Google snooped your Wi-Fi, but FCC is more angry about the coverup

Newly posted FCC report dings Google for blaming employee for code that had approval of managers

Google has released the full FCC report into the Google's practice of collecting data on the location, SSID names and, where possible, private data about WLAN owners and guests as its mobile Google Street View photo vehicles cruised and mapped the roads of America.

In releasing the report, Google emulated the venerable White House tactic of releasing bad news on sunny Friday afternoons when few reporters or readers are paying attention.

The April 13 FCC report on Google (slide-show online or downloadable), was posted Saturday.

The FCC released its own version two weeks ago at the same time it announced it fined Google $25,000 for obstructing the FCC investigation by refusing to identify employees involved in discussions about StreetView or producing any emails documenting its testimony to the FCC, according to an FCC order dated April 13.

Google disputed the charge, saying delays in the FCC investigation were due to the agency's dawdling, not Google's refusal to cooperate. It announced it would pay the fine to keep from dragging the case out any further.

Either way, the FCC's heavily redacted report was much less forthcoming than the version Google posted Saturday.

StreetView managers knew about Wi-Fi data snooping

The FCC's version largely blocked out portions that made clear Google was not being entirely honest about the involvement of senior managers in describing how Google StreetView vehicles began collecting personal data including emails, passwords and search histories from unsecured Wi-Fi hotspots the vehicles encountered on their travels.

Google tried to characterize the effort as a private project launched without authorization by an engineer working on StreetView of which Google managers were unaware until shortly before the FCC investigation.

The truth, according to the FCC report and corroborating information posted by the Los Angeles Times, an engineer referred to by the FCC only as "Engineer Doe" took the initiative to write the code, but told another engineer and a senior manager that he had done so and that the code was live, collecting private data from private WLANs.

The engineer also passed out a document in 2006 to the whole Google StreetView team, telling them about the code addition to the StreetView software and the kind of data Google would be logging.

Members of the StreetView team claimed to know nothing about the data being collected and said Google's top managers had not authorized anyone to collect personal data.

All the StreetView vehicles were supposed to do was map the presence and location of local Wi-Fi hotspots in the U.S. and Europe.

Several European countries have sued or investigated Google simply for that portion of the collection project, which they said violates privacy laws requiring that WLAN owners be informed and given some level of control over data about their networks.

'Rogue engineer' wrote code, but ran it with tacit permission from managers

"Engineer Doe," a full-time Google employee who spent part of his time on StreetView and the rest on other projects, wrote the data-collection code hoping the information collected could be used for other Google services, such as identifying the real names and locations of people using Google Search.

According to the FCC report, Doe considered privacy issues, but decided they were irrelevant because the data would be anonymized before being used in other services, and because the vehicles would only be close enough to any individual network for long enough to pass by, not long enough to collect any really sensitive or incriminating data.

Google's gradually deteriorating excuses that it was not responsible got little sympathy from the FCC, especially considering the sequence of denial:

    Google obstruction, coverup, denial, Oct., 2010 to April 2012
  • Google first denied collecting any data.
  • Then Google said it collected only fragments of data.
  • Finally it admitted it collected entire emails, passwords and search histories, and issued an official apology.
  • "Engineer Doe" refused to testify before the FCC, citing his Fifth Amendment Right against self-incrimination.
  • Google also appointed a privacy director to monitor its engineers and project managers.
  • Google fought the FCC's intention to release the report right up until the day the FCC actually posted the redacted version two weeks ago.
  • The version of the FCC report Google posted Saturday is one the FCC gave news organizations after a series of FOIA requests for more information.
  • Release of the report likely headed off requests from reporters for copies of all the Google emails and testimony the FCC collected during the investigation, which began in October 2010.

The Los Angeles Times broke the story Saturday after the FCC gave it and other news outlets copies of the report in response to requests and Freedom of Information Act requests from several organizations for details on the investigation.

The Federal Trade Commission and Dept. of Justice also conducted investigations, but dropped them without results.

The FCC decided Google had not violated federal wiretapping laws because the eavesdropping secion exempts anyone who intercepts or listens in on unsecured networks, or "an electronic communication system that is configured so that such electronic communication is readily accessible to the general public," as the report said.

Google's reaction to the long investigation and fight over whether it had to tell the FCC anything was content-free except for a little resentful self-justification.

"While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law," according to an email discussion between Google PR and VentureBeat. "We hope that we can now put this matter behind us."

Google: Don't be Evil (but if you do, deny, stonewall and spin the PR until you can get yourself off the hook).

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies