Google’s snooping of wireless networks via its Street View cars — behavior that triggered an FCC investigation as well as multiple lawsuits — is back in the news, with a report on Tuesday from the New York Times that identifies the engineer behind the project. But while there has been much public outrage about what Google did, it’s interesting to note that even the FCC said the company’s data capturing wasn’t illegal, since the networks in question were effectively public (the FTC also dropped a similar case). Is this a sign of how broken the laws around privacy are, or is the Street View furor an overreaction?
The latest information about the case comes from internal Google documents that were given to the FCC as part of its investigation — documents that show the capturing of data other than just a Wi-Fi network’s location, which Google engineers referred to as “payload data,” was in fact deliberate and fairly widely known. This contrasts with the company’s official response after the snooping was first discovered, in which Google described it as something that occurred accidentally while the Street View cars were driving around taking photos, the result of a single engineer’s side project.
If digital snooping is a crime, why did Google go free?
Privacy advocate Chris Soghoian says the FCC should be hauled before a Congressional committee for failing to reveal this information sooner, and some commenters on Twitter and elsewhere have suggested Google should be fined millions of dollars for what it did. Some are even declaring the engineer involved, who invoked the Fifth Amendment during the FCC investigation and refused to testify, should be sent to prison for his involvement in the project. Said Soghoian:
[N]othing prevented the agency from alerting the public, the media, and Congress to the full extent of Google’s sins. Instead, the agency opted to keep the public in the dark.
But if the behavior was so sinful, why did the FCC decide Google did nothing wrong? According to the federal regulator, capturing data in such a way doesn’t break any laws, because the Wi-Fi networks in question were broadcasting that information publicly over the airwaves. In a defense of Google’s behavior, technology blogger Mike Elgan argued something similar: Since the data was being transmitted in an unencrypted fashion into a public space, Google did nothing wrong by capturing it. This is no different from eavesdropping on conversations in any public space, Elgan says, or looking over someone’s shoulder at what they are reading.
Most of the response to Google’s snooping, however, takes the exact opposite position: namely, that the company invaded people’s privacy by doing this and that even taking snapshots of the data that exists on a Wi-Fi network while driving by someone’s house is like reading their mail.
Reading someone’s mail is an interesting analogy, because of course Google already does that and has been doing it since the company launched its Web-based Gmail service in 2004. Just as there is now about Wi-Fi payloads and other kinds of automated “snooping,” there was a substantial outcry about Gmail when it first appeared and the idea that Google was going to be reading every message people sent, even in an automated way (even Google executive Marissa Mayer was apparently concerned about this issue). Now the idea that anyone would be upset by this seems almost quaint and old-fashioned.
What is private, and how private should it be?
Much of the debate about Google’s Wi-Fi sniffing veers back and forth between different perceptions of what is appropriate behavior and what isn’t. In a number of European countries such as Germany, even taking photos of someone’s home without their permission is hugely controversial, so it’s no surprise that capturing their emails and chat messages (even if no one other than government regulators and lawyers ever read them) is seen as a heinous invasion of privacy. But in the U.S., taking photos and even recordings in public places is totally legal.
As my colleague Stacey Higginbotham pointed out recently, it is difficult to find exactly where the “creepy” line is until you cross it. But what makes it even harder is that the line shifts depending on whom you are asking: There was a huge amount of outrage about the Girls Around Me app because it showed where women were located, even though they chose to share that information publicly. Kashmir Hill, who writes about privacy for Forbes, said the reaction from many critics was creepier than the app and that many young women choose deliberately to share this kind of information. As Hill put it:
We increasingly live in a ‘creepy’ world, in which we can find and manipulate information in unforeseeable ways. These new information flows sometimes feel ‘creepy’ because they’re new, unfamiliar, and to some people, unexpected.
The other common response to the Google Wi-Fi case is to argue that many users aren’t aware of the fact that information from their wireless network is effectively being broadcast publicly unless they choose to lock their network down. But how far should we go in protecting people from the consequences of their own behavior? If Google captures some data from your network while driving past your house, is that Google’s fault or yours? If you can’t figure out how curtains work and so someone looks in your window, do you have the right to get angry at the person looking?
This problem is only getting harder, as the devices we carry with us everywhere are broadcasting details about our location and all kinds of other “digital exhaust” that could be (and probably is being) captured. Some of that is done deliberately and some of it isn’t. And some of it is likely leaking out because users can’t be bothered to learn about or check their default settings or privacy controls. Is it even possible to hold the companies involved responsible for this, and if so, should we?