Google to Cough Up Garbled WiFi Gleanings
Is it a monstrous privacy breach or a monumental PR disaster? Google is making a vigorous effort to counteract the negative publicity over its Street View data-gathering debacle, promising to turn over its accidental catch to European regulators. Perhaps some unsecured data did cross the network in those fractions of a second when a Google vehicle drove by, said WildPackets exec Jay Botelho, but that data is now mixed with similar data from thousands upon thousands of other users.
Google will turn over data it collected from unsecured WiFi networks to authorities in Germany, France and Spain.
This is the latest development in a controversy that began last month with Google's admission that cars gathering images for its Street View service were equipped with devices that captured information leaking from unsecured WiFi networks.
Google insisted the WiFi data collection was unintentional and said none of the information has been used in its products.
Nonetheless, the news that the search engine giant had collected this information set off legal firestorms on both sides of the Atlantic.
German prosecutors in Hamburg have launched an investigation into Google's actions. Canada's privacy commission has also initiated a probe. In the U.S., Reps. Edward Markey, D-Mass., and Joe Barton, R-Texas, have asked the Federal Trade Commission to look into the matter.
Lawsuits have been filed in Washington D.C., California, Massachusetts and Oregon. A federal judge in Oregon ordered Google to hand over copies of the data to be kept under seal until it is decided whether it's admissible as evidence.
While it is bracing for intense regulatory scrutiny, if not a legal onslaught, Google has also gone on a public relations offensive, apologizing profusely for the data collection with a mea culpa from CEO Eric Schmidt himself.
"We screwed up. Let's be very clear about that," Schmidt told the Financial Times, which first reported the news that Google would be handing over the data to authorities in Europe.
The company will publish the results of an external audit of the practice, and it is conducting an internal review of any practices that touch upon data collection, Schmidt promised.
The decision to hand over the data to the regulatory authorities is likely part of that campaign, speculated Randy M. Friedberg, counsel with White and Williams.
"Google has historically fought tooth and nail to protect its own data," Friedberg told the E-Commerce Times. "What they are trying to do is avoid becoming a version of BP. They want to manage public opinion as best as possible and try to avoid a criminal investigation."
Lost in the furor is any debate about the locational data that Google was also collecting, noted Marc Rotenberg, executive director of the Electronic Privacy Information Center.
Google also gathered unique ID addresses, the MAC address for wireless access devices, as well as the SSID assigned by users, he maintained -- a point EPIC made in a letter to the FTC.
For example, if a household used a WiFi router to network its devices, Google conceivably could have captured and identified specific information that was sent from a computer in the living room, named, for example, "the Roberts family computer," he explained.
"This is a huge privacy violation that Google is not talking about."
It is also possible that other companies might get caught up in this once the regulators have had a look at the data that was collected, speculated Henry T. Kelly, a partner with Kelley Drye & Warren.
"Most data security laws prohibit a company from allowing confidential information to become publicly available," Kelly told the E-Commerce Times. "If Google's sniffing software used in its Street Views cars accessed information that should have been secured by those companies, these regulators may initiate investigations against those companies."
In Google's Defense
More than likely, whatever will be revealed by the data will not be very useful -- or indicate that Google did this on purpose, Jay Botelho, director of product management at WildPackets, told the E-Commerce Times.
"In any given neighborhood, people have WiFi accounts with different access point (AP) channels," he explained. "Google would have to scan all of the available channels to collect the data that's really of interest -- namely whether or not there's an AP around, its network name, and the channel it's broadcasting on. Even if Google scans through all of these channels, data is only being collected on an individual's specific channel a fraction of the time."
Perhaps some unsecured data did cross the network in those fractions of a second when a Google vehicle drove by, but that data is now mixed with similar data from thousands upon thousands of other users, Botelho said. "This is the definitely not the most effective solution to try to get access to users' critical wireless data."