This much is known: between 2007-2010, Google collected Wi-Fi network data all over the world in support of its Street View project. In addition to providing totally bitchin’ online photos of just about anywhere in the world, the Street View project collected network data to support various location-based services. But in collecting those data about available networks here, there and everywhere – including home wireless networks – Google also happened to collect the actual content of various unencrypted communications carried over these networks (i.e., “payload” data) – things like e-mails, text messages, passwords, Internet usage history, and other potentially sensitive personal information.
When word of this surfaced, governments everywhere – federal, state, foreign – launched (with considerable fanfare) investigations, on the theory that the unauthorized collection of that kind of private data couldn’t possibly have been legal.
Our federal government sicced an agency tag-team on Google. First, the Federal Trade Commission (FTC) took a close look at Google’s activities, but closed down its investigation without finding any problems. The FTC came away convinced that Google didn’t plan to use any of the payload data, would be deleting that data pronto, and was taking steps to improve “its internal processes”. Nothing to look at here, folks. Show’s over. Just move along.
Then the FCC jumped in.
Within a month of the FTC’s exit, the FCC had fired off a Letter of Inquiry (LOI) in an effort to figure out whether Google’s data collections had broken the law. The law in this case is Section 705(a) of the Communications Act (which, oddly enough, is codified as 47 U.S.C. §605(a)). In relevant part (that would be the second and third sentences of Subsection 605(a)(6)), it bars the unauthorized interception, followed by divulgence, publication or use, of certain radio communications.
The LOI sought vast amounts of information and documents about Google’s Wi-Fi data collection activities. Google reacted like any public-spirited organization with nothing to hide would – by cooperating fully, opening its files to the FCC and happily walking the agency through the complexities of its data-collection process . . . NOT. Au contraire, Google mounted an impressive effort – some might call it stonewalling – to keep the FCC in the dark.
The LOI was designed to bring in huge numbers of documents – including internal emails relating to the data collection process – so the Commission was doubtless disappointed with what Google produced: a very small handful of documents, a few apparently unhelpful interviews, and no emails at all. The paucity of materials presumably stemmed, at least in part, from Google’s somewhat circumscribed approach to the LOI. According to Google, it had “not undertaken a comprehensive review of email or other communications” because doing so “would be a time-consuming and burdensome task”. (Having responded to our share of LOI’s, we are sympathetic to Google’s concerns here; we only wish that we had thought to raise the “Gee, that’s a lot of work – we think we’ll pass” defense.)
Google also chose not to identify any of the individuals responsible for authorizing its collection of Wi-Fi data or any employees who had reviewed or analyzed the Wi-Fi communications collected. Consistent with this insistence on anonymity, it also redacted the names of its engineers from the limited documents that were produced. Google claimed that identifying its employees “at this stage serves no useful purpose with respect to whether the facts and circumstances give rise to a violation”.
The FCC sleuths were able to identify the engineer who developed the software code that Google used to collect and store payload data. In the NAL he is referred to as “Engineer Doe”. We’re guessing that’s not his real name . . . not that knowing his real name would help anything. According to the NAL, Engineer Doe lawyered up and took the Fifth, effectively slamming the door on that potentially useful source of information.
And the icing on the cake: Google declined for nearly the entire length of the investigation to provide a verification, under penalty of perjury, from any corporate official with either first-hand involvement in the data collection effort or personal knowledge of the information contained Google’s response. Such a verification of the accuracy of the response was specifically required by the LOI and is SOP in dealing with the Commission.
Undeterred (and perhaps nonplussed), the FCC issued a supplemental LOI, but that didn’t result in more useful intel from Google. That was followed by a demand letter making sure that Google knew that the FCC was really, really serious – it ordered Google to provide complete responses to earlier requests and requested additional information. Same non-result. And then a final supplemental LOI. Ditto. Throughout the process, the Bureau was also in touch with Google by phone and in person. All to no avail.
So despite the fact that the Commission dipped its regulatory arms deeply into what appeared to be a trough brimming with useful factual information, the Commission came up empty-handed.
But Google was not completely silent. While it kept its factual cards close to the vest, it laid out a legal argument to show that the data collection that occurred during its Street View process was not illegal.
Google pointed out that the Wiretap Act – a section of the federal criminal code the relevant part of which you can find at 18 U.S.C. §2511 – effectively trumps Section 705(a) of the Communications Act, at least as far as the alleged misconduct is concerned. The Wiretap Act provides that it’s OK
to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.
