Google prosecution pursued by privacy group
An accusation that Google's collection of Wi-Fi data showed criminal intent may not be correct, according to legal experts.
The accusation was made by leading privacy group Privacy International (PI) on Wednesday. The group said that Google's sorting and storage of Wi-Fi data to hard disk as part of its Street View operation put the company at risk of prosecution.
Cars sent out by Google to take photographs for its maps application also harvested samples of people's network communications in a range of countries, including the UK. New Zealand and Australian police forces, as well as Canada and Germany's privacy watchdogs, have launched investigations into whether the company breached any laws or guidelines.
In response to the growing pressure, Google asked technical services firm Stroz Friedberg to perform a code audit of the executable in Google's cars. According to PI, this audit showed that the sorting and storage of data was deliberate.
"This [audit] establishes that Google did, beyond reasonable doubt, have intent to systematically intercept and record the content of communications and thus places the company at risk of criminal prosecution in almost all the 30 jurisdictions in which the system was used," PI said in a statement.
However, PI's claim that Google intended to collect the data was called into doubt on Thursday.
Rosemary Jay, a partner at Pinsent Masons solicitors, told ZDNet UK on Thursday that Google's possession and use of the code did not necessarily mean that it intended to use the code. "You can't say that because Google had the code, that they intended to use it," said Jay.
Google said on Thursday that the collection of data was a mistake arising from a failure of communication both between and within its teams. The company added that it had unintentionally collected and stored data from unencrypted networks.
"The report we published yesterday confirms that Google did indeed collect and store payload data from unencrypted Wi-Fi networks, but not from networks that were encrypted," said a Google statement. "We are continuing to work with the relevant authorities to respond to their questions and concerns."
PI director Simon Davies told ZDNet UK on Thursday that the organisation planned to make a complaint to the Metropolitan Police, to be presented at New Scotland Yard early next week. The group is also discussing options with lawyers on how best to proceed with its legal complaint, said Davies.
"We've had in mind for some time whether to interpret the interception as a breach of Ripa [the Regulation of Investigatory Powers Act] as intent has to be shown," said Davies. "[The audit shows that] not only was bespoke code written to archive the intercepted data, but only encrypted data was discarded — Google could have discarded it all."
The Regulation of Investigatory Powers Act prohibits interception of communications unless by authorised authorities.
The Information Commissioner's Office said in May that there was no reason for the harvested data to be kept by Google. However, following the retraction of requests to delete the data by several countries, Google kept the remainder that had not been deleted, including that of the UK.