To recap: In 2010, Google came under fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.” The online services giant faced questions from states, and Google reached a settlement with Connecticut over the data collection. In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data.
A few weeks ago, the Federal Communications Commission decided (redacted pdf) that it would not take enforcement action against the company over this data collection and retention, but it would fine Google for impeding the agency’s investigation into the private data collected and retained via its Street View product. The FCC noted that it still had “significant factual questions” about the Street View data collection and that it could not interview “Engineer Doe,” the Google engineer “who developed the software code that Google used to collect and store payload data,” because Doe had invoked his Fifth Amendment right against self-incrimination. (“Payload data” is a technical term for sensitive, private data such as e-mail messages, passwords, Internet search or browsing history.)
The New York Times spoke with a former state investigator (several states investigated the data collection by Google through its Street View project) and he identified Engineer Doe as “Marius Milner, a programmer with a background in telecommunications who is highly regarded in the field of Wi-Fi networking, essential to the project.” Milner directed reporters to his lawyer.
Google rejected the FCC’s statement that it had impeded the investigation, and released a less-redacted report (pdf) than the one released by the FCC. In this report, the FCC has questions about who at Google knew about the data collection and when they knew it. Google has said that the data collection was a mistake by a single engineer and that the company never authorized the gathering of the personal data. But, the Los Angeles Times reports, “According to the FCC report: The engineer in question told two other engineers, including a senior manager, that he was collecting the payload data. He also gave the entire Street View team a copy of a document in October 2006 that detailed his work on Street View. In it, he noted that Google would be logging such data. […] The FCC also accuses Google of withholding an email that openly discussed the engineer’s review of payload data with a senior manager on the Street view project.”
The information in the FCC report that revealed Engineer Doe told other Google employees about the personal data collection in 2006 has raised questions with privacy and data protection officials in Britain, Germany and France, the New York Times reports. When the data collection was first revealed, there were investigations in several countries, including the United Kingdom, Belgium, France, Germany, and Italy. Two investigations remain open in Germany, and “the new information will influence the course of both inquiries, said Johannes Caspar, the data protection commissioner for Hamburg, whose investigation first brought Google’s illegal collection of Internet data to light,” the Times reports.
Also, there is the possibility that European privacy officials will reopen their investigations into Google’s Street View data collection. “The German federal commissioner for data protection and freedom of information, Peter Schaar, is also following the latest developments in the case with interest, a spokeswoman said. […] The French privacy regulator, the Commission Nationale de l’Informatique et des Libertés, said Wednesday that it would also review the F.C.C. document and weigh their options. […] Greg Jones, a spokesman for the Information Commissioner’s Office in Britain, said his agency would review the F.C.C. report to determine if further action was warranted in Britain. […] The European Union’s top privacy panel, the Article 29 Group, which advises the European Commission, will discuss Google’s illegal collection of data as part of Street View — a technology featured in Google Maps and Google Earth that give users a view of the streets they are navigating — and what response if any to take.” The Times also reports:
Jacob Kohnstamm, the chairman of the European privacy panel and the chairman of the Dutch Data Protection Authority, said that European officials were disappointed by the revelations. Many regulators, Mr. Kohnstamm said, feel misled by Google, whose executives in 2010 had reassured European lawmakers, often in personal appearances, that the illegal data collection was unintentional. […]
Google’s global privacy counsel, Peter Fleischer, had spoken at a hearing in the Netherlands in 2010 on the Wi-Fi taping incident, Mr. Kohnstamm said.
“At this hearing, Peter Fleischer made it pretty clear in his oral statement and in writing that it was the mistake of one single guy working at Google who had made a stupid mistake,” Mr. Kohnstamm said. “But apparently, it wasn’t a mistake at all.”