04/14/2011 12:47 pm ET | Updated Jun 14, 2011

Is Google Cruising Towards a Legal Meltdown?

Remember when the big financial companies were masters of the universe, making money hand-over-fist, and widely respected for their "innovation"?  And then it all came crashing down in a financial crisis that exposed the fact that their profits were built on illegal or near-illegal shady dealings that were unsustainable -- and when those subprime antics were removed undermined their whole business structure?

Enter Google, whose string of legal scandals could be taking it down a similar road.

This is company who's former CEO, Eric Schmidt, described Google's approach this way:  "There is what I call the creepy line. The Google policy on a lot of things is to get right up to the creepy line and not cross it."  The problem is that Google keeps crossing the line, both on the creepy and legal scale.

The latest example is a Department of Justice report that Google lied about having the proper government security certification when it applied for a multi-million dollar government contract to sell its Google Apps for Government product to run email and online collaboration services for the Interior Department. During an investigation, the DOJ found that the product lacked what's known as Federal Information Security Management Act (FISMA) certification, "notwithstanding Google's representations to the public at large, its counsel, the GAO (Government Accountability Office) and this court."  Such misrepresentation in a government contract opens opens the company to significant legal liability, including potentially violation of the federal False Claims Act.

Google then tried to claim that its false representation was okay since a different if similar product had been certified by a different agency, the General Services Administration, as FISMA-compatible. At a Senate hearing on government waste, a GSA official asked about Google's defense responded that, "when a product changes, you have to re-certify it." Senator Tom Carper, overseeing the hearing from his position as chair of the committee that largely oversees government contracting, tweeted the following after the hearing:

Mounting Legal Issues: The FISMA investigation follows just one week after Google agreed to a settlement with the Federal Trade Commission over charges that the company used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010. From the FTC's own release on its action:

The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. This is the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers' information.

On top of lying to the Interior Department in applying for a contract and "privacy misrepresentations" to customers in the Buzz launch, you have the accumulated accusations of antitrust violations and Congressional calls for followup investigations against the company.  These complaints range from manipulating search results to shut out competitors, violating customer privacy for anti-competitive purposes, and exclusive deals to undermine competition.  The Federal Trade Commission and Department of Justice are already jockeying over who will lead the antitrust investigation of Google, even as Congressional leaders push for investigations, individual U.S. states are launching their own investigations, and Europe already has an antitrust inquiry moving forward.

Global Wi-Spy Privacy Investigations: And then there's the Wi-Spy scandal, where Google snooped on millions of individuals' private emails and other personal information all over the world with Google Street View cars accessing information through private wi-fi routers.  Not only did Google track, street-by-street, each wi-fi SSID name and MAC addresses for routers, they were scooping up full emails, instant messages and other data.

Other countries have already investigated Google and a number have convicted and sanctioned the company for its privacy violations.
  • France last month found Google guilty of significant privacy violations through its wi-fi spying and fined the company for its actions.
  • The United Kingdom concluded that Google's actions was a "significant breach" of the U.K. data protection law and required Google to sign a binding commitment to prevent future breaches and agree to an audit of its data protection practices.
  • Authorities in Spain, Canada, New Zealand and other countries have made similar findings, leading each to conclude that Google's conduct violated consumer privacy rights.
  • In May 2010, German prosecutors based in Hamburg opened a criminal investigation into Defendant's conduct.
This January in South Korea, police seized hard drives from Google and found Google's Street View project had "harvested and stored hundreds of thousands of e-mails, instant messages and other personal data," including consumer passwords and consumer data, from 600,000 South Koreans,

When police anywhere are displaying your hard drives to the media like bricks of cocaine (see linked picture from South Korea), your legal problems are spinning a bit out of control.

Coverup and Stonewalling: Adding to the anger at Google's actions have been a pattern of shading the truth and stonewalling when pressed for answers.

When Google first launched Street View in May 2007, it promised that "Street View only features imagery taken on public property." But people rapidly began complaining that Street View images were showing intrusive images.

Google never mentioned plans to monitor any kind of electronic communications, and then when authorities discovered in 2010 that Google was collecting more than pictures, Google stonewalled investigators with minimal information.

