Poor coverage of Google’s Street View scandal settlement
2013 03 22

By Ryan Chittum | cjr.org


Google paid $7 million to 38 states earlier this week to settle its Street View privacy scandal.

This was a serious privacy violation and despite the fact that this story has been unfolding for three years, much of the coverage of the settlement was surprisingly poor.

So it’s worth backtracking to remember what happened here.

In Europe a few years ago, Google was under scrutiny for its Street View cars, which trawl streets taking pictures for Google’s maps. Protestors didn’t want the Web giant taking pictures of their homes and putting them online. They didn’t realize that Google would also be collecting information from their Internet routers as it passed by.

In April 2010, privacy-sensitive Germany discovered that Google was collecting MAC addresses and wifi network names in order to improve its location services technology. German regulators went bananas.

A few days later, on April 27, 2010, Google responded in a blog post by that said, “Google does not collect or store payload data,” which is data you transmit when using the Internet.

Eight days after that, on May 5, German privacy regulators told Google they wanted to audit one of its Street View cars themselves to prove that it wasn’t collecting sensitive personal information.

By May 14, Google was forced to issue a correctionof its earlier statement, admitting that it had collected and stored payload data:

But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.

However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second…

So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.
But most everything Google said there was also incorrect.

We now know that a Google engineer, Marius Milner, “made a deliberate software-design decision” to collect the data, that Google collected more than fragments of information, and that Milner told his supervisors and colleagues about the tracking in the design document for the project. The question naturally arises: What else are middle-tier coders collecting at Google that their bosses don’t know about?

What made this worse was Google’s response when the scandal came to light. Milner invoked his Fifth Amendment rights and, in the words of the FCC, “Google deliberately impeded and delayed the Bureau’s investigation” by “willfully and repeatedly violat(ing) Commission orders to produce certain information and documents that the Commission required for its investigation.”

Although a world leader in digital search capability, Google took the position that searching its employees’ e-mail “would be a time-consuming and burdensome task.”
Google’s lawyers disputed the FCC’s assertions about the company’s cooperation, but how often do you see the FCC scream at a giant company like that?

Adding to the screwball comedy element, Google told regulators that it would delete the data. Then it told them two years later that it hadn’t quite done that.

That’s the background. Now on to this week’s coverage of the settlement.

Happily, AllThingsD’s Liz Gannes, who got the settlement scoop last week, got the story right. Many of those who followed her did not.

Time just flat gets the story wrong, buying Google’s assertion that it was an accident (emphasis mine):

But it turned out that Google went much further than that, vacuuming up snippets of browser history and email data. The company explained that when the Street View program launched, the team inadvertently included code in their software that “sampled all categories of publicly broadcast WiFi data,” even though the project leaders did not want the more comprehensive data. As soon as Google discovered the practice, it grounded the Street View cars and separated and secured the data on its network.
Again, Milner designed the software to do what Time says Google did inadvertently.

TechCrunch also misses:

In 2010, Google was accused of collecting some private Wi-Fi payload data while its Street View vehicles were on the road and taking images in the U.S. and Europe. Google first denied that this ever happened, but the company later confirmed that this was indeed the case, though it also argued that this was “a mistake.” In 2006, Google argued, one of its engineers developed some code to collect this data for an experimental project and this code somehow found its way into the Street View code, as well.
Google argued that, but it was later shown to be false by the FCC, something TechCrunch doesn’t note.

Agence France Presse flubs the story too, as does the Washington Post:

Google has long said that Street View’s collection of personal information was inadvertent and has apologized.

Jeff Jarvis, author of glowing book called What Would Google Do and another book that criticizes the “panic over privacy,” Public Parts, didn’t much like the lede story in The New York Times the day after the settlement, firing off a post at his BuzzMachine blog accusing the paper of something called “technobias.”

Now, you can certainly argue about whether this story deserved the placement it got, and Jarvis is right on to criticize the Times for this quote from an anti-Google shill, which lands in the fifth paragraph of the piece:

“Google puts innovation ahead of everything and resists asking permission,” said Scott Cleland, a consultant for Google’s competitors and a consumer watchdog whose blog maintains a close watch on Google’s privacy issues

Look, you’re not really a “consumer watchdog” if you’re on the payroll of Microsoft and the telecom giants. The Times shouldn’t have quoted Cleland so high in the story—and maybe not at all.

But other Jarvis criticisms are way off.

The cars recorded whatever data was passing on these — again — *open* and *public* networks, which can be easily closed.

Just because the networks weren’t password-protected doesn’t mean their owners wanted Google driving by in a car and vacuuming up their URLs, emails, and bank account passwords to see whether they might be of corporate interest.

And here’s how Jarvis explains the backstory:

Stupidly and for no good reason, the cars also recorded other data passing on *open* wifi networks. But that data was incredibly limited: just what was transmitted in the random few seconds in which the Google car happened to pass once by an address. There is no possible commercial use, no rationally imagined nefarious motive, no goldmine of Big Data to be had. Nonetheless, privacy’s industrial-regulator complex jumped into action to try to exploit the incident. But even Germany — the rabid dog of privacy protectors — dropped the case.

But the FCC found that Google “intended to collect, store and review” the data “to be analyzed offline for use in other initiatives.” And Germany dropped the criminal case, while France levied a record fine and Norway and others investigated and fined Google too.

Finally, Jarvis actually questions whether Google is a “serial privacy violator,” as the Times quotes unnamed critics calling it. But that’s hardly unreasonable for the paper to do, particularly since it quotes Consumer Watchdog (not the shill) essentially saying the same thing.

Recall the Google Buzz disaster, which prompted an FTC settlement, and how it hacked iPhones to track users for ads and paid the biggest FTC fine in history. There’s the Google Play question. Then there’s the EU regulators who say they will take “coercive actions” against Google “after it failed to follow their orders to comply with EU privacy laws” after Googlechanged its policy to track users across all its products.

“At the end of a four-month delay accorded to Google to conform and promise to implement recommendations, no response has been forthcoming by the company” said France’s CNIL data protection agency.
That sounds an awful lot like what the FCC said happened in the Street View case. Really, what do you have to do to earn the label serial violator

The point is, Google is an incredibly powerful and important corporation, and its slip-ups require close attention, and a memory of what’s been reported not so long ago.

Source: cjr.org



Related Articles


Latest News from our Front Page

Starbucks Supports Pro-GMO Company
2014 11 26
Another reason why you should not go to Starbucks. Starbucks has an image of being a socially responsible, environmentally friendly company (Really?). In 2013, 95 percent of their coffee was ethically sourced, and their goal is to reach 100 percent by 2015.1 Other goals include reducing water consumption by 25 percent in their company-operated stores by 20152 and mobilizing their employees and ...
Group Polarization and the Fad of Ethno-masochism
2014 11 26
From "Group polarization: A critical review and meta-analysis". Journal of Personality and Social Psychology. 6 50 (6): 1141--1151 The psychology of White self hatred. Political correctness IS a mental disorder. More: Group polarization: A critical review and meta-analysis. Isenberg, Daniel J. the paper Indoctrinate U Harvard Professor Noel Ignatiev talks about how to end the White race The History of Political Correctness The Narrative: The origins of Political ...
Credo: A Nietzschean Testament by Jonathan Bowden
2014 11 26
This lecture by Jonathan Bowden was given at the 11th New Right meeting in London on September 8, 2007. The original title of the presentation was “The Art and Philosophy of Jonathan Bowden.” I think ideas are inborn, and you’re attracted, if you have any, toward certain systems of thinking and sensibility and response. From a very young age, I was ...
A Look Back at the OJ Simpson Verdict -- Reactions
2014 11 26
This is a look back at the different reactions to the OJ Simpson verdict some 20 years ago (exact date of verdict was Oct 3, 1995). The OJ Simpson jury consisted of 9 Blacks, 1 Hispanic, and 2 Whites. It would raise eyebrows after they only deliberated for 4 hours in a case that they were involved in for almost ...
New York Times Publishes Darren Wilson’s Street Address and Photo of House #Ferguson
2014 11 26
Hey here are the two @nytimes scumbags that published Wilson’s home address. —> @juliebosman & @campbellnyt— Ben Howe (@BenHowe) November 25, 2014 Michael Brown’s Stepdad Shouting ‘Burn This Bitch Down’ The New York Times published information about the address of Ferguson Police Officer Darren Wilson on Monday in a move that has generated controversy. Tensions are running high in Ferguson, Missouri, as ...
More News »