Column: Risk Management

Google the Spy

By: | April 8, 2015

Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at [email protected].

I’ve known for a while that giants like Google tracked me — information on my location, my web activity, my music choices. I’ve known they troll my emails looking for keywords for targeting advertisements and services. Quite frankly, trolling goes beyond Google. Every store I shop at seems to send me emails luring me to a purchase. Nowadays, right or wrong, this type of tracking has become par for the course.

As creepy as it all is, data mining is supposed to be done under the guise of “innocent” consumer profiling that ultimately provides us with customized support.

On the whole, I love my Google-driven Android smartphone and the support features it offers — truly brilliant in many ways. The premise of using my information to “help” me didn’t use to bother me at all.

In fact, the thought of someone trying to design an algorithm that reflects my ever-changing consumption habits and interests actually made me chuckle.

So it all seemed acceptable because I thought my smartphone was only being used to spy on me. I was the only one involved. I was the one taking the risk.

Over the years, I have amassed a lot of business contacts. I have diligently kept their contact information via Microsoft Outlook. Recently, I uploaded that contact list to my smartphone using the Google Contacts app. I now have access to all of my contacts’ information when I am mobile.

But what happened next floored me. After a few days, likely after Google got a chance to chew on all this new delicious information, my phone started to regurgitate things back at me.

Spying on me is one thing, spying on my business colleagues and friends is another. The thought that I may have inadvertently put my colleagues at risk sickens me.

I received stock-ticker feeds of companies where my contacts work, and for companies with similar names to those where my contacts work. I also got travel suggestions based on my contacts’ addresses and news articles that referenced contact names, or those similar to my contacts. And I got solicitation emails from persons using names from my contact list.

I no longer feel as neutral about Google’s mining activities. Spying on me is one thing, spying on my business colleagues and friends is another. The thought that I may have inadvertently put my colleagues at risk sickens me.

Exploiting my business community without their express consent is just wrong, especially today where cyber security risks run rampant, where organizations spend billions protecting their networks and information, and where we are tirelessly putting in place safeguards around managing risks associated with remote access or unauthorized activity with client information. It is irresponsible.

Our collective goal should be to protect all of our clients, and keep their information safe and away from the risk of exploitation and misuse. The convenience of using applications like Google Contacts is to serve my clients better, not to breach their values. Google saw opportunity but handed me risk.

Since then, I have searched the bowels of Google’s account settings, looking for that elusive check box to disallow this silliness. After a few days’ search, there it was: “Use my Google contact information to suggest accounts from other sites.” Uncheck.

I have since written to Google regarding this experience and the irony in their auto-reply was almost amusing: “We value every piece of feedback we receive … we will use your comments as we strive to improve your Google experience.”

More from Risk & Insurance