Then Google claimed that it only collected "fragments" of such data.  And when authorities began finding complete emails and other personal data in Google's data collected from homes, Google then argued that a single engineer was to blame for the global privacy breach against millions of people on six continents.

And then it turned out Google had filed for a patent years ago to -- guess what? -- use accessing personal information on home wi-fi routers as a tool to strengthen its geolocation mapping systems. So the Wi-Spy concept was hardly the brainchild of a single engineer at Google.

U.S. Investigations Gaining Speed: While U.S. authorities have been slower to fully investigate Google than other countries, those investigations seem to be gaining speed.  Richard Blumenthal helped pull together the beginnings of a multi-state investigation of the Wi-Spy scandal last year when he was Connecticut Attorney General and now as a U.S. Senator, he has called for investigations into Google over the issue, saying, "clearly there was some illegality, whether intentional or inadvertent" in the company's use of Street View  car to collect personal data over wi-fi networks.  Members of the House have also been pushing for FCC investigations over the issue as well.

When Google was caught in February collecting social security information from children participating in its national "Google Doodle" art contest, it just helped fuel further outrage.  Reps. Ed Markey, D-MA, and Joe Barton, R-TX, co-chairmen of the House Bi-Partisan Privacy Caucus, said they would pursue hearings on the issue, calling Google's actions "unacceptable."

Congressman John Barrow, who has been active on the Google issue, just yesterday put out a release and detailed letter about Google's recent "deceptive and intrusive practices," using the examples of Buzz, Wi-Spy, and Doodle for Google,that requests that the House Energy and Commerce Committee launch an investigative hearings into Google's consumer privacy standards.

And with an antitrust action likely to pull together the various strands of Google misconduct into a more comprehensive investigation, the legal problems for Google may only be beginning.

How Bad it Could It Get? Now, all of this could end up with a series of minor sanctions against Google, a la the recent Buzz settlement, with a few constraints on Google's actions but no fundamental shift in its business life.

But if the financial meltdown taught us anything, it's that straight-line projection from the past is a poor guide to the future. Google's whole business model is utterly dependent on trust -- on people and businesses trusting Google with their data and with the company being trusted as a fair arbiter of search results.  If that cracks, whole sections of its business might fall apart.

In Germany, the backlash against Google's Street View project has been so strong that 240,000 Germans demanded the company obscure their homes from its database.  Partly in response to government  requirements that Google warn residents of future visits by the Google Street View cars, Google this week announced it was ending new Street View photography in Germany.  The German Interior Minister is talking about extending similar protections to other data collected online.

The endpoint of such an approach is in the Lower Saxony state government in Germany, which is moving to make it illegal to pass along IP addresses of web visitors to a third party without their permission: "The Lower Saxony authorities recently ordered German web marketer Matthias Reincke to remove Google's AdSense and an Amazon widget that features books from the US online retailer."  This means that even software like Google Analytics, which generates detailed statistics about visitors, violates German law.

When AdSense and other web tracking are in the crosshairs, Google's whole business model is in jeopardy

Regulation Can Save Google from Itself: The alternative is reasonable regulation to protect consumer privacy and rein in Google's continual legal overreaching. To return to the analogy to the financial sector, decent financial regulation would have protected consumers, but it also would have protected the financial firms from their own worst sub-prime excesses.

InfoWorld's Ted Samson chalks up Google's continual rule skirting and lawbreaking to a "startup culture"  where the company still has "insufficient internal checks and balances to prevent the powerhouse that is Google from inadvertently doing damage to its customers, its partners, and itself as it wields its might."

The good news for consumers and ultimately Google is that there is an emerging consensus to push forward legislation and regulatory policies that will restrain Google's worst tendencies without preventing it from deploying the technological prowess it has demonstrated in legal ways.

The privacy legislation introduced this week by Senators John Kerry and John McCain could be one step in that direction (especially if it's beefed up with additional privacy protections).  Combined with an antitrust investigation that restrains some of Google's worst anti-competitive operations, we could see a pathway to enacting a regulatory model that encourages Google to act as the public institution it's become, not the wild-child startup it was ten years ago.

Crossposted from