FCC Google StreetView report shocks "duped" EU regulators

Investigations may be re-opened or widened

European data protection regulators may widen ongoing Google StreetView investigations in light of the US report which revealed that several Google engineers knew of plans to collect ‘payload’ data back in 2007.

The detail in the US Federal Communications Commission’s report published by the New York Times (NYT) that appears to have shocked EU data protection authorities was:

“As early as 2007 and 2008 ... Street View team member (sic) had wide access to Engineer Doe’s Wi-Fi data collection design document and code, which revealed his plan to collect payload data”, which several nation's investigations found included emails, passwords and other personal data.

Privacy regulators in Britain, Germany and France confirmed the new information revealed in the report, which Google released, may change the course of investigations, NYT reported Wednesday.

Dutch Data Protection Authority commissioner Jacob Kohnstamm told NYT “this is a bloody shame”.

Johannes Caspar, Hamburg’s data protection commissioner who initiated the first investigation into Google's war driving, suggested in a statement to NYT that Google had deceived it during its investigations in 2010.

“We had been told that it was a simple mistake, as the company had told us. But now, we are learning that this wasn’t a mistake and that people within the company knew this information was being collected,” said Caspar.

A spokesperson for Hamburg’s data protection authority later clarified to Ars Technica that it was not so much “deceived” as “duped” by Google.

Page 11 of the FCC’s 25 page report also shows Engineer Doe had raised privacy as a potential issue since it was known the program being used would collect email data, but he concluded that the short duration of that collection period made it “not a significant concern”.

Earlier this week NYT revealed the identity of “Engineer Doe”, the developer of the payload collecting program gstumbler, gslite and later Kismet (PDF), as Google engineer Marius Milner.

Milner created a similarly-named Windows ‘war driving’ tool in the early 2000s called NetStumbler, Wired reported.

A Google spokesperson said it disagrees with some parts of the FCC’s report but agreed with the commission’s finding that it did not break the law. The FCC however issued a small fine of US$25,000 to Google for obstructing its investigations.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.