FCC: Google staff knew of Street View data breach
The Google engineer behind the collection of wireless data by Street View cars told at least two colleagues – including a senior manager – about the controversial plans before it was released, a US regulator has found.
The Federal Communications Commission (FCC) said in a report that the Google engineer told colleagues in 2007 that his Street View programme could collect private information including emails and text messages.
In a report published by Google on Sunday, the FCC said that five engineers were involved in implementing the Street View code but did not realise it could collect so-called payload data.
The engineer specifically told two colleagues, including a senior manager, that it was designed to collect this information in 2007 and again in 2008.
Google has faced criticism from regulators around the world for collecting private information from unsecured wireless networks via its Street View mapping cars between May 2007 and May 2010.
The company admitted publicly in May 2010 that it had collected the data, which the FCC said was not a breach of US laws.
A spokesman for Google said: “We decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us.”
Google was fined $25,000 (£15,300) earlier this month after the FCC said the company had impeded its investigation into the affair.
The FCC said in the report that for months last year Google wilfully and repeatedly obstructed its investigation by withholding certain documents.
Google’s supervision of the controversial programme was described by the FCC as minimal and it had not been reviewed by internal privacy lawyers despite a recommendation from “Engineer Doe” as early as October 2006.
One senior manager at Google pre-approved the engineer’s plans, the FCC said, while two colleagues were specifically told that Street View could collect sensitive information such as passwords, emails and internet browsing history.
“For more than two years, Google’s Street View cars collected names, addresses, telephone numbers, URLs, passwords, email, text messages, medical records, video and audio files, and other information from internet users in the United States,” the report said.
Google was found to have collected similar data from users in the UK, Netherlands, France and other countries where its Street View cars operated.
The FCC said that the engineer intended to collect and store the data for possible use in other Google projects. On at least one occasion, the engineer reviewed payload data to identify frequently visited websites, according to the report.
“The record also shows that Google’s supervision of the Wi-Fi data collection project was minimal … indeed, it appears that no one at the company carefully reviewed the substance of Engineer Doe’s software code or the design document.”
Google has apologised for the collection and last year said it would beef up its internal privacy policies as a response to the failure.
[Street view via ppl / Shutterstock]