Did Google Get Off Easy With $7 Million ‘Wi-Spy’ Settlement?

  • Share
  • Read Later
Fabrizio Bensch / REUTERS

Seven million dollars.

That’s how much Internet giant Google will pay to settle a multi-year investigation into its controversial “Wi-Spy” data collection practices. The furor erupted in 2010 when Google disclosed that it had collected Wi-Fi data from unsecured wireless networks as its “Street View” vehicles crawled major cities worldwide, photographing buildings for a ground-level view on Google Maps. On Tuesday, Google agreed to pay $7 million to 38 states and the District of Columbia to settle the matter. To put that in perspective, Google generated revenue of about $50 billion last year, or nearly $6 million per hour.

Big Internet companies like Google and Facebook frequently push the boundaries of user privacy. But the “Wi-Spy” case was particularly alarming to consumer advocates, because it raised the specter of Google’s “Street View” cars — which had already raised privacy concerns — roaming around major cities vacuuming up personal data, including snippets of browser activity, email traffic, and even medical and financial records, from the Wi-Fi networks of unsuspecting users. Although Google insisted that it never used any of the data in its products, the episode struck many as creepy — and inspired many consumers to encrypt their Wi-Fi networks.

(MOREGoogle’s Federal Antitrust Deal Cheered by Some, Jeered by Others)

“While the $7 million is significant, the importance of this agreement goes beyond financial terms,” Connecticut Attorney General George Jepsen, who led the multi-state probe, said in a statement. “Consumers have a reasonable expectation of privacy. This agreement recognizes those rights and ensures that Google will not use similar tactics in the future to collect personal information without permission from unsuspecting consumers.”

Tuesday’s agreement also requires Google to launch an employee education program about user data privacy, as well as to sponsor a nationwide public service campaign to help educate consumers about securing their wireless networks and protecting personal information. The company must also continue to secure, and eventually destroy, the Wi-Fi data collected by its Street View vehicles, according to the settlement. Google’s public service campaign will begin later this year and will include online YouTube videos as well as half-page ads in national and state newspapers.

In 2010, Google acknowledged that its Street View Wi-Fi collection was a mistake. “We screwed up, and I’m not making excuses about it,” Google co-founder Sergey Brin said at the time. “We do have a lot of internal controls in place, but obviously they didn’t prevent this error from occurring.”

(MORE: In Major Victory, Google Dodges Federal Antitrust Lawsuit with FTC Deal)

So how did it happen? Google said that along with photographs, its Street View cars were originally intended to collect data like the Wi-Fi network name and router address, as the cars passed homes and businesses. According to Google, this data would be used to improve the company’s location-based services like Google Maps, which uses cell towers and Wi-Fi access points to help users identify their location on mobile devices.

But it turned out that Google went much further than that, vacuuming up snippets of browser history and email data. The company explained that when the Street View program launched, the team inadvertently included code in their software that “sampled all categories of publicly broadcast WiFi data,” even though the project leaders did not want the more comprehensive data. As soon as Google discovered the practice, it grounded the Street View cars and separated and secured the data on its network.

Law enforcement officials and privacy advocates were outraged, and for nearly three years, Google has been working with the authorities on a settlement. “We work hard to get privacy right at Google,” the company said in an emailed statement. “But in this case we didn’t, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn’t use it or even look at it. We’re pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement.”

(MORE: Top U.S. Lawmakers Back Mobile Phone Unlocking Bills)

Some consumer advocates, however, were not so pleased with Tuesday’s agreement. American Consumer Institute president Steve Pociask released a statement calling the $7 million fine a slap on the wrist for the search giant. He observed the Google had recently reached an antitrust settlement with the Federal Trade Commission that was also criticized for letting the search giant off too easily. As part of the Wi-Fi agreement, Google did not acknowledge violating any U.S. laws, and its compliance with the settlement is voluntary.

“Fresh off their FTC wrist slap, Google gets off easy once again with a paltry $7 million fine to over 30 states for collecting personal consumer information from unsecured Wi-Fi networks,” said Pociask. “With revenue of $100 million a day, the fine is just a drop in the bucket and not enough to deter bad behavior. Consumers are growing tired of seeing Google apologize time and time again, pay a small fine and make vague promises in settlements with one agency or another, only later to engage in the same behavior.”

John M. Simpson, director of Consumer Watchdog’s Privacy Project, mocked Google’s forthcoming Wi-Fi security public education campaign. “Asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop,” Simpson said in a statement. “The educational video will also drive consumers to the YouTube platform, where Google will just gather more data about them for its digital dossiers.”

“The $7 million penalty is pocket change for Google,” Simpson added. “It’s clear the Internet giant sees fines like this as just the cost of doing business and not a very big cost at that.”

17 comments
1neekehurley
1neekehurley

is it a true hacking if the gate is open and unattended? software is really affordable to keep intruders out!

iamsanju
iamsanju

what is the history of google car. who has hacked the data for data of  google car and from whom.

