Google’s public version of events of how it came to secretly intercept Americans’ data sent on unencrypted Wi-Fi routers over a two-year period doesn’t quite mesh with what the search giant told federal regulators.
And if Google had its way, the public would have never learned the software on Google’s Street View mapping cars was “intended” to collect payload data from open Wi-Fi networks.
A Federal Communications Commission document disclosed Saturday showed for the first time that the software in Google’s Street View mapping cars was “intended” to collect Wi-Fi payload data, and that engineers had even transferred the data to an Oregon Storage facility. Google tried to keep that and other damning aspects of the Street View debacle from public review, the FCC said.
Google accompanied its responses to the FCC inquiry “with a very broad request for confidential treatment of the information it submitted,” the FCC said, in a letter to Google, saying it would remove most of the redaction from the FCC’s public report and other documents surrounding the debacle.
The FCC document unveiled Saturday is an unredacted version of an FCC finding, which was published last month with dozens of lines blacked out. The report said that Google could not be held liable for wiretapping, despite a federal judge holding otherwise.
The unredacted FCC report refers to a Google “design document” written by an engineer who crafted the Street View software to collect so-called payload data, which includes telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files sent over open Wi-Fi networks.
The engineer is referred to as “Engineer Doe” in the report, though he was identified on Sunday as Marius Milner, a well-known figure in the Wi-Fi hacking community. The document says the software Milner used collected 200 gigabytes of data via Street View cars between 2008 and 2010:
The design document showed that, in addition to collecting data that Google could use to map the location of wireless access points, Engineer Doe intended to collect, store, and analyze payload data from unencrypted Wi-Fi networks. The design document notes that ‘[w]ardriving can be used in a number of ways,’ including ‘to observe typical Wi-Fi usage snapshots.’ In a discussion of ‘Privacy Considerations,’ the design document states, ‘A typical concern might be that we are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing.’ That statement plainly refers to the collection of payload data because MAC addresses, SSIDs, signal-strength measurements. and other information used to map the location of wireless access points would reveal nothing about what end users ‘were doing.’” Engineer Doe evidently intended to capture the content of Wi-Fi communications transmitted when Street View cars were in the vicinity, such as e-mail, and text messages sent to or from wireless access points. Engineer Doe identified privacy as an issue but concluded that it was not a significant concern because the Street View cars would not be ‘in proximity to any given user for an extended period of time,’ and ‘[n]one of the data gathered … [would] be presented to end users of [Google’s] services in raw form. Nevertheless, the design document listed as a ‘to do’ item, ‘[D]iscuss privacy considerations with Product Counsel.’ That never occurred. The design document also states that the Wi-Fi data Google gathered ‘be analyzed offline for use in other initiatives,’ and that ‘[analysis of the gathered data [was] a non goal (though it [would] happen.’
The majority of those words were originally blacked out at Google’s request, but the commission subsequently concluded, after the report was filed, that much of it should be made publicly available because “Disclosure of this information may cause commercial embarrassment, but that is not a basis for requesting confidential treatment.”
Rewind to May 2010, when Google announced the Street View debacle:
So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.
While those sentences are technically true, one would have no idea from reading it that the payload-slurping software was intentionally included and that project leaders had been informed, in detail, about the software. (Google’s unnamed project manager claims not to have read Milner’s design document.)
In fact, an editorial from the Electronic Frontier Foundation in 2010 shows that even experts read Google’s blog post to mean that the sensitive data was collected via an honest mistake by code-reusing engineers, rather than via an engineering team’s intentional choice that was totally missed by management tasked with overseeing them, as the FCC report makes clear.
“[T]he company admitted that its audit of the software deployed in the Street View cars revealed that the devices actually had been inadvertently collecting content transmitted over non-password protected Wi-Fi networks…. Penalties for wiretapping electronic communications in the federal Electronic Communications Privacy Act (ECPA) only apply to intentional acts of interception, yet Google claims it collected the content by accident,” wrote then-EFF attorney Jennifer Granick.
Google also demanded that the FCC black out passages revealing that several engineers had access to the Street View code, and that payload data was reviewed by engineers on at least two occasions. The unredacted FCC report also showed that Google’s supervision of the Street View project was “minimal.”
“In October 2006, Engineer Doe shared the software code and a ‘design document’ explaining his plans with other members of the Street View project. The design document identified “Privacy Considerations” and recommended review by counsel, but that never occurred. Indeed, it appears that no one at the company carefully reviewed the substance of Engineer Doe’s software code or the design document,” the unredacted document said.
Google management said publicly it did not realize it was sniffing packets of data on unsecured Wi-Fi networks in about a dozen countries until German privacy authorities began questioning what data Google’s Street View mapping cars were collecting. Google, along with other companies, use databases of Wi-Fi networks and their locations to augment or replace GPS when attempting to figure out the location of a computer or mobile device.
Google initially stored “all Wi-Fi data in machine-readable format” on hard disks on each Street View car, “the Company ultimately transferred the data to servers at a Google data center in Oregon,” the unredacted report revealed.
The FCC originally released a heavily redacted version of its investigation into the Street View debacle last month,
fining the company $25,000 for stonewalling the investigation.
But the report had black bars over the key findings. The FCC followed procedures that allow companies to withhold business-related confidential information from the public. So, at Google’s request, it initially redacted its report, known as a “notice of apparent liability,” according to an e-mail from Tammy Sun, an FCC spokeswoman.
However, the FCC did not agree with Google’s “broad requests for confidential treatment” and was moving to uncensor its report, which required giving Google an opportunity to protest the decision.
So Google decided to preempt the FCC.
On Saturday, a dumping ground day for news, Google forwarded a virtually unredacted version of the report to the Los Angeles Times. The FCC posted its mostly unredacted version of the document on its website three days later.
Google declined to be interviewed for this story. Instead, it released a canned statement attributable to “a Google spokesperson.”
“We decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us.”
Both the redacted and unredacted FCC reports concluded that, between 2008 and 2010, “Google’s Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States.”
But, the commission said, Google did not engage in illegal wiretapping because the data was flowing, unencrypted, over open radio waves.
The commission found that legal precedent — and engineer Milner’s invocation of the Fifth Amendment — meant Google was off the hook for wiretapping. The FCC agreed with Google that its actions did not amount to wiretapping because the unencrypted Wi-Fi signals were “readily accessible to the general public.”
According to the Wiretap Act, amended in 1986, it’s not considered wiretapping “to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.”
But U.S. District Judge James Ware, a California federal judge presiding over about a dozen lawsuits accusing Google of wiretapping Americans, ruled last year that Google could be held liable for wiretapping damages.
Judge Ware said that the FCC interpretation did not apply to open, unencrypted Wi-Fi networks and instead applied only to “traditional radio services” like police scanners. The lawsuits have been stayed, pending the outcome of Google’s appeal.