Google, feeling lucky, tells German privacy czar to wait

By Shelley DuBois, reporter


FORTUNE -- Yesterday, Google dropped the ball on a deadline to turn over a hard drive full of illegally collected data to the German government. The misstep, it's fair to say, makes Google watchers wonder: does the Internet giant answer to anyone?

The company is facing criminal charges from Germany related to its Google map feature, Street View. Street View shows 360 degree images of locations all over the globe. To get these images, Google deploys vans, cars and kooky tricycles equipped with cameras and GPS receivers, to collect photos of as many places as possible. Turns out, besides taking snapshots of the local biergarden in Germany, Google's vehicles were also mapping and enumerating the locations of open Wi-Fi networks.

Google (GOOG, Fortune 500) had until yesterday to turn over the hard-drive with the data from the stolen Wi-Fi, and they didn't. In a statement, Google said:

"Since our announcement two weeks ago that we had mistakenly been collecting Wi-FI payload data, we've been working hard to address the concerns of data protection authorities around the world. The data protection authority in Hamburg has made a number of requests -- including to be given access to an original hard-drive containing the payload data, and to a Street View car.

"We want to cooperate with these requests -- indeed we have already given him access to a car -- but as granting access to payload data creates legal challenges in Germany which we need to review we are continuing to discuss the appropriate legal and logistical process for making the data available. We hope, given more time, to be able to resolve this difficult issue."

If Germany decides to prosecute, they've got pretty robust data privacy laws in place, unlike those of the United States. So, who's on Google watch?

The privacy patchwork

In Germany, it's illegal to collect and store information about the location of people's wireless hubs without their knowledge. Google has admitted it did just that. There aren't rules against that in the United States, but there are rules against collecting transmissions over wireless hubs. That's something Google also did in Germany, and that sounds a lot like wiretapping.

Mark Rotenberg, the Executive Director of the Electronic Privacy Information Center says that he and colleagues are working on a letter to send to the chairman of the Federal Trade Commission, because "there is a good case that Google violated U.S. federal wiretap laws."

They didn't mean to, apparently. "I don't think there's any reason to doubt that it was a mistake," says Jennifer Granick, the Civil Liberties Director of the Electronic Frontier Foundation. At the beginning of May, Germany asked Google they were illegally downloading data from Wi-Fi networks, and Google denied it. It would be easy to catch them if they had been deceiving people about their intent, Granick says, and "they're not that dumb."

The Google excuse: they didn't know they were doing it wrong

Google co-founder Sergey Brin has publicly apologized, and the company has compiled a hard drive of the illegally downloaded data. They say they're ready to delete it as soon as governments from various countries give the green light. Google claims to have gotten the information from Wi-Fi networks because of a coding error. They say they didn't even know about it until a German law student filed a complaint.

"It's just unbelievable to me that they would say that," says Rotenberg. Unlike Granick, he thinks that the data that Google was collecting was too valuable, and there was too much of it to just be a coding problem with some of the software in the data collection vehicles.

Other mapping companies use similar camera-strapped-to-a-car technology. A company called Navteq, for example, provides location data for Garmin, Yahoo! and AOL/Mapquest, among many others. Navteq sends people out in cars equipped with multi-view cameras and a GPS receiver, like the Google cars. A Navteq spokesperson told Fortune, "we can't comment on others, but NAVTEQ has not collected any Wi-Fi data."

Privacy: Is Europe stringent, or is the US lax?

Now, countries in Europe besides Germany are starting to get their hackles up. Spain, France and the Czech Republic are looking into allegations against Google. All of these countries have government-backed data protection agencies, and are tougher on Internet privacy issues than the United States. "I'm not sure if Europe is particularly stringent or the US is particularly lax," says Rotenberg.

He believes that Germany's Data Protection Agency helped the country flag this issue. "We have laws in the US that limit this activity. They may be different than the laws in Germany, but they are enforced in Germany." Rotenberg would like to see the US set up a similar agency.

"There's not a lot that individual consumers can do when Google's going through the neighborhood and scarfing down their Wi-Fi."

But that's Google's problem, not the government's according to Granick. "I think they do have to make a structural change," she says. "They're in the business of collecting and monetizing people's data. They need to make people feel comfortable."

Unenforced, but important privacy rule: don't jack Wi-Fi

Government regulation designed for a Google-sized company isn't the answer, she claims. That would limit creative software development by small companies who wouldn't have the resources to meet or even know about strict rules, she says.

But clarifying the 2006 Computer Fraud and Abuse Act could help.The law against Google's actions could already exist within it, just in an unenumerated fashion. The act says, in a nutshell, that you shouldn't jack other people's Wi-Fi, but of course everybody does. "There haven't been many prosecutions [related] to open wireless networks because that's how people kind of get online," says Rotenberg.

In the meantime, Granick says citizens everywhere concerned about Internet privacy should look out for themselves, and lock it down. "You have to encrypt. People who have open Wi-Fi can't count on the law to protect their security." To top of page