JackVand
JackVand

@iamsanju I don't think anything was hacked at all.  As near as I can tell Google just poked around in open networks.

JackVand
JackVand

The Computer Fraud and Abuse Act doesn't see the use of open wifi networks as necessarily legal.  One man I read about was fined for using the wifi at his local coffee shop without buying anything.  There have been other cases involving "unauthorized use of a computer system"  What did this 7 million dollar fine do for the consumer?  Most big companies are involved in data mining.  Your bank, any credit card company you use, any retail stores you use all sell your life story.  I'm kind of a no-dent, no-foul kind of guy.  Googles purpose is to sell ad space and make the ads as relevant as it can.  Look at the paperwork you sign to give your life story away when you open a checking account.

Am I hurt because Google knows I like Fords and gourmet coffee?  7 million made some lawyers happy.  This is much like the class action that I was a member of with Netflix.  Netflix stored my personal information longer than a year in violation of California law.  The members of the class got zero.  The lawyers were paid.  Did I care that Netflix had my info?

The Google car nailed my router when it went by.  It is a little creepy, but how am I hurt?  That I'm gonna see ads for Tully's coffee (awesome BTW) or new Fords?  That my "mom and pop" computer store buys a few Google ads that show up in my browsing?  Is your privacy enhanced?  Did it matter that your privacy was enhanced?  Am I damaged by the Google car?  I can't think of a way.

If I was damaged in some way, nobody gave me anything.  Who is happy?  Only the lawyers that sued Google.

kassidyempire
kassidyempire

@JackVand so, just to makensure in comprehened u right, what about us? Right?

JackVand
JackVand

@kassidyempire @JackVand  More like no dent, no foul.  I don't feel harmed by the Google van.  7 million is stupid.  Why don't we just pick a number out of the air?  Like $1.98.

awenshok
awenshok

Google's using the Army/Walmart defense -- "a rogue contractor did it..." and continues with statements like, "as soon as we realized the error, we moved to correct it...." and continues to become just another dangerous, get what WE want no matter what, corporate parasite.  Respecting your privacy, preventing unauthorized collection and use of personal information -- these concerns are on their priority list right after checking the employee bathrooms for fresh toilet paper and making sure all 11 varieties of tea bags are on hand in the canteen.  Hello Giant Predator -- Yes, Of Course We Trust You.  (You'll be eaten, anyway.)

auggg80
auggg80 like.author.displayName like.author.displayName 2 Like

@DeweySayenoff I have heard the analogy several times that using an open WiFi network is tantamount to entering an unlocked door or gate. In that sense, if your neighbor was actively "using" your network for internet access or worse, then this analogy is quite accurate. 

However, there is another side to this as well.  Your WiFi network is TRANSMITTING your data all over your neighborhood.  It does not require that any active "usage" taking place in order to receive it.  Consider the analogy of someone walking by your fenced-in yard.  The gate is closed, and they take a folder of confidential documents and dump them out of the folder, over the fence.  Now the documents are blowing around in your yard.  Does that individual now have any expectation of privacy for those documents?  I think most people would agree that the person's expectation of privacy ended when they dumped the documents over the fence.  In the same way, the expectation of privacy for owners of open WiFi systems ends when the transmission of data goes past their property and into someone else's property.

Until the laws are changed, it easy and LEGAL for your neighbor to passively view any information that you give to them.  They are not "using" your network, they are simply looking at the data which is unencrypted and actively transmitted in to their living room.  As long as your WiFi remains in an open state, you are actively giving away your data to anyone who wants to listen.


nchen
nchen like.author.displayName 1 Like

There are a lot of people on here on opposite sides, some against Google and some pro Google. I guess I can understand the arguments for both sides. In this case, I really can’t decide if I am pro Google or against Google’s actions. On one hand, if people do not put a password on their Wi-Fi, then anybody could have easily gained access to their Wi-Fi. If it was a person that did this, would it still be such a big deal? Probably not. Heck, the person wouldn’t even have known that their Wi-Fi was being used by somebody else. The world wouldn’t even have known that Google was accidently accessing their Wi-Fi if they hadn’t released that information in the first place. The only reason that this issue was blown way out of proportion is because this issue involved a huge company like Google.

But then again, the anti-Google side of me has a different set of thoughts about this issue. I personally do believe that Google accidently accessed the personal information through unsecured Wi-Fi. Google has never really crossed my mind as a company that would do something unethical, not to mention illegal. The company is constantly ranked as one of the top corporate citizens in the world. Despite this-even if was an accident- privacy laws are regarded very highly in the United States and gaining access to personal information such as medical records and emails seems a bit extreme. Stealing this kind of data- even if it was accidental- can cause many people to feel unhappy and uncomfortable. Just by this, Google should have paid more than $7 million. $7million is just such a small amount to spread over 38 states, especially for a company like Google that is worth BILLIONS and BILLIONS and more BILLIONS of dollars.  

