How Will FCC’s Google Street View Fine Shape Data Privacy Rules?

When Google launched its ambitious Street View project in 2007, its vehicles wound up capturing more than images. They also collected personal information from some Wi-Fi networks. Ray Suarez, George Washington University’s Jeffrey Rosen and Punch Media’s David Bennahum discuss the FCC’s case, Google’s response and data privacy.

Read the Full Transcript


    And to two stories about Internet privacy.

  • First:

    the latest on a government investigation of Google's collection of personal data that started with taking pictures and ended up gathering a lot more.

    Google's Street View, launched in 2007, was part of the company's ambitious plan to photograph and map the entire world right down to street level. But it turned out that Street View vehicles were collecting more than just visual images. Their antennas also picked up personal information from local Wi-Fi networks, including Internet usage history and passwords.

    In May 2010, Google publicly acknowledged it had done so, but insisted that any such data collection was accidental. The Federal Communications Commission began investigating. And, on Friday, it fined the company $25,000, the maximum penalty available, for obstructing the investigation.

    In its report, the FCC said, "Although a world leader in digital search capability, Google took the position that searching its employees' e-mail would be a time-consuming and burdensome task." The FCC found Google did indeed collect personal data, but it cleared the company of charges that it had acted illegally.

    The search engine giant challenged the finding that it failed to cooperate. Instead, it issued a statement that said, "We provided all the materials the regulators felt they needed." European regulators have also investigated the company for similar reasons. Last year, the French government fined Google about $140,000.

  • MAN:

    You're now exploring a neighborhood in our full-screen mode.


    In the meantime, those who would rather not see their homes on Street View do have an alternative. The company provides users the option of graying out images to meet privacy concerns.

    The FCC report generated plenty of questions over the past 48 hours about what Google did.

    We ask some of those now with two people watching this case, Jeffrey Rosen, a professor of law at the George Washington University and legal affairs editor for The New Republic, and David Bennahum, the chief executive of Punch Media, a news and entertainment network for iPads.

    David Bennahum, you have been part of this world, watching this world closely for a very long time. Can you set out to photograph houses and streets and inadvertently collect data from wireless networks?

  • DAVID BENNAHUM, CEO, Punch Media:

    I think you can in the sense that if you go out with a research project in mind that may initially seem harmless and you start collecting information to study it, to analyze it, perhaps without the intent to do harm, then, of course, you start collecting it, at which point in the court of public opinion does it become questionable that that was good behavior or not?

    And I think part of the problem right now is we live in an environment where it's incredibly easy to collect this sort of information. And the rules about it are actually fairly gray. And it puts companies in a particular predicament where they may have some good-faith reasons to want to analyze information, study information, but the rules of the road are sufficiently unclear, that it turns out they have committed a grave error.

    And I think in the case of Google, it's very much the seeming cover-up around this that is as much of the problem as anything else. And that lack of clarity as to their motives and that lack of transparency is as much of a problem as the act of collecting itself. And so I think it's muddied the water here a little bit where it's not merely a question of like what were they doing factually of wanting to collect this data, but also why can't they be honest about it and transparent about it?

    Because clearly there had to be a reason. And it probably wasn't a nefarious reason, one can assume. So, like, what was the reason? Can't we find out why?


    Professor, is David right? Are the rules of the road unclear here?

    JEFFREY ROSEN, law professor, George Washington University: They are unclear, but perhaps not so unclear as all that.

    After all, a federal district judge in California found unequivocally that Google Street View did violate federal wiretapping laws. That decision is on appeal to the Ninth Circuit Court of Appeals. The basic question is, do you make your data accessible to the general public when I send something in my home to my wife over my computer to hers and it's not encrypted?

    And, frankly, I don't think it's intuitively obvious. It doesn't make sense that I'm making it accessible to the general public. It's not like a car pulling up outside my house and just using my Wi-Fi. I think there's a strong case that this is illegal under existing law. Certainly, if it's not, it should be. And the fact that the FCC chose not to investigate shouldn't seen as a clean bill of health for Google, because every other European regulator that has looked into this question has found unequivocal violations.


    David Bennahum, consumers didn't consent to give this information to Google, did they?


    No, of course they didn't consent.

