Thursday, May 03, 2012

FCC Penalizes Google for “Impeding” Wi-Fi Investigation

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Although the Federal Communications Commission has decided not to take action against Google, Inc. for possible violations of the Communications Act in connection with Google’s collection of data from Wi-Fi networks, the FCC on April 13, 2012 proposed a $25,000 forfeiture penalty against Google for “willfully and repeatedly” violating FCC orders to produce certain information and documents that the FCC required for its investigation. Google has agreed to pay the penalty.

"Street View" Project 

Between May 2007 and May 2010, as part of its “Street View” project, Google collected data from Wi-Fi networks throughout the United States and around the world. The purpose of Google’s Wi-Fi data collection initiative was to capture information about Wi-Fi networks that could be used to help establish users’ locations and provide location-based services.

Google also collected “payload” data—the content of Internet communications—that was not needed for its location database project. This payload data included e-mail and text messages, passwords, Internet usage history, and other highly sensitive personal information.

At first, Google denied collecting payload data. After the commencement of investigations by European data protection authorities, Google publicly acknowledged that it had been “collecting samples of payload data from open (non-password-protected) WiFi networks” but stated that it likely collected only fragmented data.

Google explained that the collection of payload data was caused by code that was “mistakenly” included in its Wi-Fi data collection software. On October 22, 2010, Google acknowledged for the first time that “in some instances entire emails and URLs were captured, as well as passwords.”

Upon learning that Google had collected payload data, the FCC began examining whether Google’s conduct violated provisions of the Communications Act of 1934. In November 2010, the FCC’s Enforcement Bureau launched an official investigation into whether Google’s data collection practices violated Sec. 705(a) of the Act, which prohibits the interception of radio communications.

According to the FCC, Google “deliberately impeded and delayed” the Enforcement Bureau’s investigation for several months by failing to respond to requests for material information and to provide certifications and verifications of its responses. In a Notice of Apparent Liability for Forfeiture, the FCC stated that Google apparently willfully and repeatedly violated orders to produce information and documents required for the investigation. Based its review, the FCC found that Google was apparently liable for a forfeiture penalty of $25,000 for its noncompliance with the FCC’s information and document requests.

Closing of Investigation

At the same time, the FCC decided not to take enforcement action under Sec. 705(a) against the company for its collection of payload data and to close the investigation. There was not clear precedent for applying Sec. 705(a) to the Wi-Fi communications collected by Google, the FCC said.

Moreover, because a Google engineer permissibly asserted his constitutional right not to testify, significant factual questions bearing on the application of Sec. 705(a) to the Street View project could not be answered on the record of the FCC’s investigation.

More information is available here on the FCC’s website.
Google’s Response

Although Google agreed to pay the forfeiture, it contended that delays by the FCC slowed down the investigation, rather than Google.

“As the FCC said in their report, we provided all the materials necessary for them to conduct their investigation,” a Google spokesperson said. “We agree with the FCC's conclusion that we did not break the law, but believe that we did cooperate in their investigation, and we made that clear in our response.”

No comments: