It is a fact that Google has while taking panorama photographs of streets in cities all over the world (in 34 countries) for its Street View application also collected information about wireless networks and data from open wireless networks that are not password-secured. Google may have stored smaller or larger pieces of emails, images, documents, notes, data about accessed websites, etc in this process. Google admitted this circumstance in a public note: “we discovered that a statement made in a blog post on April 27 was incorrect. In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products” (Official Google Blog, May 14th, 2010). The validity of Google’s claim that it never used the collected data in its products can never be checked because once data has been collected, stored, and diffused, it is impossible to reconstruct how exactly it has been used and how often it has been copied. Google’s claim is simply worthless because already the unauthorized collection of data constitutes a major problem.
Google does not give a viable explanation why it collected data from WiFi networks. The company wrote on its blog: “So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software – although the project leaders did not want, and had no intention of using, payload data” (Official Google Blog, May 14th, 2010). Is it reasonable to assume that a software code that collects private data is accidently installed and nobody knows about it? Can this statement be trusted if it comes from a company that naturally has an economic interest in turning data into profit?
The collected data enables Google to link certain images, videos, some details about private lives, work and business, and personal documents to addresses. No matter if Google uses these data for economic purposes, statistical analysis, or does not use them, the question is if citizens can feel save when a corporation that by its own nature has capital accumulation as its highest priority (which does in reality frequently conflict with citizens’ interests), collects and controls such data without the knowledge and agreement of users. Google says that it has or will delete all collected data. But if this is indeed true, cannot be controlled. Even if public prosecution authorities and data protection agencies gain access to Google hard disks that contain these data, it cannot be guaranteed that data copies have not been made. Once data is collected and controlled by one actor, it can be easily, cheaply and very quickly copied. This means that one cannot trust Google’s assertions that it has or will delete the data because there can never be certainty about the deletion of digital data. Damage has already been irreversibly caused at the moment the data were collected because of the very nature of digitalization that allows the creation of an endless number of exact data doubles.
“The engineering team at Google works hard to earn your trust – and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake” (Official Google Blog, May 14th, 2010). Google’s naïve apology is not worth a tinker’s cuss because the affected users can never be sure what exactly has happened or will happen to their data and if this will have negative consequences for them.
The incident shows that Google has an interest in obtaining as much data about users as possible and that it does not shy away from collecting data without the knowledge and consent of users and even from private networks.
“This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today” (Official Google Blog, May 14th, 2010). Because a network is open does not mean that companies should be allowed to download data from the network and that users welcome them to do so. Some observers argue that if someone leaves a wireless network open/unprotected, it is his/her own fault if others extract data from it. They also say that leaving a wireless network open is like writing a postcard or not sealing a letter, which invites others to read. Why is this analogy inappropriate? Open wireless networks advance free access and the sharing of data, which in turn fosters human communication, which is a basic human need that should not cost money. Therefore open networks as such are desirable. If all providers close their wireless networks off from the public, costless public access to information and communication over the Internet is disabled and industry interests in charging users for Internet access is advanced. Therefore there are good reasons for providing open access to wireless networks. Other reasons for not protecting wireless networks are that people want to share data with people in their flat, their house, or their block, which does not mean that they want to share it with Google. Also some users might not know or not be sure which data on their computers and networks is available to others. If you do not lock your door because you want your friends who live next door to be able to enter any time, then this does not mean that you welcome strangers to come in and take pictures of you sleeping, having sex, sitting on the toilet, lying in the bathtub, or conducting other activities.
I am sure that most Internet users have found it useful to browse streets on Google Street View before going to a place they have never been to in order to easier orient themselves and gain an idea of how the place they are going to looks like. This shows the power of contemporary Internet technologies to serve basic human needs such as communication, co-ordination, and orientation. But at the same times these technologies under the control of profit-oriented firms serve economic interests that conflict with basic human interests. Google has a contradictory nature: it advances human sociability and communication and at the same time threatens data protection due to its profit-oriented character. There is an antagonism between the productive power of Internet technologies and the capitalist relations that shape the production and usage of these technologies.
The German consumer protection minister Ilse Aigner has enforced that Google must garble private houses and gardens on Google Street View if citizens formally object. This debate is itself contradictory: if all houses are gabled on Google Street View, then users will get no impression of how a certain ward they want to go to looks like; if all houses are visible, certain people might feel that criminal acts and acts of terrorism are easier to plan.
In Germany, the Hamburg public prosecution authority started investigations against Google because of the suspicion that the company intercepted data. In Austria, the Data Protection Commission banned further data collection by Google Street View at the end of May 2010. Josef Ostermayer, who is Austrian State Secretary for the Media, wants to criminalize illegal data collection (Der Standard, May 28, 2010). Currently, unauthorized data collection is only illegal if the data are purposefully collected and valorized for economic purposes. Ostermayer wants to criminalize unauthorized data collection so that not only the use of such data for profit-purposes is illegal, but already the gathering process itself. He also suggests that there should not only be a national law, but that the EU Data Protection Directive is amended (Der Standard, May 28, 2010).
The best reaction to surveillance by private companies, as in the case of Google, is to let them feel the full violence of democratic law enforcement. Therefore the current developments in Austrian and Germany of taking legal measures against Google are more than appropriate. Corporations may not be very willing to voluntarily respect the consumer interest in data protection, but they may become more responsive if corporate data misuse is criminalized, severely punished, and causes painful financial losses for them. The Google Street View incident shows that companies do not automatically see privacy violation as a mistake and that legal measures that make companies like Google and Facebook learn privacy lessons are very much needed. Maybe it is time to stop talking about corporate social responsibility and to start focusing on the analysis, exposure, and investigation of corporate social irresponsibility.
Thanks for this thorough post Christian. I wrote explicitly about the question of whether this “mistake” could possibly be “inadvertent” as was claimed. I think the size of the payload data alone argues that it is impossible to understand this as inadvertent. Here is the post:
Confessions of a Spy Car Driver
http://blogs.law.harvard.edu/niftyc/archives/397
Best,
Christian
[...] raise some interesting questions. Christian Fuchs, a media and communications scholar from Sweden, wrote on his blog: “Is it reasonable to assume that a software code that collects private data is accidently [...]