Watch CBSN Live

Google's Management Arrogance: Wi-Fi Data Slurp-Up Shows No One's Running the Store

In the past, Google (GOOG) has gotten into trouble in Europe over its Street View product, in which the company sends out cars to drive through cities and towns and take pictures for its online mapping service. But now it seems that Google is in hot water over something else the cars did: collect information from Wi-Fi sites as they drove by. Google assured that it never collected or stored "payload data" -- information that could include personal data and login passwords. Then last Friday came the embarrassing correction that Google had collected such data from Wi-Fi networks that didn't use encryption.

It was all a mistake, says the company. However, mistake or not, the incident shows how clueless the Google's management and operational structure are. Here's an explanation from the corporate blog:

So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software -- although the project leaders did not want, and had no intention of using, payload data.
Given that recording such data is illegal in the U.S., according to security experts I know, I suspect it is equally verboten in Europe. (And has Google done the same thing in this country?) For a moment, set aside legality and consumer trust. From a business management perspective, there's a bigger problem. How the devil could Google collect so much data and not know it?

Someone knew that the code to record such confidential data existed, by Google's own admission. So we're left with a classic either-or chain of logic:

  1. As developers wrote code, either they documented their work or not.
  2. Either the project had supervision or not.
  3. If the project had supervision, either people did their jobs and knew what was going in or not.
  4. If the people knew what was happening, then they either competently ensured that code was documented or not.
  5. If supervisors did their jobs, either communication allowed management to know of the data, or the communications necessary to properly running a company was absent and the whole effort was for naught.
  6. If management knew, then it lied and then did an about face in public.
Trace through the tree of possibilities and you see that whatever the answer at any branch, the structure, culture, oversight, and direction of Google are seriously flawed.

We're not talking about some unintentional bug, but a feature that someone had requested at one point. How can a company develop products and services without knowing what they do? Why collect data in an action that is clearly illegal only to slap yourself in the forehead later and regret having done so?

What steps has Google taken other than slapping its corporate head and saying, "Oh, we are so silly"? According to an announcement, Google will now offer encrypted search as a result. What a joke. Google already knows what is in searches it receives. The problem is that Google snooped into all manner of things that it shouldn't have known.

Success becomes its own excuse, but it often masks organizational weaknesses that will eventually bring down an endeavor. The supreme self confidence and arrogant belief that its people are smart enough to be beyond mistake is Google's major flaw. It resulted in the privacy debacle of the company's social networking feature, Buzz.

Google's marketing suffers from the arrogance. Such arrogance killed the potential of the Nexus One phone. And unless Google top executives take a hard look at themselves and the culture they have spawned, the improper and likely illegal data collection won't be the last blow-up.