Well, to make a long story short, pretty bad. So many lawsuits are piling up over Google's collection of unencrypted personal WiFi data that the company is now asking that they be combined into one big lawsuit. And while they continue to claim that they just "made a mistake," it's increasingly clear that they have been intentionally collecting a whole lot of data in those StreetView cars.
All the anti-Google privacy advocates out there are probably thinking, "Well it's about time, Dawson - you've finally come to your senses about Google!" I hate to dash any hopes against the rocks, but I haven't stopped Googling things. I'm still creating Google Docs left and right. I still love my Android phone and leave the location features turned on because the personalized local search rocks. Google Maps still gets me where I'm going, even if Google will know forever where I go.
However, in all of these cases, I knowingly and implicitly consent to Google collecting all sorts of information on me and ultimately monetizing that information. I know that a lot of users don't fully understand what they authorize Google to do when they use their services, but I do and I'm comfortable with it because the services are useful enough to me to trade a degree of privacy. When Google collected information from wireless routers in people's homes, being too ignorant, naive, or stupid to encrypt their traffic doesn't count as consent.
What gets me the most, though, is the way Google collected these 600GB of personal data. As Ars Technica reports,
Put simply, a program called "gslite" sniffed packets from unprotected WiFi networks as Google's Street View cars rolled down the street, separating out encrypted and unencrypted content. The encrypted data was dumped while the unencrypted data was then written to the car's hard drive.
This isn't a "Woops, sorry, as we took note of your access point location, SSID, and MAC address, we accidentally grabbed just a wee bit of data." This is intentional harvesting of data without consent. I would even argue that their request for a single lawsuit in a northern California district court should be rejected. There shouldn't be an easy out for Google on this one. This actually needs to be a catalyst for a change in corporate culture.
This sort of nonsense, although precisely the sort of thing that any engineer would think was pretty cool to be able to do, makes Google's enterprise products a much tougher sell. How can I really address potential adopters of Google Apps concerned about entrusting student data (in the case of Edu Apps) or corporate data on the Premiere Apps side when Google flouts privacy like this?
I genuinely believe in Google Apps as a platform around which business communication and collaboration can be built cost-effectively and quickly. The Apps work well and are constantly under improvement. A growing ecosystem of third-party applications and an easy, open development platform make Google Apps even more compelling for organizations looking to embrace the cloud. However, blatant disregard for the privacy of ordinary citizens who simply lack the wherewithal to secure and mask their own Internet connections only serves to reinforce the concerns of decision-makers about the cloud and SaaS in general and Google specifically.
At this point, Google either needs to really examine the way it does business or hope that Microsoft does something particularly stupid with their collaborative and hosted offerings. Ideally, they'd choose the former.