The statute defines “readily accessible to the general public” as, among other things, not being scrambled or encrypted. According to Google, the payload data it collected and accessed was only from unencrypted networks, not from any encrypted networks. QED: Nothing illegal happened here. With a casual wave of its cloaked hand, Google assured the Commission that these were not the droids it was looking for.
And even if the Commission weren’t susceptible to Jedi mind tricks, what was it to do? Thanks to (a) Google’s refusal to provide virtually anything in the way of hard information, and (b) Engineer Doe’s Fifth Amendment embrace, the FCC had no evidence from which to dispute Google’s self-serving conclusion.
Presumably recognizing its predicament, the Commission beat a quick retreat, at least with respect to the claim that Google may have violated Section 705(a). Acknowledging that there is no FCC precedent on this particular question, and acknowledging as well its lack of evidence, the Commission declined to find any such violation here.
But the Commission wasn’t ready to let Google off the hook entirely. Obviously miffed that Google had, um, largely ignored the Commission’s LOI, and its supplemental LOI, and its demand letter, and its second supplemental LOI, and its various blandishments delivered by phone or in person, the Commission wanted at least something to show for its efforts. (Think Glenn Close in Fatal Attraction.)
So with a carefully honed prosecutorial knife, the Commission lunged boldly at Google’s capillaries, proposing a fine of $25,000 because Google’s “level of cooperation with this investigation fell well short of what we expect and require”. The base fine for such lack of cooperation would normally have been $4,000, but the FCC wanted to give Google what for, in part “to deter future misconduct”. For sure the $21,000 bump over the base fine should scare the bejeebers out of Google, whose 2011 gross revenues were a paltry $38 billion or so. With a forfeiture amounting to, what, not even one ten-thousandth of one percent of its annual revenue, Google obviously has much to fear.
Actually, the NAL subliminally suggests that Google has very little to fear, at least from the FCC. That’s apparent from extraordinary redactions that make many pages of the NAL look like Rorschach tests. (See the graphic, above, which depicts one page from the NAL.) Some sample redactions:
- “In response to the Supplemental LOI, Google expanded upon [REDACTED]. Google explained that [REDACTED]." "Google further stated that [REDACTED]."
- "In interviews and declarations, managers of the Street View project and other Google employees who worked on the project told the Bureau they [REDACTED]."
- "One engineer remembered [REDACTED]."
- "During interviews with Bureau staff, Google employees stated that [REDACTED]."
- "In both his written declaration and his interview with Bureau staff, the engineer characterized [REDACTED]."
Such redactions are rarely seen around these parts. Our guess is that these were done at Google’s request. The Commission, after all, would appear to have no incentive to withhold the redacted information. Google, on the other hand, is facing potential liability in a number of other venues where its data collection activities are still under investigation. It’s reasonable to assume that Google plans to stick to its stonewall approach as long as possible in response to as many investigations as possible. Inclusion of lots of informational tidbits in an FCC NAL available to the whole world would not be consistent with that strategy. So we’re guessing that Google asked the FCC to be nice guys and black out vast swatches of the NAL.
What’s something of a puzzle is why the FCC would go along with that request. After all, the Commission seems, rightfully, to be cheesed off at the way Google cavalierly thumbed its nose at the FCC’s investigation. Why should the Commission turn around and do Google any favors?
In addition to that practical question, though, the NAL leaves open other far more important legal questions.
Is Google correct that the Wiretap Act effectively permits interception of communications carried on unencrypted Wi-Fi networks? The Act’s language can be read to support that position, and there is nothing contrary to that reading in FCC precedent, as the Commission concedes. But the Wiretap Act was drafted in the 1980s, a decade or more before the advent of even the earliest Wi-Fi networks. It’s not at all clear that, in referring to “electronic communication . . . readily accessible to the general public”, the authors of the Act had in mind a home wireless network, as opposed to the technologies of a generation ago.
And even if the “readily accessible” exception turns out to be applicable where individuals fail to encrypt personal home wireless networks, should data collection of the scale and scope as the Street View project nevertheless be subject to some legal constraint? And at what point does the massive aggregation of data provide sufficient information to violate our expectations of privacy?
We, of course, have no official opinion on this matter. If we did, though, we would have to say [REDACTED].