Google released a mostly uncensored version of the FCC’s report on the Street View privacy debacle over the weekend, and the new revelations in the document will undoubtedly prompt privacy groups and Congress to demand further investigations and sanctions. And justifiably so. The full FCC report reveals that Google’s systematic interception of Wi-Fi content was intentional, and not the “mistake” that senior executives have repeatedly claimed in the past.
But while Google should certainly be raked over the coals by privacy hawks on Capitol Hill, I don’t think Congress should stop there. The FCC must be next in line.
For several years, Google has repeatedly insisted that the capture of payload data by the company was unbeknownst to them, the work of a single engineer acting on his own initiative. The FCC report (.pdf) states, however, that the code “was deliberately written to capture payload data” and that the engineer who wrote it (in his 20% time), told several colleagues about its capabilities — including, in writing, a senior manager.
None of those details emerged when the FCC first released its post-investigation report two weeks ago. That’s because the FCC opted to use page-long black redaction boxes — the kind commonly seen in CIA torture memos – to bury those sections of the report, keeping the public from learning about the extent to which Google had lied about its deliberate collection of Wi-Fi content data.
The FCC’s redactions led the media to focus on far less important issues, such as the number of seconds that it would take Google to pay off the pathetic $25,000 fine the FCC levied for Google’s reluctance to cooperate in the investigation, and the fact that the still-unnamed engineer invoked his 5th Amendment rights.
The media didn’t screw up. It was essentially misled by a federal agency, which for some reason found it necessary to shield Google’s reputation.
Google ultimately decided to publish the more complete version of the report this weekend (initially via an exclusive provided to the Los Angeles Times), just a few days after the Electronic Privacy Information Center, a Washington, D.C. public interest group, filed a Freedom of Information Act request with the FCC for a copy of the full report. Had the group not filed the request and forced Google’s hand, the public still might not know the full story.
The FCC can and should have told the public
Now that Google’s prior statements have been shown to be less than truthful, I’m sure that some advocates will criticize the FCC for shuttering its investigation.
I won’t do this. It is quite possible that the FCC staffers quoted anonymously by the New York Times are correct in their belief that outdated U.S. electronic privacy laws do not provide the FCC with sufficient legal authority to go after a company that intercepts Wi-Fi payload data. My own former employer, the Federal Trade Commission, similarly closed its own investigation into Google’s Wi-Fi snooping with a mildly worded letter (.pdf). Although I was not permitted to work on the investigation due to a conflict, it is my personal belief that the FTC’s narrow “unfairness” and “deception” authority left it without a legal hook to go after Google for this particular privacy violation, and the FCC might well be in a similar position.
However, even if the FCC lacked the legal authority punish Google, nothing prevented the agency from alerting the public, the media, and Congress to the full extent of Google’s sins. Instead, the agency opted to keep the public in the dark.
The FCC has yet to reveal the reasons why it opted to so heavily redact the most damning portions of the Google WiFi report. Congress should not wait for the FCC to volunteer an explanation. It should demand answers.