The employee who wrote code to capture Wi-Fi users' personal data told co-workers about it, the FCC says.
SAN FRANCISCO — New revelations in a full report detailing the Federal Communications Commission's investigation into Google's Street View service are raising questions about whether the search giant escaped scrutiny for capturing personal information from millions of unknowing households across the nation.
Chief among the new disclosures: The engineer who intentionally wrote the software code that made it possible for Street View cars to capture emails, passwords and other data from unprotected wireless networks told fellow engineers and a senior manager that he had done so, according to the report.
Google, which had not wanted to make the entire report public, had wrangled with the FCC over the issue. The company released a copy to the Los Angeles Times late Friday after a number of organizations filed public records requests to obtain an unredacted version.
"We decided to voluntarily make the entire document available except for the names of individuals," Google spokeswoman Jill Hazelbaker said in an emailed statement. "While we disagree with some of the statements made in the document, we agree with the FCC's conclusion that we did not break the law. We hope that we can now put this matter behind us."
Privacy watchdogs say the report reveals as much about the company's disregard for consumer privacy as it does about the lack of oversight from regulatory agencies. Marc Rotenberg, executive director of the Electronic Privacy Information Center, an advocacy group in Washington, accused the FCC of botching
the investigation.
"This is clearly a consequence of self-regulation, but the fingers really do have to point back to the FCC," Rotenberg said.
An FCC spokeswoman could not be reached for comment.
Jamie Court, president of Consumer Watchdog, urged Congress to hold hearings.
"Once and for all the American people should be able to find out how much tacit approval the renegade engineer had from senior management," Court said.
The engineer who created the software that captured payload data — communication over the Internet including emails, passwords and search history — invoked his 5th Amendment right and declined to speak with the FCC. But the FCC says he told two other engineers, one of them a senior manager, that he was
collecting the payload data. He also gave the entire Street View team a copy of a document in October 2006 that detailed his work on Street View. In it, the FCC says, he noted that Google would be logging such data.
Those on Google's Street View team told the FCC they had no knowledge that the payload data was being collected. Google maintains that it did not authorize the gathering of personal information while it was mapping wireless networks in the United States and Europe.
The FCC concluded in its report that collecting the data was not unlawful, but it slapped Google with a fine of $25,000 for obstructing its investigation. Google denies that it stonewalled investigators.
Jeffrey Chester, executive director of the Center for Digital Democracy, said it strains credulity to assert that the data collection was the work of a lone engineer.
It "wasn't some engineering mistake," Chester said.
According to the report, the Google engineer, who was not a full-time member of the team but was working on Street View as a side project, wrote the code in 2006. He was interested in collecting data from unencrypted wireless networks to see if the data could be used in Google's other products and services. The data provided a snapshot of what people were doing online when the Street View cars drove by.
The engineer weighed privacy concerns but dismissed them because the vehicles would not be near "any given user for an extended period of time" and because none of the data gathered would be presented to users of Google services in raw form, the report says. He did note as a "to do" item that he should discuss the matter with a product counsel, it says.
On at least one occasion, the report says, the engineer reviewed the data to identify frequently visited websites. He thought it might be helpful in determining how much people were using Google Search, but a member of Google's search quality team told him "it had no use or value," and he abandoned the idea, the report says.
Google says it inadvertently started collecting the data in 2008 while mapping wireless networks, a practice it dubbed "wardriving." It continued to collect the data until April 2010.
Google at first denied it collected the data, then said it collected only fragments of data. Finally it admitted it had sucked up entire emails, passwords and search history, and apologized. Google says it also took steps to tighten privacy, such as appointing a privacy director to oversee engineering and product management.
The FCC opened its investigation in October 2010 as the Federal Trade Commission closed its inquiry into the same matter. Google said last week that the Justice Department also investigated, closing its inquiry in May 2011.
The FCC concluded that Google had not violated the nation's wiretapping laws but said it still had "significant factual questions" about why the data was collected, and watchdogs say they do too.
Contact the author at [email protected]
