Google’s ‘wi-spy’ adventure
One of the many services offered by Google is the ability to zoom a map all the way from orbit down to street level. At the maximum zoom, you actually find yourself standing on the street. You can look around and see photographic images of the buildings around you. It’s a remarkable feature.
To create its Street View, Google had to send vehicles out through streets across the United States, and around the world. These vehicles were equipped with cameras to snap photos in every direction.
A controversy arose when it was learned Google’s Street View vehicles were also equipped with wireless Internet receivers, which they used to collect personal data from every unsecured wireless network they passed. Between 2007 and 2010, Google “harvested” data that the FCC believes could include “email and text messages, passwords, Internet usage history, and other highly sensitive personal information” from thousands of homes and businesses.
Google did not admit this until May 2010, at which point the FCC began an investigation. Unhappy with the level of cooperation they received from the Internet giant, the FCC levied a $25,000 fine in April 2012. The government was particularly displeased with Google’s reluctance to identify specific employees involved in the design and implementation of the data harvesting operation.
For their part, Google objected to the FCC’s characterization of their behavior as “uncooperative,” and maintained they had not broken any laws. They said the data harvesting was accidental, the work of a renegade software engineer. There is some dispute about just how much of a “renegade” this fellow might have been, as it appears some of his co-workers and managers were well aware he had inserted this capability into the system.
Google’s actions appear horrifying at first glance, but there are a few aspects of the case to keep in mind. Most importantly, the Street View cars could only access unsecured wi-fi networks they passed through—that is, networks which do not require a password to access. Every home and business network can, and should, be protected with a password, but many users are regrettably lax about establishing one.
This distinction is an important part of Google’s legal argument with the FCC, since it is difficult to assert absolute privacy over data that is literally being blasted into the sky without protection. It’s the equivalent of overhearing a loud conversation while strolling past an open window. Google maintains they made no attempt to aggressively enter systems, or crack into encrypted data. Most of the data flowing through an open wi-fi network is still coded in some way, particularly when users are accessing secure web sites.
Also, the Google vehicles were moving, so they could only remain in contact with any given network for a few moments. To continue the “loud conversation” analogy, imagine racing past that open window at a brisk trot, so only a few moments of eavesdropping were possible.
The FCC ultimately concluded that Google had committed no crime. Upon the release of this report, the Australian government decided to cancel its own probe of the Street View incident. The Justice Department had already decided, back in May 2011, not to pursue Google for violation of the Wiretap Act. However, Rep. Frank Pallone, Jr. (D-N.J.) and John Barrow (D-Ga.) asked Attorney General Eric Holder to re-open the Justice Department’s investigation of the “Wi-Spy” affair. “Privacy is a critical issue,” said Pallone, “and neither Google’s influence nor size absolves it from responsibility.”
Google was dismayed that the FCC report was made public, even with redactions, because of the damage to their reputation. Even in the absence of legal charges, privacy advocates are nervous that the company would ever have considered, at any level of management, to deploy such a hackle-raising capability. The citizens of Information Age America remain uneasy with the level of surveillance they endure, from both official and corporate eyes.