In 2010, Google came under considerable fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been “mistakenly collecting” personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. Later, the company admitted the data collected — without individuals’ knowledge or consent — included entire e-mails and passwords. And it was revealed that “Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data available through Google.com.”
The online services giant faced questions from states, and Google reached a settlement with Connecticut over the data collection. There were international investigations, and Google faced inquiries by U.S. agencies, including the Federal Trade Commission and the Federal Communications Commission. In October 2010, the Federal Trade Commission announced that (pdf) it had closed an investigation into possible privacy breaches by Google’s Street View after the company pledged to stop gathering consumers’ e-mail, passwords and other personal data.
Now, the FCC has decided (agency pdf; archive pdf) that it will not take enforcement action against the company over this data collection and retention (more on that below). But, the agency will fine Google for impeding the agency’s investigation into the private data collected and retained via its Street View product. In its “Notice of Apparent Liability for Forfeiture,” the FCC says:
For many months, Google deliberately impeded and delayed the Bureau’s investigation by failing to respond to requests for material information and to provide certifications and verifications of ties responses. Notice of Apparent Liability for Forfeiture (NAL), we find the Google apparently willful and repeatedly violated COmmission orders to produce certain information and documents that the Commission required for its investigation. Based on our review of the facts and circumstances before us, we find the Google, which holds Commission licenses, is apparently liable for a forfeiture penalty of $25,000.
The FCC also said, “Although a world leader in digital search capability, Google took the position that searching its employees’ e-mail ‘would be a time-consuming and burdensome task.'”
The FCC said that it still had “significant factual questions” about the Street View data collection, but it has decided not to take enforcement action against Google because:
There is no Commission precedent addressing the applicant of Section 705(a) in connection with Wi-Fi communications. The available evidence, moreover, suggests that Google collected payload data only from unencrypted Wi-Fi networks, not from encrypted ones. Google argues that the Wiretap Act permits the interception of unencrypted Wi-Fi communications, and some case law suggests that Section 705(a)’s prohibition on the interception or unauthorized reception of interstate radio communications excludes conduct permitted (if not expressly authorized) under the Wiretap Act. Although Google also collected and stored encrypted communications sent over unencrypted Wi-Fi networks, the Bureau has found no evidence that Google accessed or did anything with such encrypted communications. The Bureau’s inability to compel an interview of Engineer Doe made it impossible to determine in the course of our investigation whether Google did make any use of any encrypted communications that it collected. For all these reasons, we do not find sufficient evidence that Google has violated Section 705(a) to support a finding of apparent liability under that provision in the context of this case.
A couple things about the FCC’s statement you might wonder about. What is “payload data”? It’s a technical term for sensitive, private data such as e-mail messages, passwords, Internet search or browsing history. Who is “Engineer Doe”? According to the FCC, he is the Google engineer “who developed the software code that Google used to collect and store payload data.” Why couldn’t the FCC interview Engineer Doe? The agency says, Engineer Doe “invoked his constitutional right not to testify,” saying he had a Fifth Amendment right against self-incrimination.