8 Comments

Summary:

While there has been much outrage about Google “snooping” user data over Wi-Fi, even the FCC says this behavior wasn’t illegal, since the networks in question were public. Is this a sign that the laws around privacy are broken, or is the Streetview furor an overreaction?

3505349701_af34ebecdd_z

Google’s snooping of wireless networks via its Street View cars — behavior that triggered an FCC investigation as well as multiple lawsuits — is back in the news, with a report on Tuesday from the New York Times that identifies the engineer behind the project. But while there has been much public outrage about what Google did, it’s interesting to note that even the FCC said the company’s data capturing wasn’t illegal, since the networks in question were effectively public (the FTC also dropped a similar case). Is this a sign of how broken the laws around privacy are, or is the Street View furor an overreaction?

The latest information about the case comes from internal Google documents that were given to the FCC as part of its investigation — documents that show the capturing of data other than just a Wi-Fi network’s location, which Google engineers referred to as “payload data,” was in fact deliberate and fairly widely known. This contrasts with the company’s official response after the snooping was first discovered, in which Google described it as something that occurred accidentally while the Street View cars were driving around taking photos, the result of a single engineer’s side project.

If digital snooping is a crime, why did Google go free?

Privacy advocate Chris Soghoian says the FCC should be hauled before a Congressional committee for failing to reveal this information sooner, and some commenters on Twitter and elsewhere have suggested Google should be fined millions of dollars for what it did. Some are even declaring the engineer involved, who invoked the Fifth Amendment during the FCC investigation and refused to testify, should be sent to prison for his involvement in the project. Said Soghoian:

[N]othing prevented the agency from alerting the public, the media, and Congress to the full extent of Google’s sins. Instead, the agency opted to keep the public in the dark.

But if the behavior was so sinful, why did the FCC decide Google did nothing wrong? According to the federal regulator, capturing data in such a way doesn’t break any laws, because the Wi-Fi networks in question were broadcasting that information publicly over the airwaves. In a defense of Google’s behavior, technology blogger Mike Elgan argued something similar: Since the data was being transmitted in an unencrypted fashion into a public space, Google did nothing wrong by capturing it. This is no different from eavesdropping on conversations in any public space, Elgan says, or looking over someone’s shoulder at what they are reading.

Most of the response to Google’s snooping, however, takes the exact opposite position: namely, that the company invaded people’s privacy by doing this and that even taking snapshots of the data that exists on a Wi-Fi network while driving by someone’s house is like reading their mail.

Reading someone’s mail is an interesting analogy, because of course Google already does that and has been doing it since the company launched its Web-based Gmail service in 2004. Just as there is now about Wi-Fi payloads and other kinds of automated “snooping,” there was a substantial outcry about Gmail when it first appeared and the idea that Google was going to be reading every message people sent, even in an automated way (even Google executive Marissa Mayer was apparently concerned about this issue). Now the idea that anyone would be upset by this seems almost quaint and old-fashioned.

What is private, and how private should it be?

Much of the debate about Google’s Wi-Fi sniffing veers back and forth between different perceptions of what is appropriate behavior and what isn’t. In a number of European countries such as Germany, even taking photos of someone’s home without their permission is hugely controversial, so it’s no surprise that capturing their emails and chat messages (even if no one other than government regulators and lawyers ever read them) is seen as a heinous invasion of privacy. But in the U.S., taking photos and even recordings in public places is totally legal.

As my colleague Stacey Higginbotham pointed out recently, it is difficult to find exactly where the “creepy” line is until you cross it. But what makes it even harder is that the line shifts depending on whom you are asking: There was a huge amount of outrage about the Girls Around Me app because it showed where women were located, even though they chose to share that information publicly. Kashmir Hill, who writes about privacy for Forbes, said the reaction from many critics was creepier than the app and that many young women choose deliberately to share this kind of information. As Hill put it:

We increasingly live in a ‘creepy’ world, in which we can find and manipulate information in unforeseeable ways. These new information flows sometimes feel ‘creepy’ because they’re new, unfamiliar, and to some people, unexpected.

