Google's conduct over the notorious “WiSpy” incident is facing fresh scrutiny from the Information Commissioner's Office (ICO), following the publication of a report by its US counterpart the Federal Communications Commission (FCC).
In May 2010, Google admitted that it had inadvertently collected more than 600GB of payload data – including full URLs, emails and passwords – from unsecured Wi-Fi networks around the world, while photographing streets for its Street View application.
However, the FCC report, released last month, casts doubt on Google's claims that the data collection was accidental, claiming that Google engineer Marius Milner had “intended to collect, store and review payload data for possible use in other Google projects”.
The document goes on to state that, in addition to Milner, other Google employees, including at least one senior manager, were aware of the practice long before it was brought to the attention of the FCC. Google had previously claimed he acted without the knowledge or authorisation of senior managers.
Google is now facing a $25,000 (£16,000) fine from the FCC for repeatedly failing to respond to requests for information, thereby impeding the agency's investigation.
The ICO conducted its own investigation into the incident in July 2010, concluding that the data collected was free of any “meaningful personal details”. However, the Information Commissioner did a u-turn later that year, stating that the search giant had indeed broken the law.
It later emerged that the ICO had send lawyers, not technical staff, to investigate Google’s Wi-Fi data breach, leading Conservative MP Robert Halfon to label the ICO ‘Keystone Kops’. He also described the Information Commissioner as “lily-livered” and said the ICO’s lack of action was “lamentable”.
The ICO is now considering reopening its investigation, in light of the FCC report. The regulator said in a statement that it is in the process of deciding whether further action, if any, needs to be taken.
“Google provided our office with a formal undertaking in November 2010 about their future conduct, following their failure in relation to the collection of WiFi data by their Street View cars,” said a spokesperson.
“This included a provision for the ICO to audit Google’s privacy practices. The audit was published in August 2011 and we will be following up on it later this year, to ensure our recommendations have been put in place.”