Having admitted it 'screwed up,' Google may have to pay up.
Following Google co-founder Sergey Brin's admission that his company "screwed up" by inadvertently using its Street View cars to collect data traveling over unprotected WiFi networks, three men on Thursday filed a lawsuit against the company alleging that its Street View data gathering violated the Federal Wiretapping Act.
Matthew Berlage, a resident of Hamilton County, Ohio, Aaron Linsky and James Fairbanks, both residents of Santa Barbara, Calif., are suing Google for its mistake and seeking class action certification.
Just over a week ago, Google revealed that a previous statement it had made about its Street View cars' data collection had been inaccurate. The company had said that while its Street View cars collected publicly broadcast WiFi network names and MAC addresses from WiFi routers as the vehicles drove about snapping pictures, no "payload data" -- data transmitted over open WiFi networks -- was collected.
An inquiry by the data protection authority in Hamburg, Germany, made the company realized it had actually been collecting WiFi payload data. Alan Eustace, SVP of research and engineering for Google, said in a blog post that back in 2006, a Google engineer had written some experimental WiFi code that grabbed unprotected WiFi network data.
Eustace said upon learning of its error, Google immediately halted its Street View data collection to segregate the inadvertently collected data and to begin deleting it, with the approval of local regulators. Last week, Google said that the Irish data protection authority had asked the company on Friday, May 14 to delete the data it had collected in Ireland and that the company had complied.
Those suing Google state that they maintain unprotected wireless networks and that they believe Google Street View vehicles on at least one occasion drove by their residences and captured whatever data they happened to be transmitting at that moment.
Whether they were actually sending and receiving data over their WiFi routers at times when Google's Street View cars drove by remains to be seen.
The plaintiffs are seeking statutory damages of $100 per day that data was stored without authorization or $10,000 per violation for each plaintiff. Because they can seek the greater of the two sums, the potential penalty could reach six figures if their data turns out to have been held since 2007.
An attorney representing the plaintiffs was not immediately available for comment.
Google's accidental data gathering has also brought attention from U.S. regulators. Representatives Joe Barton (R-Tex.) and Edward Markey (D-Mass.) wrote to the Federal Trade Commission last week to ask for an investigation into incident.
A Google spokesperson didn't immediately respond to a request to elaborate on the extent to which the company collected data traveling over WiFi networks in the U.S.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.