Google told U.S. representatives June 9 it did not use any of the 600 gigabytes of data it accidentally snatched out of the air from WiFi networks and broke no laws. The search engine's position came after three U.S. representatives asked Google in a May 26 letter whether it conducted a legal analysis regarding the applicability of consumer privacy laws on data collection of WiFi transmissions.
Google did not use any of the 600 gigabytes of data it unwittingly snatched
out of the air from WiFi networks and broke no laws, the search engine wrote in
a response to questions from U.S.
Google May 14 revealed
that its Street View cars, which take pictures
for Google Maps, collected 600 gigabytes' worth of e-mail, Web browsing and
other data fragments from unsecured WiFi networks.
The data collection, enabled from 2007 to 2010 by code from a rogue software
engineer, happened in 33 regions, including the United
Hong Kong, Spain
House Commerce Committee Chairman Henry A. Waxman, D-Calif., Joe Barton, R-Texas,
and Edward Markey, D-Mass., asked Google in a May 26 letter
whether it conducted a legal analysis regarding the
applicability of consumer privacy laws on data collection of WiFi
"We believe it does not violate U.S.
law to collect payload data from networks that are configured to be openly
accessible (i.e., not secured by encryption and thus accessible by any user's
Pablo Chavez, director of public policy for Google, in a
letter dated June 9.
"We emphasize that being lawful and being the right thing to do are two
different things, and that collecting payload data was a mistake for which we
are profoundly sorry."
Google declined to comment but confirmed the contents of the letter, which
laid out Google's use for WiFi data.
Chavez explained that information about the location of WiFi networks
improves the accuracy of location-based services, such as Google Maps or
driving directions, that Google provides to consumers.
Google Street View cars were outfitted with WiFi antennas and software that
detected and collected WiFi network data, including WiFi network IDs and
addresses, signal strength, data rate, channel and encryption type.
The data was relayed to Google software that stored the data for eventual
use to fortify location-based services, such as Google's My Location feature in
A Google engineer included code that collected fragments of payload data,
including e-mail addresses and browsing addresses.
However, Chavez said this data has never been used in any Google product or
service and Google has since ceased collecting any WiFi data.
Google added that only the programmer who wrote the offending software and
the security engineer who tested the data after Google found it had seen the
Google has not figured out how many networks it unknowingly swiped data from
or how many consumers were affected.
Google deleted the data collected in Ireland,
Denmark and Austria
and is turning over
the data from other countries. Google is retaining
data in the United States
due to the launch of civil suits against the company in the matter.
Barton and Markey have also asked
the FTC to determine whether Google violated laws by
collecting the WiFi data. The FTC is looking into the issue.
"Google now confesses it has been collecting people's information for
years, yet claims they still do not know exactly what they collected and who
was vulnerable," Barton said in a statement June 11
. "This is deeply troubling for a
company that bases its business model on gathering consumer data."
It's the second major privacy scandal Google has been involved in this year.
its Google Buzz social service in February, startling
users by exposing their Gmail contacts to the public on Google profile pages.