Google, Wi-Fi Snooping, and the Ever-Shifting 'Creepy' LineMathew Ingram
Google’s snooping into wireless network data via its Street View cars—behavior that triggered a Federal Communications Commission investigation, as well as multiple lawsuits—is back in the news via a report on Tuesday from the New York Times that identifies the engineer behind the project. But while there has been much public outrage about what Google did, it’s interesting to note that even the FCC said the company’s data capturing wasn’t illegal because the networks in question were effectively public. (The Federal Trade Commission also dropped a similar case.) Is this a sign of how broken the laws around privacy are, or is the Street View furor an overreaction?
The latest information about the case comes from internal Google documents that were given to the FCC as part of its investigation—documents showing that the capture of data other than a Wi-Fi network’s location (which Google engineers referred to as “payload data”) was in fact deliberate and fairly widely known within the company. This contrasts with Google’s official response after the snooping was first discovered, in which the company described it as something that occurred accidentally while Street View cars were driving around taking photos, the result of a single engineer’s side project.
Privacy advocate Chris Soghoian says the FCC should be hauled before a Congressional committee for having failed to reveal this information sooner. Some commenters on Twitter and elsewhere have suggested Google should be fined millions of dollars for what it did. Some are even declaring that the engineer in question—who invoked the Fifth Amendment in refusing to testify during the FCC investigation—should be sent to prison for his involvement in the project. Said Soghoian: “[N]othing prevented the agency from alerting the public, the media, and Congress to the full extent of Google’s sins. Instead, the agency opted to keep the public in the dark.”
But if the behavior was so sinful, why did the FCC decide Google did nothing wrong? According to the federal regulator, capturing data in such a way doesn’t break any laws because the Wi-Fi networks in question were broadcasting the information publicly over the airwaves. In a defense of Google’s behavior, technology blogger Mike Elgan argued something similar: Since the data was being transmitted in an unencrypted fashion into a public space, Google did nothing wrong in capturing it. This is no different from eavesdropping on conversations in a public space or looking over someone’s shoulder at what they are reading, Elgan says,
Most of the response to the snooping, however, takes the opposite position—namely, that Google invaded people’s privacy by doing this and that even taking snapshots of data that exists on a Wi-Fi network while driving by someone’s house is like reading their mail.
Reading someone’s mail is an interesting analogy because of course, Google already does that. It has been doing it since the company launched its Web-based Gmail service in 2004. Just as there is now a fuss about Wi-Fi payloads and other kinds of automated “snooping,” there was initially a substantial outcry about Gmail and the idea that Google was going to be reading every message people sent, albeit in an automated way. (Google executive Marissa Mayer was reportedly concerned about this issue.) The idea that anyone would be upset by this now seems almost quaint and old-fashioned.
Much of the debate about Google’s Wi-Fi sniffing veers back and forth between different perceptions of what is appropriate behavior and what isn’t. In a number of European countries such as Germany, even taking photos of someone’s home without their permission is hugely controversial, so it’s no surprise that capturing e-mails and chat messages (even if no one other than government regulators and lawyers ever read them) is seen as a heinous invasion of privacy. But in the U.S., taking photos and even recordings in public places is legal.
As my colleague Stacey Higginbotham pointed out recently, it is difficult to find exactly where the “creepy” line is until you cross it. But what makes it even harder is that the line shifts, depending on whom you are asking: There was a huge amount of outrage about the Girls Around Me app because it showed where women were located, even though they had chosen to share that information publicly. Kashmir Hill, who writes about privacy for Forbes, said the reaction from many critics was creepier than the app and that many young women choose deliberately to share this kind of information.
As Hill put it: “We increasingly live in a ‘creepy’ world, in which we can find and manipulate information in unforeseeable ways. These new information flows sometimes feel ‘creepy’ because they’re new, unfamiliar, and to some people, unexpected.”
The other common response to the Google Wi-Fi case is to argue that many users aren’t aware that information from their wireless networks is effectively being broadcast publicly unless they choose to lock their network. But how far should we go in protecting people from the consequences of their own behavior? If Google captures data from your network while driving past your house, is that Google’s fault or yours? If you can’t figure out how curtains work and someone looks in your window, do you have the right to get angry?
The devices we carry with us everywhere broadcast details about our locations, as well as all kinds of “digital exhaust” that could be (and probably is being) captured. Some of that is done deliberately and some isn’t. Some of it is likely leaking because users can’t be bothered to learn about or check their default settings or privacy controls. Is it even possible to hold the companies involved responsible for this—and if so, should we?
Also from GigaOM:
Google Doesn’t Like Walled Gardens—Except Its Own (subscription required)