Tuesday, May 29, 2012

Uncertain Scrutiny in Google WiFi Spying Investigations

In the wake of the release of an FCC report concluding a seventeen month investigation of alleged spying conducted by Google on unsecured wireless networks nationwide, the company may face additional scrutiny from Britain’s Information Commissioner’s Office (ICO), which originally investigated and came to an agreement with Google in 2010.

Between 2007 and 2010 Google used its street view car to collect 600 Gigabytes of payload data along with the street-level images that the car is intended to generate.  This data included e-mail correspondence, text messages, passwords, and web histories.  Despite this, the ICO concluded that the data was free of any “meaningful personal details,” and took no official action, though Google did agree to allow the ICO to audit its privacy practices in the future.

One such audit was published last August and will be reviewed sometime this year to make sure their recommendations are being followed.  The results may affect the ICO’s decision on whether to take further action, which is an open question considering that around the time of that audit, the Information Commissioner decided that contrary to the absence of actual charges, Google had in fact broken the law.  The ICO’s inaction and handling of the investigation have also faced some criticism in British Parliament, so there may be some pressure to act more aggressively now that the FCC report has the ICO reconsidering the case.

The FCC has not, however, stated that Google is to face prosecution or even that it broke the law.  Google has maintained that while the wireless information gathering did indeed occur, it was attributable to one engineer who wrote the relevant code and installed it in street view cars, but did so without the knowledge or consent of the street view team or the company at large.  The FCC report casts doubt on this claim, finding that other engineers reviewed and modified the code, and several more installed it in cars and extracted the data it collected.  One senior manager of the street view project was purportedly informed of the intention to collect payload data.

Yet no litigation is forthcoming in the United States, presumably because the FCC report also points out that even if Google was aware of the data collection, and even if they had ordered it, harvesting masses of data from unsecured networks may not be illegal at all, as per the Wiretap Act, which grants that anyone may access any communication that’s configured so as to be publicly accessible.  Consequently, the only definite trouble faced by Google with the FCC has been a very modest fine of 25,000 dollars for impeding the investigation by failing to respond to repeated requests for information.

That in itself casts some measure of suspicion on Google, even if it doesn’t present any further legal problems.  Their claim that they never intended to use the payload data is automatically suspect in light of the fact that Google seems eager to collect all manner of personal data in other contexts, and to use it to target advertisements and content more effectively and more manipulatively.

I stopped using Google as a search engine and news aggregator when I discovered the extent to which content was modified from one user to the next, even in web searches for quite basic terms.  Google evidently uses fifty-seven different factors, including your location, operating system, and browser, to personally tailor search results to the individual user.  This is particularly objectionable when one is searching for current news, which ought to be presented objectively, and with a universal sense of importance, not personally structured to align with each individual’s likeliest consumption patterns.

The accompanying invasions of privacy, and particularly the ways in which they are used, are socially poisonous trends, even if they are not illegal.  But being as they are not illegal, governments cannot be relied on to do much of anything to counter that trend.  Little has been done in the United States, the case in Britain is shaky, and Australia has decided against investigating the same issue.

But in each of those places, the citizenry still can take it upon itself to use against Google that very thing that they are so fixated on: consumption patterns.  I fear that the reason why privacy invasions of this kind have become so endemic is not that entities like Google have been so prone to engage in them but that we as a society have been so prone to accept them.  When we can demonstrate that the new convenience we enjoy is not worth what we trade away for it, then perhaps the rampant misuse of information will be avoided more often, even if it isn’t technically criminal.

No comments: