Friday, June 25, 2010
In May, Google announced that, for more than three years -- in more than 30 countries -- it had been "mistakenly collecting" personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. That data could include people's email messages, their passwords and even the logs of their Web site visits.
This week, more than 30 state attorneys general announced they will begin examining the lawfulness of Google's actions, though it still isn't clear whether Google committed any legal wrongdoing. "At the very least, Google acknowledges that intercepting and gathering people's data was wrong," Connecticut AG Richard Blumenthal told WIRED. "But there may be a need to strengthen and enhance federal and state laws." Meanwhile, the chief of the Consumer and Governmental Affairs Bureau of the Federal Communications Commission has issued a warning to consumers that Google's "behavior" raises important privacy concerns, adding that the collection of WiFi data, "whether intentional or not ... clearly infringes on consumer privacy."
The Google disclosures have triggered one of the biggest public probes of online privacy so far in the digital era. Google, in response to government inquiries and lawsuits, has claimed that it is lawful to use packet-sniffing tools readily available on the Internet to spy on and download payload data from others using the same open Wi-Fi access points. But two months ago, in May, shortly after the FCC and U.S. Justice Department began looking into the Street Maps issue, Google co-founder Sergey Brin told a Google developer conference his company "screwed up" by improperly collecting the WiFi data. "We screwed up, and I'm not making excuses about it," Brin said. "Trust is very important to us and we're going to do everything we can to preserve it." Brin said the company is "putting more internal controls into place and bringing in third parties to work on this issue, as well." Google also has begun destroying some of the Wi-Fi data it collected for Street View -- in some cases, at the request of governments, including Britain's. But privacy advocates now say Google should preserve the data and turn it over to governments.
"The problem here is that there are criminal laws at issue, and there is a real question as to whether Google violated these laws," says Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), a nonprofit privacy rights group in Washington. "If it did, the evidence is in the information Google collected. Google has tried to minimize the data it collected, calling it snippets or fragments. But that's a determination that needs to be made by a third party, possibly a prosecutor."
For one of the most comprehensive overviews of the Street Map issue -- including a timeline of the Street View program from its launch in 2007 to Germany's announcement last month that Street View vehicles have been collecting data from WiFi networks -- see EPIC's Web page on the brouhaha.
What do you think? As the Web becomes more "social," should consumers have more of a say in how their personal data is distributed across social networks? [See Radical Shock, a Q&A by Cause Global with privacy scholar Helen Nissenbaum about the need for new privacy protections that don't care so much about whether data is shared "but whether it's being shared appropriately."] Let us hear from you.
-- Marcia Stepanek