Google told key Congressmen in a letter released June 11 that it had
mistakenly collected payload data, including potentially personal
information, from unencrypted WiFi networks, but that it thought it was
legal to do so.
The letter, which concerned an incident in which
Google dispatched cars collect information from WiFi networks for its
Street View mapping application, drew a mixed response from the
legislators, who have asked the Federal Trade Commission to look into
the issue. A top Republican called for a hearing "at minimum" on the
data collection, while a leading Democrat appeared to take Google at its
word but added that the matter needed further investagion.
believe it does not violate U.S. law to collect payload data from
networks that are configured to be openly accessible (i.e., not secured
by encryption and thus accessible by any user's device)," the company
said. "We emphasize that being lawful and being the right thing to do
are two different things, and that collecting payload data was a mistake
for which we are profoundly sorry."
Google was responding to a
letter from Energy & Commerce Committee Chairman Henry Waxman
(D-Calif.), ranking member Joe Barton (R-Tex.) and former Communications
Subcommittee Chairman Ed Markey (D-Mass.) asking for some answers to
why Google had collected the information.
Google said it had
not used the data for any product of service, that only two people in
the company had seen the data, but that it had not deleted any of the
U.S. data collected per "pending civil litigation."
In a letter
from Director of Public Policy Pablo Chavez, the company said it did not
know exactly what payload data it had collected (information beyond the
location of the wireless nets the cars were sent out to record), but
that it would likely have been "fragmented."
That said Google
conceded it should have provided more notice of its actions. "In
retrospect, it is clear there should have been greater transparency
about the collection of this data," the company said. But it also
pointed out it did not alert people that it was collecting payload data
because it had not meant to do so, and that the wider scope of the
project -- collecting information to improve the accuracy of
location-based services -- had been widely reported.
not responded at press time. Markey said it was clear Google "fell
short" of the transparency and trust that are key to consumer
protection. He said he would continue to monitor the situation and
referred to the
letter they had sent to the FTC.
But he also pointed out that the company had "admitted mistakes it
made in this matter and indicated that it has taken corrective action,
including termination of its collection of WiFi data entirely by its
Street View cars."
Barton took a far sterner tone, more in line
with the Democrats' criticisms of Comcast for its BitTorrent blocking.
"Google now confesses it has been collecting people's information
for years, yet claims they still do not know exactly what they collected
and who was vulnerable," said Barton in a release from the committee
that included Markey's comments as well. "This is deeply troubling for a
company that bases its business model on gathering consumer data," he
said. "That failure is even more disturbing and ironic in view of the
fact that Google is lobbying the government to regulate Internet service
providers, but not Google. As we are contemplating privacy legislation
in the committee, I think this matter warrants a hearing, at minimum."
The FCC has proposed expanding and codifying its broadband access
principles, including on transparency and notification. But FCC Chairman
Julius Genachowski says that should be applied only to the networks,
not to the software and applications that ride them.