Feds Say Google Knowingly Was Harvesting Personal Data During Street View Collection

The Internet Patrol default featured image
Share the knowledge

A recent report from the Federal Communications Commission (FCC), following a 17-month investigation, reveals that, contrary to what Google’s position had been all this time, Google actually knew that their Street View drive-bys were sucking down people’s personal data through any open wifi routers that the Street View van encountered. And not just a little bit – but for nearly three years, between 2007 and 2010.

Private data that was harvested from individuals includes email (the full text of!), passwords, sites visited, and other sensitive information. Until now Google had always maintained that they didn’t realize it was happening, and that it was an accident wraught by a single engineer at Google. Turns out that supervisors knew all along that it was going on. While the FCC concludes that Google did not break any laws, there was a heck of a lot of invasion of privacy going on, and, in addition, Google was slapped with a $25,000 fine for obstructing the investigation.

While the report was actually made public by the FCC a couple of weeks ago, it was heavily redacted (meaning that a lot of the information was blacked out); Google just released the full version, with nothing redacted except for the names of the individuals involved.

Said Google spokesperson, Jill Hazelbaker, “We decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us.”

That seems unlikely, as the FCC report raises as many questions as it answers. For example, according to the report, there was one “rogue engineer”, however he not only wrote code specifically to extract the personal data from open wifi networks that the Street View crew found, but had told two colleagues, one of whom was a senior manager, about it. Further, he claims to have sent out a memo to the Street View team describing the data collection that was to take place.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

As New York Times columnist David Streitfeld opines, the report “draws a portrait of a company where an engineer can easily embark on a project to gather personal e-mails and Web searches of potentially hundreds of millions of people as part of his or her unscheduled work time, and where privacy concerns are shrugged off.”

In fact, it wasn’t until German officials started pushing that the whole thing started unravelling. It’s well known in the Internet community that the U.S. has pretty much the poorest, laxest laws and regulations when it comes to protecting individuals’ privacy on the Internet. (For example, the U.S. is one of the only countries in the world that allows companies to put your email address on a mailing list without your agreeing to it – most other countries, and certainly those in the EU, require that you affirmatively opt-in, otherwise the mailer is breaking the law.)

The issue with Germany occurred in the spring of 2010, and at that time, Google wrote on its blog:

Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect.

In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.

So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data.

As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it.

 

Of course, this flies in the face of what the report from the FCC discovered. In fact, in that report the “rogue engineer” is quoted as having stated that “We are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing.{Emphasis ours.}

You can read the full FCC report here

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

2 thoughts on “Feds Say Google Knowingly Was Harvesting Personal Data During Street View Collection

  1. I guess that i always kind of knew that this could happen, but now that there is proof, I’m done with cellphones. I did fine without this technology for most of my life, and i don’t have a problem going back to the old way. Will only keep cellphone in my car for emergencies. No more apps, no more using phone for internet. My privacy is all that i have left and i cherish it!! No one elses business what I do or say on a phone that I pay for!!! I’m sooo sick of google and their LIES!!!

  2. $25 grand fine to Google! Hah! That’s not even pocket change. But what concerns me is: Where did the data go? Was it deleted and destroyed? What redress to the people affected? $25G to the govt coffers does not do that…. Now this is not a bad captcha system. Other people should use this instead of the weirded out words I can never read. And the mumbled meaningless sounds.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.