UK watchdog chases down Google 'street spies' in new probe

Reuters / Fabrizio Bensch
Google is accused of misleading the UK’s privacy watchdog over a now long running personal data scandal. It has now been forced to re-open a probe after reportedly failing to conduct a proper initial investigation.

The UK’s privacy watchdog the Information Commissioner’s Office (ICO) is demanding that Google answer seven detailed questions about what went on.

The ICO re-opened the probe after an investigation by the US regulator, the Federal Communications Commission (FCC) revealed that a Google software engineer explicitly designed the program to collect the data despite the privacy implications it entailed.

The internet giant has harvested huge amounts of sensitive personal information from millions of home computers across the world as it photographed areas for its Street View Service.

When the scandal broke in early 2010, Google insisted it had “accidently” collected a “very limited” number of emails, web addresses and passwords from open Wi-Fi.

But data collected also included medical information, records of internet chats and data from dating sites.

The FCC report noted how the Google employee in question, identified as Engineer Doe, said the private information was to be “analyzed offline for use in other initiatives.” Engineer Doe noted potential privacy issues, but believed the cars would not remain in the vicinity of any particular Wi-Fi user for an extended period of time.Although he mentioned the need to “discuss privacy concerns with Product Counsel…that never occurred”, the FCC report says.

The report says Google attempted to lay the blame on Engineer Doe as one employee acting alone .However, despite  refusing to speak with the FCC, the report concluded Engineer Doe had “specifically told two engineers working on the project, including a senior manager, about collecting payload data.”

The fact that at least seven Street View engineers had “wide access” to the plan to collect payload as early as 2007 further disproved Google’s claims that a lone engineer had managed to clandestinely gather the personal information.

Industry officials also said it would be difficult for one engineer to alter an important part of such a large system — especially one affecting hundreds of cars using software that required regular updating and that generated huge amounts of data, the Los Angeles Times reports.

The FCC ultimately dropped the probe after determining the data collection had not been unlawful.However, the agency fined Google $25,000 for deliberately impeding and delaying the investigation.


Google let off the hook?

According to the Daily Mail, when first investigating the allegations over the issue in 2010, the ICO spent just a few hours analyzing data harvested by Google before deciding to let it off and allowing the internet giant to destroy evidence; thereby denying victims the chance to seek justice.

The paper cites a former ICO employee, Phil Jones, who revealed they didn’t want to spend money on a computer expert to properly analyze the material.

Meanwhile, investigators in France, Germany, Holland and Canada ordered Google to preserve data and then had it properly examined. They found huge violations of privacy, including banking transactions and a psychological report on a child.

Privacy campaign groups claim that it is likely similar data was collected and stored in the UK.

The ICO has finally demanded a full audit at Google into who decided how the data would be collected and when.

The Director of the privacy campaign group Big Brother Watch, Nick Pickles, says that “Google’s excuses and misdirection are now beginning to quickly unravel, exposing the Street View spy-fi episode as a deliberate and willful effort to capture sensitive personal data Google was not entitled to.”

If found guilty, Google could be fined up to £500,000 under the UK’s Data Protection Act. However, since most of the information was collected before April 2010, when the law was updated, a legal loophole may allow the internet giant to get away with paying just £5,000.

Mr Pickles said in a telephone interview with RT that consumers in the UK are now at a disadvantage as the ISO has actively encouraged Google to delete data. “It will be very difficult for UK citizens to get redress as we will never know exactly what data was taken,” he said.