It's been over two years since I've written about Google's corporate slogan, "Don't Do Evil." Sadly, it's time again to discuss some occurrences that, on their face appear to contradict this, otherwise loft, slogan.
Once again Google has been accused of being evil and, to date, they don't appear to be denying it. Apparently, our "Do No Evil" friends at Google secretly intercepted Americans' data sent on unencrypted Wi-Fi routers over a two-year period of time while gathering data with their Google Maps Street View cars. The allegations are that Google deliberately engaged in "the single greatest breach in the history of privacy" and "one of the biggest violations of data protection laws that we had ever seen?"
Let's be clear right up front. The Federal Communications Commission (FCC), after a 17-month investigation, determined not to pursue this matter further. I don't see any harm in sharing the facts of the situation with you, so you can decide for yourself.
On April 13, 2012 the FCC file its Notice of Apparent Liability For Forfeiture alleging, among other things:
Between May 2007 and May 2010, as part of its Street View project, Google Inc. (Google or Company) collected data from Wi-Fi networks throughout the United States and around the world. The purpose of Google's Wi-Fi data collection initiative was to capture information about Wi-Fi networks that the Company could use to help establish users' locations and provide location-based services. But Google also collected "payload" data-the content of Internet communnications - that was not needed for its location database project. This payload data included e-mail and text messages, passwords, Internet usage history, and other highly sensitive personal information.
The public document posted on the FCC website is a redacted version the document I've linked to above. Apparently this was posted in accordance with an agreement, evidenced by this letter, the FCC reached with Google. The FCC report mentions a Google "design document" written by the engineer who developed the Street View software to collect telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files sent over open Wi-Fi networks.
The engineer is referred to as "Engineer Doe" in the report, though he was identified by The New York Times as Marius Milner whose software collected 200 gigabytes of data via Street View cars between 2008 and 2010:
The design document showed that, in addition to collecting data that Google could use to map the location of wireless access points, Engineer Doe intended to collect, store, and analyze payload data from unencrypted Wi-Fi networks. The design document notes that "[w]ardriving can be used in a number of ways," including "to observe typical Wi-Fi usage snapshots." In a discussion of 'Privacy Considerations,' the design document states, "A typical concern might be that we are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing." That statement plainly refers to the collection of payload data because MAC addresses, SSIDs, signal-strength measurements. and other information used to map the location of wireless access points would reveal nothing about what end users "were doing." Engineer Doe evidently intended to capture the content of Wi-Fi communications transmitted when Street View cars were in the vicinity, such as e-mail, and text messages sent to or from wireless access points. Engineer Doe identified privacy as an issue but concluded that it was not a significant concern because the Street View cars would not be "in proximity to any given user for an extended period of time," and "[n]one of the data gathered ... [would] be presented to end users of [Google's] services in raw form." Nevertheless, the design document listed as a "to do" item, "[D]iscuss privacy considerations with Product Counsel." That never occurred. The design document also states that the Wi-Fi data Google gathered "be analyzed offline for use in other initiatives," and that "[analysis of the gathered data [was] a non goal (though it [would] happen."
Most of these words were originally blacked out at Google's request, but the FCC later concluded it should be made available to the public because "Disclosure of this information may cause commercial embarrassment, but that is not a basis for requesting confidential treatment." Google also requested the FCC black out passages indicating a number of engineers had access to the Street View code and reviewed the personal data.
After its 17 month investigation, the FCC concluded Google did not engage in illegal wiretapping because the data was flowing, unencrypted, over open radio waves. The FCC cited case law that presumably let Google off the hook on the wiretapping allegations because the unencrypted Wi-Fi signals were "readily accessible to the general public."
The Wiretap Act, amended in 1986, says it's not considered wiretapping "to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public."
I'll leave it to you to decide for yourself. What do you think about all this?