Google Staff Knew Street View Cars Were Collecting Private Data: FCC

The full FCC report on its investigation shows that the engineer who designed the code that collected the personal data had told at least two colleagues.

Google officials in the past admitted that for several years, their Street View cars had collected personal data from WiFi networks, but have insisted that such actions were the work of a single rogue engineer.

However, the full report on the Federal Communications Commission€™s investigation, released by Google over the weekend, found that the engineer told at least two other colleagues in 2007 that personal data€”including emails, text messages, passwords and users€™ Internet usage histories€”was being collected along with other WiFi information as part of the search giant€™s Street View efforts.

The FCC on April 13 had released a more heavily redacted copy of the report.

According to the full report, the engineer€”referred to in the FCC report as €œEngineer Doe€€”told two other people, including a senior manager, that the WiFi network information collected by the Street View vehicles also was picking up the personal information€”referred to as €œpayload data€€”and that the information could be used by Google in other initiatives.

In the FCC document, investigators said that Engineer Doe knew from the beginning that that the program he helped put in place could collect the payload data from unencrypted WiFi networks, and that the data could be useful to Google in other programs outside Street View.

In response to commission questions, €œGoogle made clear for the first time that Engineer Doe€™s software was deliberately written to capture payload data,€ the FCC said in its 25-page report, issued April 13, though heavily redacted.

Google came under harsh criticism from consumer privacy advocates and regulators in both the United States and Europe in 2010 after it was learned that between 2007 and 2010, the Street View vehicles had collected the payload data. It has fed into a larger concern over how massive companies like Google and Facebook, which collect and store large amounts of personal data from users, are using that information.

In the Street View case, the FCC said that the Street View vehicles had collected more than 200GB of payload data.

From 2007 through 2010, Google€™s vehicles traveled through dozens of countries collecting data as part of its Street View project, which gives users of Google Maps and Google Earth the ability to see street-level images of locations. As part of that project, the vehicles also collected WiFi data to gain information that Google could use to develop location-based services.

European regulators initially began investigating the collection of the payload data, and the FCC followed. Google officials in early 2010 initially denied that such information was collected, then said that some samples of data had been inadvertently collected. It wasn€™t until October 2010 that executives admitted that such information had been collected in more than 30 countries over the three years, and included whole emails, passwords and Web browsing information. They also said it was done by a single engineer, the collecting of the sensitive data was inadvertent, the company never used the collected information and the information had been deleted.

However, the full FCC report showed that others within Google€”and not just Engineer Doe€”knew that the code developed by Engineer Doe and that the company was using in Street View efforts was collecting the payload data. The FCC said that in response to further inquiries, Google officials last year €œrevealed that on at least two occasions, Engineer Doe specifically informed colleagues that Street View cars were collecting payload data.€ One was an email to another engineer on the project; the other an email to a senior manager on the Street View team.

A Google spokesperson has told the media that the company decided €œto voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC's conclusion that we did not break the law. We hope that we can now put this matter behind us."

Several countries, including Canada, France and the Netherlands, have ruled that Google€™s data collection violated their privacy laws, and attorneys general in dozens of U.S. states are still conducting their own investigations. However, in its April 13 report, the FCC said it didn€™t find that Google violated any laws, but fined the company $25,000 for intentionally impeding the investigation.

The FCC found that Google €œdeliberately impeded and delayed€ the investigation by refusing to provide information and documents requested by the commission, and that Engineer Doe€™s decision to invoke his Fifth Amendment right against self-incrimination made it difficult to get the necessary information to do a more complete investigation.

According to the Associated Press, Google executives in a 14-page April 26 letter to the FCC said the investigation could have gone better had the agency been more responsive to information Google had provided , and that at one point, Google agreed to a seven-month extension of the investigation, which was needed because of the FCC€™s delays in the process.

"That is hardly the act of a party stonewalling an investigation," Google lawyer E. Ashton Johnston wrote in the letter to P. Michele Ellison, the chief of the FCC's enforcement bureau, according to the AP. "Rather, it is a demonstration of Google's interest in cooperating and allowing the FCC time to conduct a thorough investigation."

Still, Google is not challenging the $25,000 fine.