The lone engineer who was blamed by Google for its most controversial breach of online privacy told others in the company far more about the affair than Google has previously disclosed, according to the results of a damning US regulatory investigation released over the weekend.
The report, from the Federal Communications Commission, also highlights apparently serious shortcomings in Google’s software development process.
These include claims from Google engineers that they were free to add code to a project without supervision if they thought they “could improve it”, a failure to follow through on a recommendation to have the privacy matter screened by one of the company’s in-house lawyers, and the pre-approval by a senior manager of a document before it was even written.
Google did not respond to the specific findings of the FCC’s report, which was based on emails and other internal communications at the company. But it said in a statement: “While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law. We hope that we can now put this matter behind us.”
The FCC report marks a new low point for Google in what has become the worst apparent contravention yet to be uncovered of its own stated privacy practices. Cars equipped to photograph streets for the company’s Street View service also collected snippets of personal data from the WiFi networks of a large number of homes they were passing — a fact that Google at first denied, before regulators proved it wrong.
The latest revelations brought angry reactions from privacy campaigners, who characterised the illicit data collection as part of Google’s wider goal of collecting as much information as it can about its users.
“Street View wasn’t some engineering mistake,” said Jeff Chester, head of the Center for Democracy and Technology. He called for Congress to interrogate both Google and regulators over the matter, adding: “Why didn’t officials blow the whistle on this data cover-up?”
The search company has until now blamed the breach on an unnamed engineer who it said was meant to write software to collect only data about the nature of the WiFi networks, not personal information being carried over them.
A redacted version of the FCC’s report, with the most damning conclusions blacked out, was released by the FCC two weeks ago, and Google said it had acted voluntarily to release the full report.