Google may face fresh police investigations in Europe into its Street View practices, after a Federal Communications Commission report detailed previously undisclosed levels of data collection.
According to The Guardian, privacy watchers expect Germany's federal data protection commissioner to investigate the new Street View revelations. Germany has some of Europe's strictest privacy laws--a legacy of East Germany's secret police.
In the United Kingdom, a spokesman for the Information Commissioner's Office (ICO) confirmed Tuesday that the agency was reviewing the FCC's findings. "We will study the Federal Communication Commission's report and consider what further action, if any, needs to be taken," he said via email.
[ For more on Google's wardriving controversy, see Google Wardriving: How Engineering Trumped Privacy. ]
But news reports that the U.K. might reopen its Street View investigation sounded premature. "Google provided us with a formal undertaking in November 2010 about their future conduct, following their failure in relation to the collection of Wi-Fi data by their Street View cars," he said. "This included a provision for the ICO to audit Google's privacy practices. The audit was published in August 2011 and we will be following up on it in June to ensure our recommendations have been put in place."
In November 2010, the ICO determined that the Google Street View capture of Wi-Fi payload data had violated the United Kingdom's data protection laws. Similarly, according to the FCC's report, "several countries, including Canada, France, and the Netherlands, have determined that Google's collection of payload data violated their data protection, online privacy, or similar laws and regulations."
The ICO instructed Google to delete the data it had collected. The Irish Data Protection Authority did the same. France, meanwhile, imposed a record privacy fine of €100,000 ($131,500) on Google. The FCC, finally, fined Google $25,000 for obstructing its investigation, but cleared it of having violated U.S. wiretapping or communications laws.
Questions over Street View date to early 2010, when European regulators began asking Google about exactly what types of Wi-Fi data its Street View cars were capturing. In April 2010, Google said that it was collecting only Wi-Fi network information, including Wi-Fi hotspot names, MAC addresses, and signal strength. Such information is useful for building location maps that don't need to rely on the Global Positioning System (GPS).
But in May 2010, senior Google officials disclosed--and perhaps had only discovered--that its Street View cars had in fact been capturing complete payload data. They downplayed the privacy implications, however, saying that any collected data would have been fragmented, and traced the data collection practices to a "rogue engineer."
Subsequent investigations by European data protection agencies, however, found that the data capture, while fleeting, had amassed data sets that were far from fragmented. In fact, studies of data samples revealed people's names, email addresses, and even sexual preferences. Furthermore, the FCC found that the engineer responsible for adding those payload capture capabilities to the Street View software had detailed his project in design documents that were submitted to, and approved by, his managers.
Furthermore, according to design documents provided to the FCC, Google brought in the engineer--who's been identified in news reports as Marius Milner--specifically to add wardriving capabilities to its Street View cars. Notably, Milner is the author of NetStumbler, a popular Windows tool for actively sniffing packet traffic.
When picking endpoint protection software, step one is to ask users what they think. Also in the new, all-digital Security Software: Listen Up! issue of InformationWeek: CIO Chad Fulgham gives us an exclusive look at the agency's new case management system, Sentinel; and a look at how LTE changes mobility. (Free registration required.)