X

FTC asked to probe Street View privacy snafu

Two of Google's chief congressional critics are asking the Federal Trade Commission to look into whether the inadvertent collection of Street View Wi-Fi data violates the law.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read

Two of Google's chief congressional critics on Wednesday called on federal regulators to investigate whether the search company's inadvertent collection of Street View Wi-Fi data violates the law.

In a letter to Federal Trade Commission Chairman Jon Leibowitz, they prod the agency to evaluate whether accidental capture of brief snippets of Wi-Fi traffic is an "unfair or deceptive act" that has harmed consumers.

On Friday, Google acknowledged that its Street View cars had unintentionally intercepted fragments of data from unencrypted Wi-Fi networks for periods of 200 milliseconds at a time. Google's blog post said it was code that should not have ended up in the final product, and that it was contacting regulators and deleting the data.

A Google representative on Wednesday declined to discuss details of any conversations with the FTC, instead saying: "We are working with the relevant authorities to answer their questions and concerns."

An FTC representative did not immediately respond to a request for comment.

Google has posted a letter (PDF) from iSEC Partners, a San Francisco-based security-auditing firm, witnessing the physical destruction of four hard drives, with data from Street View cars from Ireland. The Irish Data Protection Authority had asked that those records be destroyed; the United Kingdom's government has made a similar request.

The letter to the FTC (PDF) was signed by Reps. Ed Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican.

Barton has assailed Google's purchase of DoubleClick on privacy grounds but supported efforts by the Bush administration to expand government surveillance.

Markey, on the other hand, has a history of attempting to regulate Internet companies' data collection practices, including proposing that Web sites delete information about visitors. He has also talked about introducing a broader privacy bill and grilled the now-defunct NebuAd company on privacy.

Background

Wi-Fi networks that aren't encrypted--that is, open wireless networks--are trivial for an eavesdropper to monitor. Some of the more popular packet-sniffing tools are even free.

But just because it's technically possible to capture packets on an open Wi-Fi connection doesn't mean it's legally permitted.

A federal law called the Electronic Communications Privacy Act says anyone who "intentionally intercepts" any electronic communication, including a wireless communication, is guilty of a crime. But accidental or inadvertent interception doesn't count.

Google says the interception was accidental, not intentional (the Street View product specification presumably doesn't include it).

Federal and state regulators, however, could take a dim view of even accidental interception. California law prohibits "deceptive" business practices, which closely mirrors the charge of the FTC, which has the power to file a civil lawsuit asking for a fine, if it views an infraction to be sufficiently serious.

A California-based advocacy group, Consumer Watchdog, has also asked the FTC to investigate (PDF).

Disclosure: Declan McCullagh is married to a Google employee not involved with Street View.