Google Oogled: Privacy Isn't Dead - Yet

In May, Google announced that, for more than three years -- in more than 30 countries -- it had been "mistakenly collecting" personal data from open WiFi networks as its vehicles roamed the streets taking photos for its Street View mapping service. That data could include people's email messages, their passwords and even the logs of their Web site visits.

This week, more than 30 state attorneys general announced they will begin examining the lawfulness of Google's actions, though it still isn't clear whether Google committed any legal wrongdoing. "At the very least, Google acknowledges that intercepting and gathering people's data was wrong," Connecticut AG Richard Blumenthal told WIRED. "But there may be a need to strengthen and enhance federal and state laws." Meanwhile, the chief of the Consumer and Governmental Affairs Bureau of the Federal Communications Commission has issued a warning to consumers that Google's "behavior" raises important privacy concerns, adding that the collection of WiFi data, "whether intentional or not ... clearly infringes on consumer privacy."

In case you haven't been following it, the Google disclosures have triggered one of the biggest public probes of online privacy so far in the digital era. Google, in response to government inquiries and lawsuits, has claimed that it is lawful to use packet-sniffing tools readily available on the Internet to spy on and download payload data from others using the same open WiFi access points. But two months ago, in May, shortly after the FCC and U.S. Justice Department began looking into the Street Maps issue, Google Cofounder Sergey Brin told a Google developer conference his company "screwed up" by improperly collecting the WiFi data. "We screwed up, and I'm not making excuses about it," Brin said. "Trust is very important to us and we're going to do everything we can to preserve it." Brin said the company is "putting more internal controls into place and bringing in third parties to work on this issue, as well." Google also has begun destroying some of the WiFi data it collected for Street View -- in some cases, at the request of governments, including Britain's. But privacy advocates now say Google shold preserve the data and turn it over to governments.

"The problem here is that there are criminal laws at issue, and there is a real question as to whether Google violated these laws," says Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), a nonprofit privacy rights group in Washington. "If it did, the evidence is in the information Google collected. Google has tried to minimize the data it collected, calling it snippets or fragments. But that's a determination that needs to be made by a third party, possibly a prosecutor."

For one of the most comprehensive overviews of the Street View issue -- including a timeline of the Street View program from its launch in 2007 to Germany's announcement last month that Street View vehicles have been collecting data from WiFi networks -- see EPIC's Web page on the brouhaha.

Street View isn't the only Google product that has been drawing recent privacy concerns. Privacy advocates have complained about Google Buzz, the company's new social networking service. EPIC's complaint, filed with the Federal Trade Commission, says Google attempted "to convert the private personal informaton of Gmail subscribers into public information" for the Buzz service. "This change in business practices and service terms violated user privacy expectations, diminished user privacy, contradicted Google's own privacy policy, and may have also violated federal wiretap laws." [Facebook also has come under fire for ongoing problems with its privacy settings, chiefly the lack of control users have over personal information that others have made public about them, including photographs. Another sore spot: Facebook's decision to push users into using its "instant personalization" feature, the company's link to third-party Web sites such as Yelp and Pandora that share users' opinions on shops and tunes.]

What do you think? As the Web becomes more "social," should consumers have more of a say in how their personal data is distributed across social networks? [See Radical Shock, a Q&A I had earlier this year with privacy scholar Helen Nissenbaum about the need for new privacy protections that don't care so much about whether data is shared "but whether it's being shared appropriately." See also Justmeans colleague Madeline Ravich's recent piece on this site, Do Facebook's Privacy Violations Qualify as Bad CSR?]

Let us hear from you.