Co-authored by Dr. Stephen Bryen
These days it is getting more and more difficult not to be a conspiracy theorist. If you are concerned about security, especially mobile phone security, the amount of angst has risen by now to unprecedented levels. And angst is the right word, since just about everything you do electronically is being monitored by someone without your permission. In the UK they call this "blagging." Blagging is: "'Knowingly or recklessly obtaining or disclosing personal data or information without the consent of the data controller' is how it is defined under the UK Data Protection Act 1998."
In March, 2010, Google using its "street view" mobile units was collecting WIFI data as its specially equipped cars traveled on the streets and highways of the United States and in many other countries. Google claimed that it was collecting information only from non-password protected WIFI routers, but Google also had to admit that it was downloading data from computers and devices connected on WIFI. There was a huge outcry when this was found out, and under pressure from state and local governments, Google paid out $7 million to 38 states and the District of Columbia to settle the matter and apparently stopped snooping on WIFI systems.
It was never explained what the point was of collecting this information, and a $7 million pay out by a company with revenues in 2009 of $50 billion hardly amounted to anything.
On the 20th of May 2010 Google introduced Android 2.2 Froyo, and ever since its launch Google has been collecting the same information, whether password protected or not. There is a feature on Android phones and tablets called "Back up my Data" or "Back up my Settings." This feature allows you to save all the settings on your Android phone or tablet so if you need to replace your phone for any reason you can retrieve all the information stored there. This includes all your passwords and it includes WIFI security codes, not just your code, but any WIFI security code that you have access to, such as your work WIFI.
There is no doubt that the Android backup feature is extremely convenient. But where is all the "backup" data stored? Well, it is stored on Google's servers. And none of the information is encrypted or protected in any way. This means that you, and others you are in contact with or work with, must trust Google.
It is true that if you know about this feature you can turn it off, and Google says that if you opt out of this feature Google will erase all the information stored on its server.
Whether you want to believe this or not, the fact remains that Google has collected passwords, WIFI data and lots of other information on Android phones worldwide. Most people don't know about this feature, and even if they do, they opt for the convenience of having the backup.
The flaw is that Google cannot easily protect this information because it is subject to pressure from governments, not just the NSA, and it can find this sort of information hacked or ripped off by untrustworthy employees.
It would be a simple matter for Google to offer users a way to encrypt the data it sends to Google. Google has no direct commercial use for this information -- it has no value, for example, in promoting third party advertising. So why has Google opted not to allow personal backup information to be stored in an encrypted format.
That's where the conspiracy part comes in. And why angst is the right word.