Where is the Outrage on Google’s Wi-Spy Scandal?

This week, it was announced that Al Franken will be chairing a new Senate Subcommittee on Privacy, Technology and the Law.   A good first target would be the Google “Wi-Spy” scandal and why the federal government is still doing so little to deal with it, especially in light of global action by other governments around the world.

The scandal broke last year and the media has covered it in fits and starts—but it never has seemed to get traction.   But new investigations globally are expanding, lawsuits are moving in the courts and more groups are mobilizing in the U.S. on the issues.

Background: Most folks know about Google’s Street View project, where Google-owned cars cruise streets taking pictures and piecing them together as part of the company’s overall Maps project.  Kind of creepy at times and a bunch of communities and governments have protested it.

Even creepier, it turns out Google was tracking who had wi-fi hot-spots in all the homes they were photographing.   Street-by-street, your SSID names and MAC addresses for routers were being fed into Google databases.   Note; the word “creepy” for this endeavor is from Google’s now departing CEO, Eric Schmidt, who admitted in an interview that a lot of folks may be uneasy with Google’s actions.

But creepiest of all —and where we enter the world of criminal behavior – those Google cars were apparently collecting personal information from those wi-fi connections, including full emails, instant messages and other data.   Governments around the world are now investigating this illegal violation of privacy laws.    Estimates are that Google wi-spy cars illegally took over 600 gigabytes of data from millions of individual homes, making the Google Wi-Spy scandal the largest global breach of privacy laws in modern history.

Where’s the U.S. government outrage?

While technology and privacy advocates have been following the scandal, what’s surprising is the low level of media coverage and federal government action that has followed the scandal.   In fact, the Federal Trade Commission (FTC) dropped investigations into the wi-spy scandal last fall and documents that the Electronic Privacy Information Center just received through a FOIA request found FTC investigators describing the Google WiFi investigation as a “wasted summer” and hoped that a Capitol Hill briefing on Google WiFi “won’t be too much of a time suck.”

Contrast that with action and outrage in other countries:

• Canadian Privacy Commissioner Jennifer Stoddart found that Google’s WiFi data collection practices harvested and stored complete names, e-mail addresses, telephone numbers, user names, and passwords.
• The United Kingdom concluded that Google’s actions violated U.K. data protection law. U.K. Information Commissioner Christopher Graham said Google’s actions were a “significant breach” of the data protection law and said his office would ask Google to sign a binding commitment to prevent future breaches and agree to an audit of its data protection practices.
• In South Korea, authorities found that since 2009 Google harvested and stored “hundreds of thousands of e-mails, instant messages and other personal data” belonging to roughly 600,000 South Korean consumers.
• On May 15, 2010, Germany’s minister of consumer protection, Ilse Aigner, referred to Google’s conduct as “alarming,” and remarked that “[a]ccording to the information available to us so far, [Defendant] has for years penetrated private networks, apparently illegally.”.  On May 19, 2010, German prosecutors based in Hamburg opened a criminal investigation into Defendant’s conduct.
• Authorities in Spain, Canada, New Zealand and other countries have made similar findings, leading each to conclude that Google’s conduct violated consumer privacy rights.

From EPIC:

Now, with South Korea finding that Google illegally breached the privacy of 600,000 of their citizens, the U.S. with roughly 100 times the population has likely had privacy violations on the scale of millions of Americans.  This is a scandal that should have an all-hands response from federal investigators—not the pathetic response we saw from the Federal Trade Commission treating it as a “waste” of their time.

Google’s stonewalling as disturbing  as its snooping activities

Google seems to want to prove the adage that the cover-up is often more outrageous than the original crime.  Instead of cooperating with investigating authorities and just issuing apologies, Google’s public statements about its Street View mapping activities repeatedly have misled regulators and the public.

When Google first launched Street View in May 2007, it promised that “Street View only features imagery taken on public property.” But people rapidly began complaining that Street View images were showing intrusive images.

Google never mentioned plans to monitor any kind of electronic communications until the spring of 2010, and only in response to government authorities discovering that Google was collecting more than pictures but was also monitoring individual wi-fi connections in homes, Google stonewalled investigators with minimal information.  In April 2010, Google responded to inquiries from the German Data Protection Authority (“DPA”)  by claiming that it was only collecting SSID Wi-Fi network names and the MAC address which IDs wi-fi network hardware.

Then in May 2010, as investigators found that Google was collecting personal data, Google claimed that it only collected “fragments” of such data.   But then authorities began finding complete emails and other personal data in Google’s data collected from homes.

And then Google created their fall guy.

Suddenly, Google argued that a single engineer was to blame for the global privacy breach against millions of people. According to Google, this lone engineer created the eavesdropping software to collect unencrypted WiFi data as part of a pet project and included the code in the Street View software without anyone’s permission.

And that software managed to be deployed on continents across the world in cars travelling collectively millions of miles —and no one at Google noticed all the personal data being collected?

Google wants the world to believe that it collected and stored approximately 600 gigabytes of data — with reams of personal data that the company executives had no knowledge was there.

Hard to believe—and at least one academic researcher doing similar surveys of Internet access by tracking wi-fi signals with his own car said he saw “no way that this [collecting personal data] could be inadvertent.”  Since the basic data Google was trying to collect was not data intensive, engineers would have had to realize that the amount of data piling up in their storage centers was too large.  He described it as equivalent to if you were to go to “the store for a can of soda and ‘inadvertently’ fill your cart with ten cans”  The point is you’d notice.

And given that Google has made clear that it was trying to push the edge on breaching consumer privacy, there’s no reason to believe they didn’t know all along what they were collecting.  With regard to Google’s Street View project, former Google CEO Eric Schmidt said publicly in an interview that people concerned that photographs of their homes could be accessed around the world via the Internet should “just move” and that “Google’s policy was to‘get right up to the creepy line,’” of public outrage to collect as much data as they could.

Google execs claimed that they knew where the line was that they shouldn’t cross—but their stonewalling and disclosures only under pressure show that they knew that they were already far over the line of what they wanted the public to know—and apparently what was legal.

Taking Action on Wi-Spy

While the Federal Trade Commission (FTC) largely took a pass on serious investigation of Google’s conduct last year, a coalition of 40 states led by the Connecticut Attorney General also is investigating Google’s privacy violations.

So far Google has refused to respond to a Civil Investigative Demand issued by the Connecticut Attorney General seeking “access to data to determine whether emails, passwords, web-browsing and other information was improperly intercepted.”

Additionally, the Wall Street Journal reported that the Federal Communications Commission has begun an investigation into Google’s wi-fi data collection.    And private lawsuits proliferated in the wake of revelations last year.

But real reform needs Congress to take up the banner of holding corporations like Google accountable for acting in a transparent manner that serves the public interest.

Why Wi-Spy matters

Holding a multi-national company like Google accountable for this massive global violation of privacy laws is obviously justification enough to pay attention to the wi-spy issue.   But wi-spy represents something deeper in that a company like Google already controls such a large chunk of public information that it highlights the need for tighter public regulation of the information economy.

The problem is not just that Google overreached into illegal snooping in people’s homes.  It’s that the company already knows so much about our lives that it may not have even been able to see what the big deal was about a bit more erosion of our privacy.

Information is not just one more commodity to be sold.  It’s the precondition for the population to act effectively in a democracy and to even have the knowledge needed to have a functioning market economy.   Google may not quite be a public utility but many of its functions  require at least some of the scrutiny and requirements for fair dealing that utilities have traditionally been subject to.

Covering the Wi-Spy scandal and what public officials need to do in response will be one way to highlight these broader issues of corporate accountability in the information age.