Google’s Wi-Spying broke Canadian law

Google violated Canadian privacy laws when its Street View cars gathered data from private wireless networks,  Canada’s privacy commissioner said on Tuesday. More important, the investigation found a company with a lackadaisical commitment to privacy among its engineers.

Privacy Commissioner Jennifer Stoddart said the private data was gathered because of a ” a careless error – one that could easily have been avoided.”

She said thousands of Canadians could have been affected.  Considering that Google’s cars were gathering information in 30 countries around the world, you can see why I’ve called this the biggest wiretapping scandal in history.

“Our investigation shows that Google did capture personal information – and, in some cases, highly sensitive personal information such as complete e-mails. This incident was a serious violation of Canadians’ privacy rights,” said Privacy Commissioner Jennifer Stoddart.

As you’ll recall, the Wi-Spy scandal broke last spring when Google responded to questions from German data protection officials about what their Street View cars were doing. First Google said they were merely mapping Wi-Fi network locations for  use in their location services. Then Google acknowledged it had been gathering “payload data” — emails and passwords — from unencrypted private networks, but claimed it was a mistake.

Consumer Watchdog called on the Federal Trade Commission to investigate, sought a probe by state attorneys general (since launched) and called for Congressional hearings. There is also a class action suit over the scandal pending in Federal Court.

We think the Canadian decision underscores the need for Congressional hearings.

Stoddart’s probe  found that when Google decided to deploy the code to map Wi-Fi networks in the real world, an unnamed individual identified “superficial privacy implications”, but did not send his designs to lawyers for review, contrary to company policy.

While Stoddart’s investigation found that the Internet giant broke the law, she offered only a slap on the wrist saying that she would consider the matter closed in February if Google shows it has implemented her recommendations. Her proposals:

  • Google ensure it has a governance model in place to comply with privacy laws.  The model should include controls to ensure that necessary procedures to protect privacy are duly followed before products are launched.
  • Google enhance privacy training to foster compliance amongst all employees. Google should designate an individual or individuals responsible for privacy issues and for complying with the organization’s privacy obligations – a requirement under Canadian privacy law.
  • Google delete the Canadian “payload” data it collected, to the extent that the company does not have any outstanding obligations under Canadian and American laws preventing it from doing so, such as preserving evidence related to legal proceedings. If the Canadian payload data cannot immediately be deleted, it needs to be secured and access to it must be restricted.

All are important and necessary steps to change the corporate culture of a company dominated by computer engineers and geeks who have a cavalier attitude toward privacy. They don’t ask permission because they can always ask forgiveness. They push on privacy issues, as CEO Eric Schmidt puts it, right up to the “creepy line.” And if they go too far and find their fingers caught in the cookie jar, they can always apologize.

Yes, Stoddart’s recommendations are important, but nothing focuses corporate minds like a good stiff fine or substantial  award of damages. Turning to the various actions in the United States, we can still hope for that.

Published by John M. Simpson

John M. Simpson is a leading voice on technological privacy and stem cell research issues. His investigations this year of Google’s online privacy practices and book publishing agreements triggered intense media scrutiny and federal interest in the online giant’s business practices. His critique of patents on human embryonic stem cells has been key to expanding the ability of American scientists to conduct stem cell research. He has ensured that California’s taxpayer-funded stem cell research will lead to broadly accessible and affordable medicine and not just government-subsidized profiteering. Prior to joining Consumer Watchdog in 2005, he was executive editor of Tribune Media Services International, a syndication company. Before that, he was deputy editor of USA Today and editor of its international edition. Simpson taught journalism a Dublin City University in Ireland, and consulted for The Irish Times and The Gleaner in Jamaica. He served as president of the World Editors Forum. He holds a B.A. in philosophy from Harpur College of SUNY Binghamton and was a Gannett Fellow at the Center for Asian and Pacific Studies at the University of Hawaii. He has an M.A. in Communication Management from USC’s Annenberg School for Communication.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.