FTC Ends Investigation of Google WiFi Intercepts

October 27, 2010. The Federal Trade Commission (FTC) sent a letter [2 pages in PDF] to Google regarding its investigation into Google's interception of wireless communications. The FTC wrote that "we are ending our inquiry into this matter at this time".

The FTC wrote that Google was "collecting some ``"payload´´ data contents of communications sent over unsecured wireless networks".

The FTC rationalized its decision: "we note that Google has recently announced improvements to its internal processes to address some of the concerns raised above, including appointing a director of privacy for engineering and product management; adding core privacy training for key employees; and incorporating a formal privacy review process into the design phases of new initiatives. The company also publicly stated its intention to delete the inadvertently collected payload data as soon as possible. Further, Google has made assurances to the FTC that the company has not used and will not use any of the payload data collected in any Google product or service, now or in the future. This assurance is critical to mitigate the potential harm to consumers from the collection of payload data." (Footnotes omitted.)

This letter contains no legal analysis, and no reference to statutory sections. The FTC enforces no general privacy statute. It does, however, have broad civil authority, under Section 5 of the Federal Trade Commission Act (FTCA), which is codified at 15 U.S.C. § 45, to regulate unfair and deceptive trade practices. It has relied upon this section in many actions involving business's privacy related practices.

It does not have authority to bring criminal prosecutions under 18 U.S.C. § 2511, which prohibits interception of electronic communications. This section provides that "any person who ... intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be punished".

Also, 18 U.S.C. § 2520 provides a private right of action. Class action complaints alleging violation of Section 2511 have been consolidated in the U.S. District Court (NDCal).

Marc Rotenberg, head of the Electronic Privacy Information Center (EPIC), told TLJ on October 25 that in addition to investigations by data protection and judicial officials outside of the U.S., "the Connecticut State Attorney General, Richard Blumenthal, also pursued a series of investigations, in coordination with 36 other state attorney generals".

Rotenberg continued "this is a very important case, and it goes to the privacy of internet users, the integrity of the communication networks, and the need to ensure clear standards to ensure privacy and security for wireless access".

He argued that "many of these investigations need to go forward".

He concluded that "we are very concerned, however, that neither the Federal Trade Commission nor the Federal Communications Commission seem to show much interest in this, even after members of Congress wrote to them and asked them to investigate the matter. They simply sat on their hands, and I don't think they came out of this looking particularly well."

John Simpson, of Consumer Watchdog, stated in a release that "Once again, Google, with its myriad of government connections, gets a free pass".

He continued that "the public deserved a full report about Google's abuses from the FTC's Bureau of Consumer Protection. Instead, the company announced a few steps that are little more than window dressing and the FTC caves in with a woefully inadequate two-page letter."

Simpson added that "It appears likely that the only way the American public will get to the bottom of the extent of Google’s Wi-Spying activities is through civil litigation or the state attorneys general investigation".