Google told key Congressmen in a letter released June 11 that it had mistakenly collected payload data, including potentially personal information, from unencrypted WiFi networks, but that it thought it was legal to do so.
The letter, which concerned an incident in which Google dispatched cars collect information from WiFi networks for its Street View mapping application, drew a mixed response from the legislators, who have asked the Federal Trade Commission to look into the issue. A top Republican called for a hearing "at minimum" on the data collection, while a leading Democrat appeared to take Google at its word but added that the matter needed further investagion.
"We believe it does not violate U.S. law to collect payload data from networks that are configured to be openly accessible (i.e., not secured by encryption and thus accessible by any user's device)," the company said. "We emphasize that being lawful and being the right thing to do are two different things, and that collecting payload data was a mistake for which we are profoundly sorry."
Google was responding to a letter from Energy & Commerce Committee chairman Henry Waxman (D-Calif.), ranking member Joe Barton (R-Tex.) and former Communications Subcommittee chairman Ed Markey (D-Mass.) asking for some answers to why Google had collected the information.
Google said it had not used the data for any product of service, that only two people in the company had seen the data, but that it had not deleted any of the U.S. data collected per "pending civil litigation."
In a letter from director of public policy Pablo Chavez, the company said it did not know exactly what payload data it had collected (information beyond the location of the wireless nets the cars were sent out to record), but that it would likely have been "fragmented."
That said Google conceded it should have provided more notice of its actions. "In retrospect, it is clear there should have been greater transparency about the collection of this data," the company said. But it also pointed out it did not alert people that it was collecting payload data because it had not meant to do so, and that the wider scope of the project -- collecting information to improve the accuracy of location-based services -- had been widely reported.
Waxman had not responded at press time. Markey said it was clear Google "fell short" of the transparency and trust that are key to consumer protection. He said he would continue to monitor the situation and referred to the letter they had sent to the FTC.
But he also pointed out that the company had "admitted mistakes it made in this matter and indicated that it has taken corrective action, including termination of its collection of WiFi data entirely by its Street View cars."
Barton took a far sterner tone, more in line with the Democrats' criticisms of Comcast for its BitTorrent blocking.
"Google now confesses it has been collecting people's information for years, yet claims they still do not know exactly what they collected and who was vulnerable," said Barton in a release from the committee that included Markey's comments as well. "This is deeply troubling for a company that bases its business model on gathering consumer data," he said. "That failure is even more disturbing and ironic in view of the fact that Google is lobbying the government to regulate Internet service providers, but not Google. As we are contemplating privacy legislation in the committee, I think this matter warrants a hearing, at minimum."
The FCC has proposed expanding and codifying its broadband access principles, including on transparency and notification. But FCC chairman Julius Genachowski said that should be applied only to the networks, not to the software and applications that ride them.