Google staff knew for years about Street View data breach

Wi-fi hazardA Google engineer, responsible for data from wireless WiFi networks via Street View cars, told colleagues as long ago as 2007 that the code was collecting private data including emails, text messages, browsing histories and passwords.

That’s the finding of a Federal Communications Commission (FCC) report which has now been made fully public.

Earlier this month we learnt how the FCC had filed a Notice of Apparent Liability for Forfeiture against Google, fining the internet giant $25,000.

However, at the time the FCC’s report was highly redacted – not allowing the public to see the grisly details of precisely what had occurred.

Sign up to our free newsletter.
Security news, advice, and tips.

That’s now changed, as Google has now posted a full uncensored version of the document in the interests of transparency.

FCC document - before and after redaction

According to the FCC’s report, a Google employee identified only as “Engineer Doe” told colleagues in 2007 and 2008 about the sensitive nature of the data being collected by the Street View mapping cars.

However, Google only admitted publicly that it had collected the data in May 2010, causing a tidalwave of criticism from regulators and privacy campaigners.

A Google spokesman told The Guardian that it hoped to move on from the ongoing privacy saga:

“We decided to voluntarily make the entire document available except for the names of individuals. While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us.”

Earlier this month, the FCC fined Google $25,000 for willfully and repeatedly obstructing its investigation by withholding documents.

It has to be said, considering the privacy storm that came out of the Street View data breach, Google has got away remarkably lightly. For a company of Google’s size, a $25,000 fine is going to feel like a minor slap on the wrist.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.