The other common response to the Google Wi-Fi case is to argue that many users aren’t aware of the fact that information from their wireless network is effectively being broadcast publicly unless they choose to lock their network down. But how far should we go in protecting people from the consequences of their own behavior? If Google captures some data from your network while driving past your house, is that Google’s fault or yours? If you can’t figure out how curtains work and so someone looks in your window, do you have the right to get angry at the person looking?

This problem is only getting harder, as the devices we carry with us everywhere are broadcasting details about our location and all kinds of other “digital exhaust” that could be (and probably is being) captured. Some of that is done deliberately and some of it isn’t. And some of it is likely leaking out because users can’t be bothered to learn about or check their default settings or privacy controls. Is it even possible to hold the companies involved responsible for this, and if so, should we?

Post and thumbnail images courtesy of Flickr users Lili Vieira de Carvalho and Alan Cleaver

  1. supersetgreg Tuesday, May 1, 2012

    If something is illegal, why call it creepy?

    Share
    1. That’s the whole point of the post, Greg — what Google did hasn’t been found to be illegal, at least not yet.

      Share
    2. stuporsetgreg axed: “If something is illegal …”
      Don’t worry about it Greg, just enjoy your stupor.

      Share
  2. I’ll tell you what’s creepy for women: Girls Around Me.

    Share
  3. If broadcasts into public space are fair game for snooping, whence any gripe about cell phone tapping? (Whence any gripe about vocal conversations outside one’s house?)

    Share
  4. I don’t think there is any issue with them processing or viewing the contents of the open WiFi information. I think their analogy of it being like a radio station broadcasting its transmission to all who can receive.

    I think probably the most gray area in this case was when they recorded the data. But if you draw analogies to recording a video from the TV or even a tape from the radio it seems this would be a protected case. So then I get to the question of fair use of the information which is where they would definitely run into issues. So I think it is correct to arrive at the conclusion that this isn’t illegal, but I also think that someone whose information recorded could sue them and perhaps be successful in court. This seems like a good case for a consumer watchdog group to litigate.

    The first few times I read about this case I didn’t find it creepy. But, after reviewing further evidence of what they actually did with the information I would say it is creepy. That they were consuming the data as internet traffic bothers me. If they had used it on its wifi merits to triangulate location and record raw network information I would be OK with that, but I do find it creepy they would process this information for its contents. That said I fully expect that our ISPs are already using this data for whatever they would like now, so I’m not surprised that people are using our internet traffic in this way.

    Share
    1. I have to agree. At the moment, the distinction in my mind is what they do with it. If they are driving down the road and pass through the ephemeral digital exhaust, but it’s not recorded in any way, that’s one thing. But if they are taking the exhaust, analyzing it, repackaging it and doing whatever godwaful dystopian thing with it, that’s something else entirely.

      It’s one thing to let someone eavesdrop on your public conversation at a bus stop because you don’t figure they have much interest in the first place, and even if they did, they’re strangers who you are likely never going to see again. But if they took what they overheard and went home and started Googling and trying to find who you were and prying into your life and maybe started cyberstalking you (or in Google’s case, shoving ads down your throat), you’d be none too happy about it. You’d be rightly creeped out. Well, in this case, Google comes across as the creepy dude who would do something like that.

      So yes, when it comes to privacy, there are always new creepiness lines to be discovered, which makes creating privacy law so difficult.

      Share
  5. One simple thing to do is what Belkin has apparently done – a couple of years ago when I installed a Belkin wireless router it defaulted to unsecured – I had to take steps to make it secure that are probably not trivial for the average user. But when I recently helped a relative install a new model of Belkin router, it defaulted to secured. People will take the easy way and go with the default – good for Belkin for making them “opt out” of securing their network if they know how, and really want to!

    Share

Comments have been disabled for this post