters rankings based on criteria other than user search results, and continues to provide ill-designed and poorly proofed applications it will see a different response:

Google has quickly found that the seeming legions of security hobbyists and professionals are perfectly willing to find and publicize flaws, whether the company approves or not. "More people are looking at us from a security analysis standpoint, because there are more applications out from Google, and we are also higher profile."

From malicious hackers using Google to hunt for sensitive information, to the increasing scrutiny of the security of Google's services and software, the search giant's popularity has a significant downside.

I think that Google is actually more vulnerable than Microsoft as it inhabits a halfway house between Microsoft's desktop and enterprise tools and ChoicePoint's pure data information seller. The comment made of Google that "There is a tough balance between providing information to customers and providing information that can be harmful in the hands of an attacker" could apply equally apply to ChoicePoint.

One wonders how long Google can forestall tarnish of its white knight image. While one of the "ten things Google has found to be true" is "You can make money without doing evil," the short version of "do no evil" now gets quite a lot of sarcasm on the web (search Google using the word "Google" plus the phrase "do no evil".) I would expect that distaste to grow.

Some useful reading as we proceed to examine Google:

Architectures of testimony, architectures of control propelled to convergence

Rising awareness and increasing value of 'Commercial-off-the-shelf' tools and companies for intelligence gathering and analytics

Implications of absence of liability: shifting the cost from perpetrator to consumer and bystander

Part 2 continues

Google's search for security
By Robert Lemos
December 22, 2004

Gordon Housworth 

InfoT Public  Strategic Risk Public  


  discuss this article

<<  |  June 2020  |  >>
view our rss feed