Seven million dollars.
That’s how much Internet giant Google will pay to settle a multi-year investigation into its controversial “Wi-Spy” data collection practices. The furor erupted in 2010 when Google disclosed that it had collected Wi-Fi data from unsecured wireless networks as its “Street View” vehicles crawled major cities worldwide, photographing buildings for a ground-level view on Google Maps. On Tuesday, Google agreed to pay $7 million to 38 states and the District of Columbia to settle the matter. To put that in perspective, Google generated revenue of about $50 billion last year, or nearly $6 million per hour.
Big Internet companies like Google and Facebook frequently push the boundaries of user privacy. But the “Wi-Spy” case was particularly alarming to consumer advocates, because it raised the specter of Google’s “Street View” cars — which had already raised privacy concerns — roaming around major cities vacuuming up personal data, including snippets of browser activity, email traffic, and even medical and financial records, from the Wi-Fi networks of unsuspecting users. Although Google insisted that it never used any of the data in its products, the episode struck many as creepy — and inspired many consumers to encrypt their Wi-Fi networks.
“While the $7 million is significant, the importance of this agreement goes beyond financial terms,” Connecticut Attorney General George Jepsen, who led the multi-state probe, said in a statement. “Consumers have a reasonable expectation of privacy. This agreement recognizes those rights and ensures that Google will not use similar tactics in the future to collect personal information without permission from unsuspecting consumers.”
Tuesday’s agreement also requires Google to launch an employee education program about user data privacy, as well as to sponsor a nationwide public service campaign to help educate consumers about securing their wireless networks and protecting personal information. The company must also continue to secure, and eventually destroy, the Wi-Fi data collected by its Street View vehicles, according to the settlement. Google’s public service campaign will begin later this year and will include online YouTube videos as well as half-page ads in national and state newspapers.
In 2010, Google acknowledged that its Street View Wi-Fi collection was a mistake. “We screwed up, and I’m not making excuses about it,” Google co-founder Sergey Brin said at the time. “We do have a lot of internal controls in place, but obviously they didn’t prevent this error from occurring.”
So how did it happen? Google said that along with photographs, its Street View cars were originally intended to collect data like the Wi-Fi network name and router address, as the cars passed homes and businesses. According to Google, this data would be used to improve the company’s location-based services like Google Maps, which uses cell towers and Wi-Fi access points to help users identify their location on mobile devices.
But it turned out that Google went much further than that, vacuuming up snippets of browser history and email data. The company explained that when the Street View program launched, the team inadvertently included code in their software that “sampled all categories of publicly broadcast WiFi data,” even though the project leaders did not want the more comprehensive data. As soon as Google discovered the practice, it grounded the Street View cars and separated and secured the data on its network.
Law enforcement officials and privacy advocates were outraged, and for nearly three years, Google has been working with the authorities on a settlement. “We work hard to get privacy right at Google,” the company said in an emailed statement. “But in this case we didn’t, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn’t use it or even look at it. We’re pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorneys general to reach this agreement.”
Some consumer advocates, however, were not so pleased with Tuesday’s agreement. American Consumer Institute president Steve Pociask released a statement calling the $7 million fine a slap on the wrist for the search giant. He observed the Google had recently reached an antitrust settlement with the Federal Trade Commission that was also criticized for letting the search giant off too easily. As part of the Wi-Fi agreement, Google did not acknowledge violating any U.S. laws, and its compliance with the settlement is voluntary.
“Fresh off their FTC wrist slap, Google gets off easy once again with a paltry $7 million fine to over 30 states for collecting personal consumer information from unsecured Wi-Fi networks,” said Pociask. “With revenue of $100 million a day, the fine is just a drop in the bucket and not enough to deter bad behavior. Consumers are growing tired of seeing Google apologize time and time again, pay a small fine and make vague promises in settlements with one agency or another, only later to engage in the same behavior.”
John M. Simpson, director of Consumer Watchdog’s Privacy Project, mocked Google’s forthcoming Wi-Fi security public education campaign. “Asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop,” Simpson said in a statement. “The educational video will also drive consumers to the YouTube platform, where Google will just gather more data about them for its digital dossiers.”
“The $7 million penalty is pocket change for Google,” Simpson added. “It’s clear the Internet giant sees fines like this as just the cost of doing business and not a very big cost at that.”