In a company with tens of thousands of employees and contractors, it can be hard to make sure every one follows the best possible standards. That’s about the nicest thing you can say about two recent incidents that sure don’t tally with Google’s much-hyped “don’t be evil” policy.
The first came late last week with revelations by Mocality, a Kenyan firm that among other tasks has been compiling an online directory of local businesses, something we take for granted in many countries, but that is much needed in the region to help small firms win more customers.
Mocality received several calls asking about its website hosting and creation services, which came as a surprise as it doesn’t offer such services. It then took a look at its site logs and found that one specific IP address was hammering the business directory pages as many as 2,500 times a day, but only during office hours. To make things more suspicious, the address showed a Linux machine running Chrome, which is hardly the most common of Kenyan computer set-ups.
The company decided to find out just what the hell was going on by adding a filter that meant around 10% of the time, visitors from this IP address only would see a listing with a fake number that actually connected them to Mocality staff, posing as business owners and recording the call.
Of the seven calls recorded this way during a three-hour sting, every one features a Google Kenya employee falsely claiming to be working with Mocality and trying to sell them web services. In one case the caller makes false allegations about Mocality trying to charge for the business directory listings.
A few weeks later Mocality the pattern repeated with an Indian IP address. It carried out the same sting operation and this time received calls giving the same story, only from Google’s India staff, suggesting even scams can get out sourced.
Google has now said it was “mortified” to learn about the calls, has “unreservedly apologised”, and will take appropriate action against those involved.
But that’s not the end of it. Open Street Map, a user-editable mapping project that’s a clear rival to Google’s mapping service, read about the Mocality incident and realised it solved a mystery. It had found some “obvious vandalism” on pages and began looking back at the account used to make the bogus changes. It turned out that in the past year, there have been more than 100,000 visits from 17 user accounts from the Indian IP address concerned… and wouldn’t you know it’s the very same address used by the Google phone scammers.
This time Google didn’t wait about. It’s already announced that “The two people who made these changes were contractors acting on their own behalf while on the Google network. They are no longer working on Google projects.”
But the two rogue workers story may not satisfy skeptics on this occasion. It’s certainly plausible that Google telesales staff might take it upon themselves to use underhand tactics without management knowledge, particularly if chasing targets or working on commission (though it’s a bit odd that the tactics crossed continents.)
However, that explanation doesn’t hold up when it comes to editing rival map services. Some people might believe a couple of call centre staff decided it would be a good laugh to mess about making changes to a rival mapping service while they were at work. The fact that many people will struggle to believe that gives Google a serious problem.