This is a story which started back in 2010, when then Attorney General of Connecticut Richard Blumenthal began working with his counterparts in other states to investigate claims that web giant Google had been using their “street view” cars to take more than pictures. They were allegedly tapping into open wi-fi networks of businesses and individuals while cruising around the country and collecting all sorts of data.
“My office will lead a multistate investigation–expected to involve a significant number of states–into Google’s deeply disturbing invasion of personal privacy,” Blumenthal said in a statement. “Street View cannot mean Complete View–invading home and business computer networks and vacuuming up personal information and communications. Consumers have a right and a need to know what personal information–which could include emails, web browsing and passwords–Google may have collected, how and why.
The details of the types of data Google was sniffing out from these open portals are potentially alarming, but the company’s reaction to the charges was somewhat comical.
Now, recording passwords and extracting them are two entirely different matters, and there’s no evidence of the latter. That said, this is still an unfortunate revelation for Google (GOOG), which has sought to downplay the implications of the breach by portraying it as a mistake and the data collected as inconsequential. Indeed, last month CEO Eric Schmidt excused the company for its misstep, saying, “There was no harm, no foul.”
No harm, perhaps, but there was certainly a foul–particularly since it now appears the data collected may have been protected by privacy laws.
In fact, the list of excuses and descriptions put forth by Google in an attempt at spin control looks more like it was cooked up by a seventh grader who just got caught sneaking in after curfew. Their first response in 2010 was actually to say that they hadn’t collected any data. Then, as the investigation continues, they said they had collected data, but had done so “by accident.” Their next line of defense was that the collection software was introduced by a “rogue engineer” but left in anyway. And the last round of explanations gone awry was that they had deleted all the data anyway, but it turned out they still had some of it so they turned it over to the government.
Now the tale seems to be drawing to a close, and Google is going to have to pony up some cash to the states investigating them.
Google will soon settle with the attorneys general representing more than 30 U.S. states over its Street View cars collecting data from unsecured Wi-Fi networks, multiple sources said.
Google is to pay $7 million, to be distributed among the attorneys general, according to a person familiar with the matter. That person said the agreement is close to being finalized, and should be announced early next week.
I’m not sure how badly $7M will hurt Google, given their usual cash flow situation, but I suppose they are at least paying more attention to what sorts of things they go fishing for these days. The other question which keeps coming up for me – and maybe some of you tech experts can help out here – is exactly what sort of crime was alleged to have taken place. These instances are supposed to have taken place involving “open” or unsecured wireless networks. I have one at my house, but it’s got some pretty heavy encryption on it. If you don’t secure your wireless and people wander by and hook up to it, are they actually breaking the law? Aren’t you responsible for your own security? (Seriously… I don’t know the answer to that one. I’m just asking.)
All the original reporting for this piece came from All Things D.