Saving Face About Saving Data

Back in May, I wrote about a controversy that surfaced in Europe after privacy advocates revealed that in the act of collecting photographic images for its Street View application, Google was also scooping up private data from the unsecured WiFi network areas its camera-outfitted cars drove through. At that time, Google said that the data gathering, which watchdogs claimed was taking place in at least thirty countries, was inadvertent, and that the estimated 600 gigabytes of information they had collected typically consisted of data  “fragments.” As it turned out, that wasn’t quite the case. The data included not only passwords and texts of entire emails, but “data that are normally covered by . . . banking and medical privacy rules, usernames, telephone numbers, and residential home addresses. Google’s claim that it never intended to collect or use the material wasn’t convincing enough to calm the nerves and suspicion of a number of public and private watchdogs. In the United States, in late June, Connecticut’s Attorney General, Richard Blumenthal said he’d lead a multi-state investigation in what was being called the “WiSpy” scandal, and held a much-publicized conference call with his counterparts in more than thirty states to determine whether or not to investigate further. Early in July and faced with domestic and international law suits, Google announced it had removed the WiFi equipment from all of its Street View vehicles and would work with affected countries to delete the data or disclose what data was collected in each region.

End of story? Not quite. In late July, a Connecticut based watchdog website reported that the initial pow-wow of Attorney Generals had yet to yield further action or results. On October 22, Google’s vice president of engineering and research, Alan Eustace, issued a statement on a company blog, stating: "We're acutely aware that we failed badly here . . . We want to delete this data as soon as possible. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.” Google also announced that it was promoting its lead privacy engineer to become the director of privacy, and that all employees would undergo privacy training. Five days later, according to CNN, the Federal Trade Commission announced that as a result of Google’s actions to rectify the problem, it was calling off its investigation of the Google Street View, without issuing fines to the company. Still, there remain observers out there who continue to raise some interesting questions. Christian Fuchs, a media and communications scholar from Sweden, wrote on his blog:  “Is it reasonable to assume that a software code that collects private data is accidently installed and nobody knows about it?” Can Google’s apology, he wonders “be trusted if it comes from a company that naturally has an economic interest in turning data into profit?” And, he wondered, was there really any way to know whether Google has or will delete the collected data, since digital data is so easily and cheaply copied? For non-doubters and for the moment it might seem as if the problem’s been resolved and “all’s well that ends well.” But often, when it comes to thinking about the issues and questions that surround who it is that collects, archives, and has access to information, there are no simple answers.