FCC Clears Google Over Wifi Eavesdropping But Fines It $25,000 For “Noncompliance” With Requests
The US Federal Communications Commission has cleared Google of any legal wrong-doing over its Street View cars that intercepted wifi transmissions. That’s the good news for the company. The bad news? The FCC is fining Google $25,000 for “willfully and repeatedly” not cooperating with the investigation. The StreetView Wifi Eavesdropping In 2010, it was discovered […]
The US Federal Communications Commission has cleared Google of any legal wrong-doing over its Street View cars that intercepted wifi transmissions. That’s the good news for the company. The bad news? The FCC is fining Google $25,000 for “willfully and repeatedly” not cooperating with the investigation.
The StreetView Wifi Eavesdropping
In 2010, it was discovered that Google’s Street View cars were doing more than just taking pictures. They were also gathering information about wifi locations, meant in part as a way for Google to better locate people using services such as Android phones or search. But along with wifi access points, Google was also gathering information being transmitted through those points, including emails, passwords and more.
The company said the data was gathered by mistake and that it was “mortified” by what happened. But that didn’t stop regulatory bodies around the world from investigating Google for potential wrong-doing.
Our Google Maps Privacy: The Street View & Wifi Scorecard page summarizes the status of cases in various countries. In the US, the Federal Trade Commission ended its investigation without any penalty. The separate FCC decided to issue one on Friday, though the news broke today through places like the Wall Street Journal and the New York Times.
The FCC’s ruling can be found here (hat tip to TechCrunch). In it, the agency cleared Google of violating Section 705(a) of the US Communications Act, which prohibits unauthorized interception of communications, saying there was no “clear precedent” for applying the act to wifi communications.
Google argued to the FCC that unencrypted communications are “readily accessible” to the general public and thus neither violates the US Wiretap Act nor the Communications Act. The FCC seems to dodge agreeing with this, thus the whole “no precedent” thing. But the FCC specifically says that it did “not find sufficient evidence” of a violation.
For its part, Google sent me this statement:
We worked in good faith to answer the FCC’s questions throughout the inquiry, and we are pleased that they have concluded that we complied with the law.
Penalized For Noncompliance With Investigation Requests
The document is littered with unflattering references to Google’s cooperation, or alleged lack of cooperation, with the case. From the opening of the report, where the FCC explains that it is fining Google $25,000 for “noncompliance” with requests:
For many months, Google deliberately impeded and delayed the Bureau’s investigation by failing to respond to requests for material information and to provide certifications and verifications of its responses.
In this Notice Of Apparent Liability for Forfeiture (NAL), we find that Google apparently willfully and repeatedly violated Commission orders to produce certain information and documents that the Commission required for its investigation.
The report goes on to list the FCC’s grievances with Google, in particular:
- It provided only five document in responses to the FCC’s broad request for information
- It didn’t provide any email correspondence nor perform any comprehensive review of emails related to the case, deeming that to be “a time-consuming and burdensome task”
- It didn’t identify individuals who may have authorized or reviewed the wifi information
- It redacted some information as to make it useless to the FCC (ironic given how the FCC report itself is so redacted in parts that what remains is useless)
- It didn’t provide an affidavit signed by someone with personal knowledge of the information that was provided to the FCC
The FCC goes on to say it took five attempts to get the affidavit it wanted, along with several back-and-forths to get additional information it sought. It also takes a slam at Google, the search leader, for saying searching through email would take too much time:
Although a world leader in digital search capability, Google took the position that searching its employees’ e-mail “would be a time-consuming and burdensome task.
Again, for its part, Google told me that it provided every piece of documentation that the FCC asked for during its inquiry.
Google Engineer Takes The 5th
Perhaps the most harmful part of the report to Google, in my view, is that the engineer whose code eventually created the mess that Google found itself in refused to talk with the FCC, citing his Fifth Amendment right against incrimination:
The Bureau also issued a subpoena to take the deposition of the Google engineer (Engineer Doe) who developed the software code that Google used to collect and store payload data. Through counsel, however, Engineer Does invoked his Fifth Amendment right against self-incrimination and declined to testify.
Recall what Google said of the engineer’s involvement, when the case first came to light:
Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.
If it was just a mistake, you’d think the engineer would have no problem explaining what happened. Perhaps everything was just an innocent mistake, and the engineer was just unreasonably afraid. But taking the Fifth creates the appearance of some type of wrong-doing, even if that’s not the case.
The FCC also left open that because it couldn’t interview Engineer Doe, it couldn’t fully know if perhaps encrypted communications had been decrypted somehow. If that were the case, then the FCC might have had a legal case against Google.
Part of me wonders why the FCC didn’t offer some type of immunity to the engineer, given that the real target was Google. Perhaps it did — I’ll try to see if I can learn more when the work-week begins.
Part of me also wondered if this engineer was still working for Google. Having code you wrote get reused in a way you didn’t expect isn’t something you think an employee would be fired over. But refusing to cooperate in an FCC investigation? While the employee might have the Fifth Amendment right to refuse to testify, I suspect Google would also be within its right to say that it no longer wanted him to be working there.
Google said it doesn’t typically comment on employment status nor could it speculate as to why the engineer refused to testify.
- Google Stops WiFi Collecting Street View Cars After Privacy Concerns
- Google Street View Collected Emails, Passwords (Social Security Numbers, Your Dog’s Name….)
- Report: Google Street View Collected Device Locations, Not Just WiFi Access Points
- Google Maps Privacy: The Street View & Wifi Scorecard