Data Harvesting at Google Not a Rogue Act, Report Finds

Google’s harvesting of e-mails, passwords and other sensitive personal information from unsuspecting households in the United States and around the world was neither a mistake nor the work of a rogue engineer, as the company long maintained, but a program that supervisors knew about, according to new details from the full text of a regulatory report.

The report, prepared by the Federal Communications Commission after a 17-month investigation of Google’s Street View project, was released, heavily redacted, two weeks ago. Although it found that Google had not violated any laws, the agency said Google had obstructed the inquiry and fined the company $25,000. On April 28, Google released a version of the report with only employees’ names redacted. The full version draws a portrait of a company where an engineer can easily embark on a project to gather personal e-mails and Web searches of potentially hundreds of millions of people as part of his or her unscheduled work time, and where privacy concerns are shrugged off. The so-called payload data was secretly collected between 2007 and 2010 as part of Street View, a project to photograph streetscapes over much of the civilized world. When the program was being designed, the report says, it included the following “to do” item: “Discuss privacy considerations with Product Counsel.” “That never occurred,” the report says.