    I think the point is well taken that the letter of the law may be that this is a violation of privacy and so forth. The problem, of course, is we live in a world today where the software we purchase, the hardware we purchase isn't particularly regulated to ensure our privacy is protected. It's all too easy to snoop, essentially.

    And what do you do in an environment that that's tempting, that inviting? Obviously, there's self-regulation, but I think, beyond that, there needs to be better regulation of the actual infrastructure that we consume and use. So, when I buy a wireless router to install in my house, what are the rules around the way that thing is configured?

    Should it be preconfigured a certain way by the manufacturer? There are no rules about that. So it's obvious that a person who doesn't have a lot of technical sophistication may not realize their home network is unsecure. There's a lot to be done here. And there's this increasing gap between what the regulations are trying to do and what the technology can do.

    And I think that creates this massive gray area where it's simply too easy to collect this kind of information and therefore so tempting.


    Professor Rosen, Google was fined $25,000.

    And in the context of a huge corporation, that seems like little more than a rounding error. Is that a serious fine?


    A slap on the wrist. Within the scope of the FCC's options, it was on the higher side. But the numbers may be about to get much bigger. Europe has just proposed a new data privacy regulation, including a new right, the right to be forgotten, that would allow me to demand the deletion of any data held by Google.

    And if Google doesn't accede to the request, it's libel for up to 2 percent of its $30 billion annual income. Now we're talking about serious money. And that might get Google's attention.


    Over the whole history of this case, the Europeans have been tougher than the Americans, haven't they?


    They have.

    And Google takes data privacy in the private sector much more seriously. The European investigations found these were serious violations. These are emails of people who were having affairs, talking about their sexual orientation, Web browsing, very, very invasive.

    And, unlike Europe, we have adopted the position that, if I surrender data to Google for one purpose, I abandon all expectation of privacy for it in all purposes. This is called the third-party doctrine. The Supreme Court, Justice Sonia Sotomayor, in a case involving GP8 tracking, just said that doctrine has to be considered.

    And it's true that unless it's reconsidered we're vulnerable regardless of what happens with Google Street View, because Google can get my geolocational information just by looking at my Android smartphone. It doesn't have to spy outside my house.

    So, more broadly, America is going to have to ask itself how it can protect privacy and take it as seriously as the Europeans are, or we're about to see a massive clash between European and American notions of privacy and free speech.


    David Bennahum, let's back up a step. You have just launched a site. What would you want to know? Why would they want to collect this information, and what's valuable about it?


    I — it's a lot of conjecture as to what their motive was.

    But one can look at the map that they're creating, the geographic map. And then by detecting Wi-Fi networks along the street, they're beginning to create meta-data, another layer of data around the geographic information, which is essentially the availability of wireless Internet across communities in America.

    That could be very interesting in terms of understanding the density of networks in a particular region. Beyond that, if they're detecting the network identification of each of these wireless networks, they could potentially cross-reference it with some of their logging on the search engine side, the searches people are doing on the Web, and then begin to get another layer of data about really who these people are, where they live.

    That could help them optimize, more efficiently sort of crosscheck that their predictive analysis as to you are actually here is accurate, because they can crosscheck it with something they collected from real data on the street. Those might have been the motivations to do it, pure R&D. But the way they handled it, of course, is a tremendous problem.


    Jeffrey Rosen, this story appears not to be over with this report and this fine.


    No, certainly not.

    The Justice Department will decide whether to investigate. The Ninth Circuit and perhaps eventually the Supreme Court will decide. And basically this fundamental question, do the wiretapping laws as current written allow for the seizure of unencrypted data is one of the most important Internet privacy questions of the age.

    If for some reason the courts disagree with the lower court and say that it's not protected, Congress may well get into the act. It's right now considering revising wiretapping laws. And the bottom line is, it doesn't make sense that this data is not protected. If this is not private, what is, essentially?


    So the law is still playing catchup in this world?


    Well, the law always play catchup, but there's a strong case. I don't want to understate the strong possibility that Google did violate existing laws. The FCC might just not have had the votes to bring an enforcement action right now.

    But that doesn't mean the Justice Department won't and that the federal appellate courts won't continue to find that this was illegal, as well as a cover-up.


    Professor Rosen, David Bennahum, thank you both.


    Thank you.


    Thank you, Ray.


    Do you have images you don't want others to see on Google Street View? Hari offers step-by-step instructions online for removing them.