It seems that Google has again forgotten its own mantra of “Don’t be Evil”, as the search giant has once again found itself in hot water, this time after using unprotected Wi-Fi networks to collect such private data as text messages, emails and names.
A Federal Communications Commission (FCC) report shows that Google knew Street View cars were collecting myriad personal information over two years, despite Google’s claims that it was an accident. The FCC report shows that Street View’s coding engineer not only knew the software could collect “payload data”, but told two colleagues – one of whom was a senior manager – that he had deliberately designed it to do so. However, despite the admission from the engineer, the FCC is still debating whether or not other Street View engineers knew of the collection – although the coding engineer produced a report to the team in 2006 in which he explained payload data would be collected, the team’s defence is that they didn’t read it and thus were entirely ignorant of what was going on, and Google has staunchly stuck to its line that the data collection was “inadvertent”.
The FCC report explains that: “For more than two years, Google’s Street View cars collected names, addresses, telephone numbers, URLs, passwords, email, text messages, medical records, video and audio files, and other information from internet users in the United States.” The FCC is also claiming that Google deliberately withheld the email in which the coding engineer discussed data collection with a senior manager, and has ordered Google to pay a $25,000 fine for obstructing the investigation by not releasing such information.
The report goes on to say that “Google’s supervision of the Wi-Fi data collection project was minimal … indeed, it appears that no one at the company carefully reviewed the substance of Engineer Doe’s software code or the design document.”
Aside from censoring the names of Google employees, the search giant has released the report in full, with a spokesman saying that: “We decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us.”
While the FCC has said Google didn’t break any laws, and Google wants to move on, such privacy advocacy groups as Electronic Privacy Information Center are demanding further investigation. EPIC’s executive director Marc Rotenberg has said that “Google’s rogue engineer scenario collapses in light of the fact that others were aware of the project and did not object.”
It cannot be proven conclusively one way or the other that Google as an entity did or didn’t know about the data collection, but it doesn’t bode well either way for the company – can users trust a company that either collects their personal data willingly, or one that doesn’t know what its own products and services are doing?