A Google Inc. GOOG -0.08% engineer told others at the company about his plan to scoop up personal information from wireless-network users as specially equipped cars drove by their homes, but the practice continued for two years after the internal disclosures, a Federal Communications Commission investigation found.
The engineer, whose name hasn't been disclosed, explained his plans to other engineers and at least one senior manager involved with the project, known as Street View, in 2008, the FCC report states. Nevertheless, it says, Street View managers told the agency they didn't learn the Google cars were collecting the personal information until 2010.
Findings in the report bolster Google's contention that the plan to gather the personal data—which included the contents of some emails and the Web addresses of sites users visited—was conceived by a single engineer. But it also suggests that Google might have been able to move faster to put a stop to the activity, which prompted apologies by the company and has helped fuel government scrutiny of its privacy safeguards.
A heavily redacted version of the report was released earlier this month. Google decided to release a nearly complete version of the report after the FCC concluded Google didn't violate a U.S. law against wiretapping but said it obstructed the probe and must pay $25,000. The Los Angeles Times reported the findings in the document Saturday.
Google strongly denies impeding the probe.
"We decided to voluntarily make the entire document available except for the names of individuals," a Google spokeswoman said. "While we disagree with some of the statements made in the document, we agree with the FCC's conclusion that we did not break the law. We hope that we can now put this matter behind us."
Google's Street View project sent hundreds of vehicles to photograph city streets around the world so that people using Google Maps could see 360-degree images of the locations. An aspect of the project that wasn't generally known at the time was Google's collection of data about individual wireless networks, including those in people's homes.
The data, among other things, has been used to help Google figure out the precise location of someone using a smartphone powered by the company's Android software.
In April 2010, Google denied that it was collecting private data from Wi-Fi users, but it reversed itself the following month. It said it had learned that data had been collected from unprotected Wi-Fi networks and attributed the activity to a single Google engineer. "Quite simply, it was a mistake," the company said in a blog post.
The FCC's 25-page report, dated April 13, provides additional evidence that the plan to gather the data was intentional. It says the unnamed engineer wrote computer code to collect "payload data"—including personal email, text messages, passwords, Internet-usage history and other personal information that was moving through unencrypted Wi-Fi networks within range of the Street View vehicles between 2008 and 2010.
The engineer, the report said, believed such data could be useful to the company. The FCC report said the engineer wrote a "design document" for his work that listed as a "to do" item the need to discuss "privacy considerations" with a company lawyer, something the agency said never occurred. Google also said the information was never used.
Colleagues of the engineer claimed during the probe that they didn't know about the practice despite the engineer's disclosures, the report stated, but the agency provides evidence that at least one senior manager did talk with the engineer about it. An internal email recounted a conversation in which the engineer "openly discussed his review of payload data with a senior manager of the Street View project," the report stated.
In an excerpt from an email, the manager asked the engineer: "Are you saying that these are URLs [Web addresses] that you sniffed out of Wifi packets that we recorded while driving?" The engineer confirmed the practice in a subsequent email.
The manager wasn't named. The engineer has refused to testify in the probe, invoking the Fifth Amendment right against self-incrimination.
Since Google disclosed the controversial practice in 2010, it has faced scrutiny from foreign governments as well as U.S. state attorneys general, though so far it hasn't faced major penalties. The company has been fined for allegedly violating privacy laws and has agreed to audits of its privacy practices.
U.S. and European regulators are now investigating how Google bypassed the privacy settings of millions of users of Apple Inc.'s AAPL -0.77% Safari Web browser, a practice that was discovered earlier this year. In that instance, Google used special computer code to install tracking files known as cookies on some people's computers even if the device was set to block such tracking. Google says it has removed such "cookies" and never collected personal data.
Please login to add to favorites
Already added to favorites
Added as Favorite