But there is one thing that I am sure of. This article written by Sam Gustin seems overly biased and anti-Google. Many different editors have covered this Google story, but most of them do not seem as biased as this one. This specific journal really fosters the emotions in readers because of its strong bias.  

Mer
Mer like.author.displayName 1 Like

My family and I found an image of myself... Identifiable on Google earth. I remembered seeing the vehicle. We scanned the area in question and sure enough... It's me. No consent given. Plates blurred out but not me.... I am there quite visible. Creepy, creepy.

ZacPetit
ZacPetit

Hey Pociask, listen, I'm not comfortable with you sitting there not breaking the law, so if you would just send me $7 million, that would be swell.

Are you kidding me? If you want to stop companies from using open wifi connections, make it illegal to do so. Or make it illegal to HAVE an open wifi connection (it's terrible practice anyway!). Or both!

Don't sit there any whine about a company VOLUNTARILY paying millions of dollars for NOT committing a crime. Ridiculous.

ChrisUtley
ChrisUtley like.author.displayName 1 Like

Open WiFi networks should be viewed as public space. If the network is meant to be protected then security should be enabled. If people are upset that information was taken from their open network that they failed to secure then that is their own problem. With that said, Google should have been a little more careful in what data they were collecting. I won't fault them for trying to map out free WiFi, they just need to be mindful of what information they are collecting (no need for billions in fines like the article suggests). All in all, the people that had their information stolen should be glad it was Google and not someone more insidious.

DeweySayenoff
DeweySayenoff

@ChrisUtley So what you're saying is that if someone doesn't have the technical proficiency to secure their wifi network, it's okay to hijack it?  I suppose that if someone leaves the keys in their car, it's okay to steal it. And, no doubt, if someone leaves their house doors unlocked, it's okay to go inside and use their stuff.

 What kind of self-entitled brat are you?  Your momma sure didn't raise you very well to be thinking you deserve to use other people's stuff without their knowledge or consent.

You know, people still leave their keys in the car.  People still forget to lock their homes.  Using either for any reason without consent is still a crime.  And securing a wifi connection takes a hell of a lot more effort (relatively speaking) for someone who thinks "wifi" is just  a poorly pronounced version of HiFi (Look THAT one up, youngster!).  It's not using "public" electricity.  The wifi station owner pays for that. Hackers don't pay for the Internet connection.  Hell, hackers don't even pay for the equipment they're connecting to.  And you think just because you can sit in your car or the house next door and access it without having to guess passwords that it should be "public space"?

Seriously, it's called theft of resources and services.  And secure or not, connecting without explicit consent of the station owner is a felony. A sign saying "Free WiFi" is sufficient consent to legally connect to that service.  If you're sitting in your car or apartment connecting to someone else's wifi and they don't know it - and they catch you - the sentence can be 5 years and $250,000 per incident.

Think about THAT next time you steal from other people.

simbaji
simbaji like.author.displayName 1 Like

I don't understand why people are upset. Google didn't hack into people's accounts and networks. People need to understand that -anyone- can do what Google did, and learn how to use passwords and turn on the already-provided-for safety features on their wireless networks.

DeweySayenoff
DeweySayenoff

@simbaji What Google did was "war drive" - which IS illegal.  Maybe they didn't do it "knowingly", but for a tech company to have done it at all means someone set up all of their Google cars with the ability to tap into any wifi it found AND DOWNLOAD INFORMATION WITHOUT CONSENT!  It IS a crime to do that, guys. 

Worse, instead of ensuring the data was wiped and privacy was ensured, THEY KEPT IT!  

I guess if you didn't lock your house or car and they got used, robbed or stolen, you wouldn't mind.  After all, no one "broke and entered" (hacked).  ":Hacking" doesn't require passwords and shady characters eager to steal things.  It only takes establishing a connection and getting the information. 

And this HAD to have been done DELIBERATELY.  Computers do NOT do things they are not programmed to do.  Someone deliberately wrote the code needed to access, listen to, download and store data that didn't belong to them.  They wrote the software for their vehicles.  It was NOT an accident.  There was no reason to access an Internet connection.  Simply scanning and cataloging secure or un-secure wifi connections is sufficient to determine what's around you.  And that is perfectly legal.  Accessing them without consent isn't.

THAT is why people are upset.  Maybe YOU think it's okay to just use other people's stuff and steal their electricity, bandwidth allocations and time.  The law has other thoughts on the matter.

kassidyempire
kassidyempire

@DeweySayenoff @simbajin Dude calm down. Stop attacking everyone. We all have our opinions. So far I haven't heard anyone say that it was ok. People realize that its just a loop hole within a greyn area within an tradgedy. What im more concerned with, though, is if it wasn't an accident- then what did they need that random information for?@DeweySayenoff @simbaji