Google reportedly will settle with 30 states over its controversial Street View Wi-Fi hotspot sniffing program that was undertaken by a "rogue engineer."

Mathew J. Schwartz, Contributor

March 11, 2013

3 Min Read

Google Chromebook Pixel: Visual Tour

Google Chromebook Pixel: Visual Tour


Google Chromebook Pixel: Visual Tour (click image for larger view and for slideshow)

Google is reportedly close to reaching a $7 million settlement with 30 states' attorneys general over the search giant's Street View data collection practices.

The settlement is expected to occur early this week, reported All Things Digital, and the money would be split between the 30 states.

A spokeswoman for Google declined to comment via email on the proposed settlement. But she said of Street View: "We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue.”

None of the states' attorneys general have publicly confirmed reports of an imminent settlement. "We are party to the investigation, and the investigation is active and ongoing," said a spokeswoman for Connecticut Attorney General George Jepsen, speaking by phone.

[ Ski resorts are among the latest terrain conquered by intrepid Street View photographers. Read Google Street View Hits The Slopes. ]

As part of what's since been dubbed Google's "Wi-Spy" campaign, between 2007 and 2010, Google's Street View cars -- used to gather record data for building Google's maps -- were also sniffing all unencrypted wireless packets they encountered, then storing that data.

After European governments in early 2010 asked Google to detail exactly what data its Street View vehicles were collecting, Google investigated, and in May 2010 disclosed the Wi-Fi data gathering practices, which it said were inadvertent. Regardless, that led to strong rebukes from numerous governments, including some investigations and fines. Likewise, 30 states -- led by then-Connecticut Attorney General Richard Blumenthal -- launched their own investigation in 2010. That effort is what's now reportedly closing in on the $7 million settlement deal.

Google has long maintained that although the data collection had been a "mistake," the company hadn't broken any U.S. laws by collecting Wi-Fi data that wasn't password-protected. The Federal Communications Commission looked into Google's Wi-Fi data sniffing and ultimately fined Google $25,000 for obstructing its Street View investigation, but never filed any charges. Last year, the FCC's resulting report revealed that Google ascribed the "wardriving" to a "rogue engineer", who was interested in the product possibilities the data might enable.

Even if Google settles with the 30 states, the company still faces Street View investigations abroad. The Electronic Privacy Information Center (EPIC), which had urged the Justice Department to pursue Google for wiretap law violations, currently counts Street View investigations in at least 12 countries, nine of which have found that Google's Wi-Fi data collection violated their laws.

But another issue raised by Google's Wi-Fi data interception is why so few hotspots were set to encrypt data, given the ease with which that data could be intercepted by any third party. "If people are using unsecured Wi-Fi, I'm not sure Google should be paying anything at all," said "Dissent," which is the handle of the privacy advocate and data breach information blogger who maintains DataBreaches.net. "Don't users assume some risk or responsibility for the risk if they're using unsecured Wi-Fi?"

Security isn't necessarily the first thing people think of when they consider enterprise directories. But directories can be used in a number of ways to tighten and extend your organization's security. A Guide To Security And Enterprise Directories report, we examine enterprise directories—through the lens of Microsoft Active Directory -- and their potential as a solution for a wide array of security initiatives. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights