Google employees knew that the company’s Street View cars were scraping a plethora of personal information from private Wi-Fi networks over a two-year period, a full Federal Communications Commission report on the matter shows. The revelation flies in the face of Google’s earlier claims that the collection of such information, which included emails and text messages, was an unknown accident.
On Sunday, Google released the FCC’s report on the matter, which shows that an engineer behind the Street View code not only knew about the software’s ability to collect “payload data” — communication data sent over the Internet — from unencrypted Wi-Fi networks, but told two colleagues, including a senior manager, that he had designed program to do so.
Despite this blatant admission, the FCC still questions whether other engineers involved in the Street View project knew about the data scraping. However, the report shows that the engineer in question turned over a report to the Street View team in October 2006, which explicitly stated that Google would be collecting the the payload data. Those involved said they did not read the document, and thus were not aware of the data logging.
Google has said repeatedly that the collection of such data was “inadvertent.”
“For more than two years, Google’s Street View cars collected names, addresses, telephone numbers, URLs, passwords, email, text messages, medical records, video and audio files, and other information from internet users in the United States,” the report says.
The FCC claims that Google purposefully withheld the email in which the engineer who wrote the code discusses the data collection capabilities with the senior manager. Last week, the FCC announced that Google must pay a $25,000 fine — almost nothing for a company with a recently quarterly net income of $2.89 billion — for obstructing the investigation by holding back information from the FCC. Google says that it did not authorize the data collection. And the FCC maintains that Google did not break any laws.
“”The record also shows that Google’s supervision of the Wi-Fi data collection project was minimal … indeed, it appears that no one at the company carefully reviewed the substance of Engineer Doe’s software code or the design document,” the report says.
The FCC originally released its report on the matter two weeks ago, but it was heavily redacted. The version of the report Google released only censored the names of Google employees.
“We decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us,” a Google spokesman told the Guardian in a statement.
The FCC investigation began in 2010, after the Federal Trade Commission closed its investigation in the matter. At the time, Google said that, “As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities.” Google also said that it “never used the payload data in any of [its] products and services.”
While Google surely wants to move past the controversy, it is unlikely to be able to do so. A number of privacy advocacy groups, including the Electronic Privacy Information Center (EPIC), have requested further investigation into the matter.
“Google’s rogue engineer scenario collapses in light of the fact that others were aware of the project and did not object,” said Marc Rotenberg, executive director of EPIC, in an interview with The New York Times. “This is what happens in the absence of enforcement and the absence of regulation.”