Things Google is bad at: running a company

Despite the lack of a clear decision by the jury in the Oracle-Google lawsuit, , there's bad news for Google as a company whatever the end result and whatever damages Google ends up paying for infringement. There are some basic business issues it keeps getting wrong.
Written by Simon Bisson, Contributor and  Mary Branscombe, Contributor

Despite the lack of a clear decision by the jury in the Oracle-Google lawsuit, , there's bad news for Google as a company whatever the end result and whatever damages Google ends up paying for infringement. There are some basic business issues it keeps getting wrong.

Much of Oracle's case against Google was made by emails provided by Google in discovery, including the outspoken Lindholm email which Google tried repeatedly to exclude from the trial because it was sent to a lawyer and could be considered confidential. Multiple courts refused, because although it ended up addressed to a lawyer, that email address was the last thing added to the message, along with the 'confidential' tag. Google's email archiving system saved multiple copies of the email as it was being composed (which is good) but didn't link them together, which is bad. That's why Google let Oracle have the other drafts of the email in the first place, because they didn't get associated with the final message and its belated confidential label. If Google's home-grown email archive and audit tool had been better, Oracle should never have known about the message.

Google found searching its email archive just as difficult when the FCC came calling with questions about the data its Street View cars collected from Wi-Fi hotspots (which in France at least, included emails about affairs and visits to Web pages explicit enough to suggest some interesting deductions about the predilections of someone using that access point).

As the FCC says (with thinly veiled irony): "Although a world leader in digital search capability, Google took the position that searching its employees email 'would be a time-consuming and burdensome task'. Similarly, in response to directives to identify the individuals responsible for authorizing the company’s collection of Wi-Fi data, as well as any employees who had reviewed or analyzed Wi-Fi communications collected by the company, Google unilaterally determined that to do so would 'serve no useful purpose.' "

You can argue about whether any harm was done to anyone by the Street View collection, but the issues for Google are business process and governance. Using a homegrown email archiving system seems an obvious idea for a company that builds as much of its own infrastructure as Google; its own database, its own server designs, its own power supplies, its own custom network routers, its own services and search algorithms. But Google's approach isn't as rigorous as commercial email archiving tools that do tie drafts of messages to the final email and commercial ediscovery systems that do redact draft versions of confidential messages instead of handing them over to the opposing lawyers. Commercial archiving and ediscovery tools still need work, but hundreds of companies a year manage to search internal email when required to by courts and regulators and they make the investment in tools that make that less of a burden.

What Google lacks is internal governance, or as you might put it, adult supervision. The culture at Google is what allowed the Street View Wi-Fi collection code written in the 20% time of the programmer behind the popular NetStumbler to go live without being reviewed by anyone for privacy issues and be searched at least once by the programmer, because a manager pre-approved the project document without apparently reading it. The same culture meant that when Google employees described the Noser developers working on the Galaxy Note code as "super shady" no-one at Google followed through on those concerns, which appears to be how Google became liable for infringing eight more Java files that the Noder developers acquired by decompiling Sun code. And then there was the case of Google employees in Mexico and the US advising an off-shore pharmacy selling steroids and human growth hormone how to get around its own advertising rules, which was unfortunate when it turned out the pharmacy was run by federal agents (and expensive; the settlement cost Google $500 million). Or Google having to apologize for the way "a team of people working on a Google project" scraped content from the database of a Kenyan search competitor. Or the sponsored posts promoting Chrome and breaking Google's own guidelines that ad agencies produced for Google when they apparently misunderstood the terms of an ad campaign.

Google's attitude to doing business often seems to be that it's easier to ask forgiveness than permission. It's paying the price for that in court and with regulatory bodies, with a general loss of trust by some users - and by having to ban its own properties like BeatThatQuote, Google Japan and the Chrome download site when they break the rules. It's good that Google penalizes itself but if it's not fixing the flaws in business culture and oversight that lie behind these failures, that's not enough. Far more than people disliking Google products or any single court case or investigation, Google's biggest problem will turn out to be how the company is run.

Mary Branscombe

Editorial standards