FCC report: Google engineer deliberately snooped on Wi-Fi, but did so alone

A Google engineer deliberately wrote software that collected private data from home Wi-Fi networks but did so alone, according to an un-redacted report from the Federal Communications Commission. 

The investigation found that the Google engineer, who was not identified, told other Google employees about the program, but conceived it and carried it out alone. 

The FCC released a heavily redacted version of the report earlier this month, and Google provided a more complete version to The Hill on Monday.

ADVERTISEMENT
“We decided to voluntarily make the entire document available except for the names of individuals," a Google spokeswoman said in a statement. "While we disagree with some of the statements made in the document, we agree with the FCC's conclusion that we did not break the law. We hope that we can now put this matter behind us.”

The FCC fined Google $25,000, saying the company "deliberately impeded and delayed" the government's investigation into the case. But the FCC was unable to conclude whether Google violated wire-tapping laws.

From 2007 to 2010, Google cars collected data from nearby Wi-Fi networks as they drove through neighborhoods, taking pictures for the company's Google Maps Street View project. The data included Internet activity, passwords and other personal information.

After interviewing Google employees and reviewing company documents, the FCC determined that the data collection "resulted from a deliberate software-design decision by one of the Google employees working on the Street View project."

The Google engineer invoked his Fifth Amendment right not to speak with federal investigators.

According to the report, the engineer was not a full-time member of the Street View team. Instead, he worked on the project as part of Google's "20 Percent Program," which allows employees to spend 20 percent of their time working on projects that interest them.

The company intended to collect general data about Wi-Fi networks as the company's cars drove around the world to take pictures of streets. But the investigation found that the Google engineer altered the software to collect "payload data," which included personal information from Wi-Fi networks that were not password-protected.

The engineer "evidently intended to capture the content of Wi-Fi communications transmitted when Street View cars were in the vicinity, such as e-mail, and text messages sent to or from wireless access points," the report found.

The engineer reportedly believed that the additional data could help Google find out more about how people used its search engine. 

He identified privacy as an issue, but concluded it was not a significant concern because Google's cars would only be in the vicinity of any one Wi-Fi network for a short period of time.

His design document included "discuss privacy concerns with product counsel" as a to-do item, but that never occurred, according to investigators.

The engineer discussed the program informally with a member of Google's search quality team and sent an email to manager of the Street View project in which he described information about websites that users had visited.

"Are you saying that these are URLs that you sniffed out of Wi-Fi packets that we recorded while driving?" the manager asked. 

The engineer responded, "The data was collected during daytime when most traffic is at work (and likely encrypted) ... I don't think the numbers are high enough for a good sample."

The managers of the Street View project told investigators they only became fully aware of the data collection in April or May 2010. The company then stopped the practice.

After the FCC first released the redacted report, Rep. Edward Markey (D-Mass.) called for a congressional hearing on the data collection to "get to the bottom of this serious situation."