Google, FCC and now DOJ Queries: Google Purposely Harvests Passwords, Emails, Info? (NYT)

The FCC had ended its investigation into privacy concerns surrounding Google Street View. Some reports of data collecting, sharing and triangulation were dismissed, by Google, as accidents. But now the full FTC report is out, the DOJ wants to see it and there’s a second engineer in there claiming data collection is quite planned. Here’s the fine the FTC has issued against Google for “obstructing” it investigation. No criminal or civil charges are filed. googlefccfine1DA-12-592A1

This morning, Google is increasingly hot water with the Federal Communications Commission (FCC) and, now, the Department of Justice (DOJ), which is seeking to dig into an earlier FCC decision relieving Google of alleged violations of the Federal Wiretap Act and other regulations around data privacy, The New York Times reports this morning, citing a full release of an FTC document obtained by aewdomain and other reporters.

Just two weeks ago, the FCC dropped one of its privacy investigations against Google. But it did fine Google 25,000 for obstructing its investigation. Full text of that doc is below. Now concerns are renewed, with one employee claiming that Google purposely used its StreetView data — not accidentally, as the company complained — and the DOJ has filed a Freedom of Information request to see the FCC decision, which was for Google, on the matter.

googlefccfine1DA-12-592A1

There are more than 15 privacy investigations into Google’s privacy practices going on global, regarding location tracking and, specifically, how data is harvested ad whether it is used for Google members not just on Street View but on its now interlocked Gmail, Google Drive, Google Music, Google Play, Google Search, Google + and other related and interlinked sights to numberous to mention here.

The FCC doc, as reported by The New York Times this morning, is available in full text now and directly challenges the FCC’s decision that Google’s StreetView product and its “rogue” sharing of personal data was “rogue” all. The employee told The Times it was fully intentional:

Google’s alleged harvesting through Street View of e-mails, passwords and other sensitive personal information from unsuspecting households in the United States and around the world was neither a mistake nor the work of a rogue engineer, as Google claimed in an FCC investigation of its Google StreetView product in 2010. Rather, according to a rogue employee quoted in The New York Times and a full copy of the report as obtained by anewdomain.net shows otherwise.

And as recently as two weeks ago, the FCC fined Google $25,000 for “obstructing the inquiry,” though it said Google has not violated any laws. Google, too, today releases a copy of that report with Google employees’ names redacted. The writers continue:

The report, prepared by the Federal Communications Commission after a 17-month investigation of Google’s Street View project, was released, heavily redacted, two weeks ago. Although it found that Google had not violated any laws, the agency said Google had obstructed the inquiry and fined the company $25,000 … on Saturday, Google released a version of the report with only employees’ names redacted … the full version draws a portrait of a company where an engineer can easily embark on a project to gather personal e-mails and Web searches of potentially hundreds of millions of people as part of his or her unscheduled work time, and where privacy concerns are shrugged off.

Them are fighting words, as we used to say back home.

Wired sums in a great report early this a.m.:

The engineer told two colleagues, including a senior manager, about the code. The engineer also distributed to the Street View team a document that said the data collection would take place. A senior manager said he had preapproved the document before it was written; Street View managers said they hadn’t read the document; and a colleague recalled receiving the document but didn’t remember any reference to such data collection.A different engineer, who worked on a line-by-line debugging of code for the Street View project, said he didn’t see the data-collection code. Engineers on the project told the FCC they weren’t required to get approval from project managers before modifying the code.The rogue engineer was working on Street View only as a side project and was interested in collecting the data to see if it could be used in other Google products. He dismissed privacy concerns because the Street View cars wouldn’t be near “any given user for an extended period of time” (though he made a note to discuss the issue with a product counsel).
The engineer reviewed the data at least once for info on frequently visited Web sites, thinking the data could help Google’s search team. But when a member of the search quality team said such data had no value, the engineer dropped the idea.

According to a number of reports — from Rafe Needleman at CNET and The Los Angeles Time, The FCC is also taking Google to task in the report of holding back an e-mail that discussed the engineer’s review of data with a senior manager on the project, the LA Times reports.

This is a story that will heat up quickly.

Privacy is the battleground for social networks and the reason some pundits have suggested, likely, that Facebook and other companies are backing the Cybersecurity Sharing Insurance and Privacy Act, which passed the U.S. House of Representatives earlier this year and now faces the Senate.

CISPA, if passed, gives providers and networks sweeping access of your files and data. Maybe Google thought that, through its policy, it was getting this anyway? That’s a rhetorical question, but anewdomain.net will definitely be following up with Google throughout the week.

Now the DOJ is demanding a look at the FTC settlement docs. What does it think the FTC missed. Read the letter and get back to us. Were you really expecting privacy — at least anonymized privacy and selling of travel and data usage habits, the main revenue model of a social company such as Google or Facebook.

See Electronic Privacy Information Center, Investigation of Google Street View (last visited April 27,
2012), available here; or originally reported by Kevin J. O’Brien, “Google Data Admission Angers European Officials,” N.Y Times, May 15, 2010 at B5.

FCC report fining Google
http://www.fcc.gov/document/enforcement-bureau-issues-25000-nal-google-inc

Privacy advocates said the full report out now is damning. Said Marc Rottenberg of the Electronic Frontier Foundation (EFF.org), “Google’s rogue engineer scenario collapses in light of the fact that others were aware of the project and did not object,” he said. “This is what happens in the absence of enforcement and the absence of regulation.”

“The Street View program used special cars outfitted with cameras. Google first said it was just photographing streets and did not disclose that it was collecting Internet communications called payload data, transmitted over Wi-Fi networks, until May 2010, when it was confronted by German regulators.”

Eventually, EFF officials commented, it was forced to reveal that the information it had collected could include the full text of e-mails, sites visited and other data.

1 Comment

  • I had it put to me this way: “If you use a website..and you aren’t paying for it (i.e., Facebook, Pinterest, Google+, Twitter, etc.) then YOU are the product.” In other words, if a major social media outlet isn’t charging you, but is worth billions of dollars..it’s because they are using the data they are absorbing for marketing and other ventures..hence why it’s “free”..

    Interesting concept..scary..but sadly pretty much true. Read the user agreements..it’s all right there..?