Google Finally Settles Lawsuit Over Decade-Old WiFi Snooping Accusations
from the that-took-some-time dept
So if you’ve been around these parts for a while, you might remember a big stink back in 2006 or so when Google’s Street View vehicles were found to have been hoovering up data collected via WiFi. The collection came while the company was collecting Street View data via its army of specially-configured vehicles, and included pretty much any and all unencrypted data traveling over those networks, including telephone numbers, URLs, passwords, e-mail, or video streams. The goal was purportedly to ensure better geographical positioning data, but the data collected went well beyond what was needed for that goal.
Initially, Google claimed that the data collection was accidental, something supported by engineering analysis at the time. Here’s what Google said in 2010 about the issue:
“So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software?although the project leaders did not want, and had no intention of using, payload data.”
In 2012 however, an FCC document detailed how a Google engineer had created a system that collected this data intentionally, but had downplayed the privacy risk because Google Street View vehicles would not be “in proximity to any given user for an extended period of time,” and “[n]one of the data gathered … [would] be presented to end users of [Google’s] services in raw form.” And while the engineer was probably right that not much useful data was collected, doing so at all was admittedly not a bright idea, and the “mistake” wound up being an intentional, poor engineering choice signed off on by project managers.
Admittedly the real-world risk of the entire scandal was violently over-hyped. The moving vehicles only had access to hotspots as vehicles passed for a few seconds, frequent channel hopping reduced data collection further, and again, the entire effort only collected data from hotspots that didn’t use encryption Still, it was a dumb decision any way you slice it.
Fast forward thirteen years after the data collection occurred, and Google has finally put the entire scandal to bed, at least here in the States. The company will wind up paying $13 million to settle a 2010 lawsuit over this data collection. Because the data is so fragmented, it’s hard to actually identify whose data was collected during that period; so the payout will largely go to lawyers and a handful of privacy activism organizations:
“Lawyers for the plaintiffs said it would be difficult to identify masses of affected people, a decade later, from the random snippets of data that the company collected when its vehicles drove by their homes.
Instead, what?s left of the $13 million — after administrative costs and the lawyers who brought the lawsuit get a commission of as much as 25% — will be distributed to a handful of consumer privacy advocacy groups, according to a court filing detailing the terms of the deal.”
While this scandal may have been over-hyped, it still managed to highlight how non-transparent privacy practices are, how companies have few reservations when it comes to misrepresenting what actually happened, and how long it takes to actually achieve anything even vaguely resembling accountability. Of course in the decade-plus since this scandal began, it has become abundantly clear that this sort of casual disregard for user privacy was always more of a feature than a bug, and we’re still not doing a very good job coming up with a meaningful model for doing much of anything about it outside of hand-wringing and hysteria.