Streetviewed: Google cars snooping on WiFi users not an accident
Neither a mistake nor the work of an unauthorized engineer was behind Google's massive harvesting of Wi-Fi communications that included e-mails, passwords and other sensitive personal information across three continents in 2007-2010, indicates the recent report filed by the US Federal Communications Commission (FCC).
The supervisors of the Street View program were well aware Google cars would go beyond photographing streetscapes. Or at least they should have been.
On Saturday, the web giant releases their own version of report – with employees’ names blacked out. An earlier version provided by the FCC had whole blocks of text blacked out.
The search giant said it wanted a more transparent version to be shown to the public as evidence that any wrongdoing by the company was inadvertent. Apparently, the company wants to avoid speculation over what could have been withheld from the initial release and thus limit any damage.
The report confirms Google’s engineer behind the data-collecting software voluntarily embarked on a project to gather personal e-mails and Web searches of potentially hundreds of millions of people. Identified as Engineer Doe, the individual declined to speak to the FCC, invoking Fifth Amendment rights, which protects citizens from being compelled to testify against themselves.
The design document prepared by Engineer Doe clearly shows his intention to collect payload data in addition to taking panoramic snapshots, as Google’s cars drove by. The private data would “be analyzed offline for use in other initiatives,” like finding how well Google’s other services are used, the document said.
Privacy consideration did come to his mind. “A typical concern might be that we are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing,” the document says.
Engineer Doe decided that no harm will be done because Google’s data harvesters would not remain in the vicinity of any particular Wi-Fi user for “an extended period of time.” Nevertheless he added the following “to do” item: “Discuss privacy considerations with Product Counsel.”
“That never occurred,” the FCC report says.
The employee also “specifically told two engineers working on the project, including a senior manager, about collecting payload data.” It actually appears that at least seven Street View engineers had “wide access” to the plan to collect payload data back in 2007.
Engineer Doe’s code was used to collect some 200 gigabytes of payload data across the US between January 2008 and April 2010. Similar logging of private data happened across the world, which made Google the butt of investigations by respective authorities.
The report further cites a number of other people involved in the project as failing to recall knowing that collecting of payload data was happening at the time. Those include an engineer, whose job was reviewing Engineer Doe’s code line by line for bugs and a senior manager, who said he pre-approved the man’s document before it was written.
Following the investigation the FCC fined Google $25,000 for obstructing its investigation, including withholding an email, that openly discussed the engineer’s review of payload data with a senior manager on the Street view project.
It ruled that since the payload data collected was not encrypted, the act didn’t violate American wiretapping law, but said it has “significant factual questions” about why this ever happened.
Google denied stonewalling the probe and blamed the FCC for any delays.