Google Street View cars capture open wifi data, fines follow


In 2010, Google revealed that a data audit required by Germany's data protection authority had revealed that since 2007 the cars deployed to capture images for its Street View project had accidentally captured 600GB of data from local wifi networks, including personal web browsing histories. Google said it used network names (SSIDs) and router identifiers (MAC addresses) to use for its location services, but did not use any of the payload data, which the company said consisted only of fragments of activity from open wifi networks and would not include passwords or data from password-protected web services. The company blamed the error on a single engineer who deployed a piece of legacy code that was reused in programming the cars' software. An investigation by the US Federal Communications Commission found, however, that an engineer discussed the data collection with others at the company including a senior manager. However, the FCC dropped the investigation after concluding that the captured unencrypted network traffic was not protected by US federal wiretap laws and the engineer pleaded the Fifth Amendment. The FCC imposed a $25,000 for obstructing the investigation.

In March 2013, Google agreed to pay $7 million to settle investigations in 38 US states and the District of Columbia, and to destroy all the data it collected in the US. A series of 2010 lawsuits filed by consultant Ben Joffe and 17 other plaintiffs arguing that the Wiretap Act covers the interception of unencrypted wifi communications were consolidated and heard by the 9th US Circuit Court of Appeals in 2013; the court's refusal to exempt Google from liability under the Wiretap Act was an important decision in upholding privacy rights in data, whether or not it's transmitted over a secure network. In 2014, the US Supreme Court declined to hear the case. 

Google was also investigated by regulators in a dozen other countries, at least nine of which found that the company had violated their wiretap laws. including France (€100,000) and Germany (€145,000). In the UK, the Information Commissioner's Office ordered the company to destroy the data, but did not impose a fine.

Writer: Jemima Kiss, Sean Gallegher, Jonathan Stempel, Peter Sayer, Loek Essers, BBC, EPIC

Publication: Guardian, Ars Technica, Reuters, MacWorld, PC World, BBC, EPIC

Related learning resources
Target Profile