Google staff knew for years about Street View data breach

Filed Under: Data loss, Featured, Google, Law & order, Privacy

Wi-fi hazardA Google engineer, responsible for data from wireless WiFi networks via Street View cars, told colleagues as long ago as 2007 that the code was collecting private data including emails, text messages, browsing histories and passwords.

That's the finding of a Federal Communications Commission (FCC) report which has now been made fully public.

Earlier this month Naked Security reported how the FCC had filed a Notice of Apparent Liability for Forfeiture against Google, fining the internet giant $25,000.

However, at the time the FCC's report was highly redacted - not allowing the public to see the grisly details of precisely what had occurred.

That's now changed, as Google has now posted a full uncensored version of the document in the interests of transparency.

FCC document - before and after redaction

According to the FCC's report, a Google employee identified only as "Engineer Doe" told colleagues in 2007 and 2008 about the sensitive nature of the data being collected by the Street View mapping cars.

However, Google only admitted publicly that it had collected the data in May 2010, causing a tidalwave of criticism from regulators and privacy campaigners.

A Google spokesman told The Guardian that it hoped to move on from the ongoing privacy saga:

"We decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC's conclusion that we did not break the law. We hope that we can now put this matter behind us."

Earlier this month, the FCC fined Google $25,000 for willfully and repeatedly obstructing its investigation by withholding documents.

It has to be said, considering the privacy storm that came out of the Street View data breach, Google has got away remarkably lightly. For a company of Google's size, a $25,000 fine is going to feel like a minor slap on the wrist.

, , , , , ,

You might like

10 Responses to Google staff knew for years about Street View data breach

  1. Machin Shin · 1220 days ago

    "For a company of Google's size, a $25,000 fine is going to feel like a minor slap on the wrist."

    Wow is that ever an understatement. For a company the size of Google $25,000 is a rounding error. That is not enough to even make them pause for half a second.

  2. A slap on the wrist? Google made almost $38 BILLION in 2011.

    Let's compare the fine to the amount someone making a respectable $150,000 a year would pay based on percent of total.

    $25,000 is to $38,000,000,000 as $.10 is to $150,000 (approximately).

    If you make the national US average income (for 2010) of around $42,000, the fine would be a mere 3 pennies.

    This isn't even a pebble in the shoe for Google.

  3. Mike · 1219 days ago

    "considering the privacy storm that came out of the Street View data breach, Google has got away remarkably lightly."

    I'm confused with what they got away with? They paid a fine for withholding documents (should the fine be based on the size of the company that has withheld documents?) Or did they get away with not breaking the law, as the FCC determined in the report?

  4. Internaut · 1219 days ago

    The $25k is the cost of doing business. Part of the operation.

    Is this an indication, along with the other recent Google privacy infringements a sign of what is to come; to follow-up on George Orwell's insights?

    While the Google Googoyle is hard at work bending the rules, and stretching the limits of honesty, trust, and privacy, another better, less intrusive search engine might just do the job right! I would welcome Archie, Veronica, AltaVista (the original, not the knockoff), and Lycos search engines. At least they respected privacy and, gave you what you wanted, not what they wanted you to see and buy.

    Google is getting too scary at doing whatever they want, when they want, and to whom they want.

  5. Guest · 1219 days ago

    Should be $2.5 billion, given their income.

  6. Freida Gray · 1219 days ago

    Wow, Google lies to the FCC & gets away with it.Why can't everybody else ? Maybe it's because everybody else actually pays attention to an FCC request for information instead of blowing them off then lying about what they knew & when they knew it.This makes me want to find a way to remove Google Search as a search provider on all of my browsers.After all Engineer Doe only developed the software to spy on what websites people visit, & "sold" the idea to Google by telling them that it would be used to see how many people used Google Search & other Google sites.

  7. Google owns somthing daft like 70% of all web servers. If you upset Google they could probably turn the internet off. Google are the Internet.

    I still think the problem here is not with Google it's all the numpties running un-secured wi-fi. People are paranoid about throwing documents in the bin but not protecting their network, internet connections or social network sites.

    If it had been someone malicious driving around in a white van sniffing wifi and selling the findings online no-one would have ever known, not to mention the damage it would cause.

    Google has just made a giant security hole in most peoples lives visible.

    That is all.

  8. JDon · 1219 days ago

    Slap on the wrist...More like a breeze blowing through Google's hair.

  9. Guest · 1218 days ago

    Breach? Is that the official Sophos definition for collection of indiscriminately broadcast information via open and unencrypted WiFi networks?

    #yellow journalism

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley