Google officials in the past admitted that for several years, their Street View cars had collected personal data from WiFi networks, but have insisted that such actions were the work of a single rogue engineer.
However, the full report on the Federal Communications Commissions investigation, released by Google over the weekend, found that the engineer told at least two other colleagues in 2007 that personal dataincluding emails, text messages, passwords and users Internet usage historieswas being collected along with other WiFi information as part of the search giants Street View efforts.
The FCC on April 13 had released a more heavily redacted copy of the report.
According to the full report, the engineerreferred to in the FCC report as Engineer Doetold two other people, including a senior manager, that the WiFi network information collected by the Street View vehicles also was picking up the personal informationreferred to as payload dataand that the information could be used by Google in other initiatives.
In the FCC document, investigators said that Engineer Doe knew from the beginning that that the program he helped put in place could collect the payload data from unencrypted WiFi networks, and that the data could be useful to Google in other programs outside Street View.
In response to commission questions, Google made clear for the first time that Engineer Does software was deliberately written to capture payload data, the FCC said in its 25-page report, issued April 13, though heavily redacted.
Google came under harsh criticism from consumer privacy advocates and regulators in both the United States and Europe in 2010 after it was learned that between 2007 and 2010, the Street View vehicles had collected the payload data. It has fed into a larger concern over how massive companies like Google and Facebook, which collect and store large amounts of personal data from users, are using that information.
In the Street View case, the FCC said that the Street View vehicles had collected more than 200GB of payload data.
From 2007 through 2010, Googles vehicles traveled through dozens of countries collecting data as part of its Street View project, which gives users of Google Maps and Google Earth the ability to see street-level images of locations. As part of that project, the vehicles also collected WiFi data to gain information that Google could use to develop location-based services.
European regulators initially began investigating the collection of the payload data, and the FCC followed. Google officials in early 2010 initially denied that such information was collected, then said that some samples of data had been inadvertently collected. It wasnt until October 2010 that executives admitted that such information had been collected in more than 30 countries over the three years, and included whole emails, passwords and Web browsing information. They also said it was done by a single engineer, the collecting of the sensitive data was inadvertent, the company never used the collected information and the information had been deleted.
However, the full FCC report showed that others within Googleand not just Engineer Doeknew that the code developed by Engineer Doe and that the company was using in Street View efforts was collecting the payload data. The FCC said that in response to further inquiries, Google officials last year revealed that on at least two occasions, Engineer Doe specifically informed colleagues that Street View cars were collecting payload data. One was an email to another engineer on the project; the other an email to a senior manager on the Street View team.
A Google spokesperson has told the media that the company decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us.”
Several countries, including Canada, France and the Netherlands, have ruled that Googles data collection violated their privacy laws, and attorneys general in dozens of U.S. states are still conducting their own investigations. However, in its April 13 report, the FCC said it didnt find that Google violated any laws, but fined the company $25,000 for intentionally impeding the investigation.
The FCC found that Google deliberately impeded and delayed the investigation by refusing to provide information and documents requested by the commission, and that Engineer Does decision to invoke his Fifth Amendment right against self-incrimination made it difficult to get the necessary information to do a more complete investigation.
According to the Associated Press, Google executives in a 14-page April 26 letter to the FCC said the investigation could have gone better had the agency been more responsive to information Google had provided , and that at one point, Google agreed to a seven-month extension of the investigation, which was needed because of the FCCs delays in the process.
“That is hardly the act of a party stonewalling an investigation,” Google lawyer E. Ashton Johnston wrote in the letter to P. Michele Ellison, the chief of the FCC’s enforcement bureau, according to the AP. “Rather, it is a demonstration of Google’s interest in cooperating and allowing the FCC time to conduct a thorough investigation.”
Still, Google is not challenging the $25,000 fine.