Consider Amazon, which stumbled when it first let customers look inside the books it sold. It turned out customers could easily sidestep security mechanisms and copy large chunks of the books. Or think about Target and Starbucks, which learned last week about the data dangers of moving into mobile gift cards. When a technology is young, problems and mistakes happen. In fact, they're necessary to shake out weaknesses and sharpen advantages. The answer isn't to abandon the effort. It's to patch it, learn from the experience and move on.
And Google? The company managed to mistakenly collect 600 gigabytes worth of data fragments from unencrypted WiFi networks. According to Google Engineering VP Alan Eustace, "In 2006, an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software--although the project leaders did not want, and had no intention of using, payload data."
Got that? Google made its big mistake three years ago. It didn't discover what it had done until a German privacy agency asked for an audit of what the Street View cars collected. The company says it never used the data in any Google products. None of it was ever visible to the public. As privacy breaches go, this data leak was perhaps the least worrisome ever: Instead of private data leaking out to become public, private data leaked into Google--and essentially vanished.
Now the company has apologized, and it's bringing in third-party observers to confirm that Google is actually deleting the data. But in the face of howls from privacy advocates and stern frowns from government bureaucrats, Google has halted the Street View program. And once it restarts, Google will not collect any WiFi-related information. None. Nada. Zip.
After years of weathering complaints about the customer data it intentionally collects and default privacy settings that aren't tight enough to satisfy some critics, Google hasn't just blinked, it has folded its cards on this project. That's disappointing. It sends a terrible message to e-tailers, and it's exactly the wrong thing to do. If retail wants to advance, such mistakes are unavoidable. We need these bumpy patches, all the scrapes and bruises, to find out what works and what doesn't. Foul-ups are inevitable. That means projects have to be fixed when they stumble--not abandoned.
That approach can be a tough sell for some executives and investors, who are all too ready to pull the plug when problems appear. Do Web and mobile E-Commerce show signs of being insecure? If so, avoid it, argue the naysayers. Is it slow going for acceptance of chip-and-PIN smartcards? Maybe mag-stripes are good enough, they grumble. Are pay-with-a-mobile-phone efforts gaining no traction among consumers or retailers? It'll never fly, they insist.
OK, it's true: For every smartcard, there's a CueCat. But we'll never get anywhere folding at the first whiff of failure. We've got to keep trying. The edge of the envelope is where there's a chance to steal a march on competitors, to offer customers services they just can't get anywhere else and to gain advantages that are hard or impossible for others to overcome. Without such risk, there's no chance of reward.
After all, that's how Google got its start. The company decided early on to try unorthodox approaches to creating technology. Long before Google could afford to build giant data centers wherever it could find low-cost electricity, its founders were wiring together piles of cheap PCs for its search engine. And on the software side, Google became a strong advocate of the often-hyped but mostly unused development technique called code reuse. (In simple terms, that means using whatever programming code is lying around whenever possible, as long as it does the job.)
For Google, that approach has usually worked fine, even if the reused code has features that aren't needed for the project that will use it. This time, however, it meant Google ended up collecting private data that it didn't want, didn't need, didn't have a use for and didn't even know it had. That's a problem. But the right fix isn't to pull the plug on parts of Street View, it's to rewrite the code so Google only collects what it intends to collect.
And when Target and Starbucks discover that their gift cards are insecure, the answer isn't to dump gift cards but to make them harder to hack. When a startup like Blippy discovers it exposed customer credit card numbers during a test, the thing to do is make sure tests are done with dummy data not valid numbers. When TJX learns that hackers are capturing its transactions via WiFi, the fix is to lock down the network not abandon it.
Is there a time to give up on a retail technology project? Sure. Sometimes a better technology overtakes whatever you're using. Sticking with what you've got means competitors will leapfrog you. Sometimes your executive support dries up. Sometimes regulatory changes or customer reaction make it clear that it's time to start over. And sometimes a "drop-dead" signal is a lot more difficult to spot.
But bumps and bruises, or even a high-profile embarrassment? That doesn't mean it's time to give up. Rather, it's simply time to fix the problems and keep pushing the envelope. Just try to ignore the paper cuts.