Last Tuesday, Google agreed to pay 37 states a total of $7 million as a settlement for a massive breach of privacy.
The source of this breach is Google’s Street View cars, which, between 2008 and 2010, Google admitted were being used to glean information, such as e-mails, passwords, and medical and financial records, from unsecured Wi-Fi networks. The cars were equipped with antennae and open-source software that were supposed to be used to simply collect the network name and address of local Wi-Fi networks.
These cars have been roaming around the U.S. since 2007, equipped with enough cameras to photograph 360 degrees for Street View, a more specialized variant of Google Maps. According to Google, they soon discovered they had accidentally downloaded data frames and “payload data,” which is the main body of a data transmission from unprotected Wi-Fi networks.
Initially, Google blamed the data theft on a “rogue engineer” who had set up a data-collection program in the Wi-Fi detection equipment. A later investigation by the FCC, however, revealed that several managers at Google knew this data-theft was happening, but did nothing to stop it.
After an agreement was met, Google released a statement apologizing for the debacle:
“We work hard to get privacy right at Google. But in this case we didn’t, which is why we quickly tightened up our systems to address the issue,” Google said in a press release. “The project leaders never wanted this data, and didn’t use it or even look at it. We’re pleased to have worked with Connecticut Attorney General George Jepsen and the other state attorney generals to reach this agreement.”
The $7 million will be divided among 37 states, although for Google it is relatively insignificant considering its worth. Privacy advocates immediately criticized the fine as being too soft on one of the most lucrative tech companies in the world:
“With Google’s revenue of $100 million a day, the fine is just a drop in the bucket and not enough to deter bad behavior,” said American Consumer Institute president Steve Pociask in a statement. “Consumers are growing tired of seeing Google apologize time and time again, pay a small fine and make vague promises in settlements with one agency or another, only later to engage in the same behavior.”
In addition to the fine, Google will be required to launch an employee education program about user data privacy. It will also sponsor a public service campaign to educate customers on how to properly secure their wireless networks. Google is, of course, required to destroy all Wi-Fi data it illegally obtained.