Googles public version of events of how it came to secretly intercept Americans data sent on unencrypted Wi-Fi routers over a two-year period doesnt quite mesh with what the search giant told federal regulators.

And if Google had its way, the public would have never learned the software on Googles Street View mapping cars was intended to collect payload data from open Wi-Fi networks.

A Federal Communications Commission document disclosed Saturday showed for the first time that the software in Googles Street View mapping cars was intended to collect Wi-Fi payload data, and that engineers had even transferred the data to an Oregon Storage facility. Google tried to keep that and other damning aspects of the Street View debacle from public review, the FCC said.

Google accompanied its responses to the FCC inquiry with a very broad request for confidential treatment of the information it submitted, the FCC said, in a letter to Google, saying it would remove most of the redaction from the FCCs public report and other documents surrounding the debacle.

The FCC document unveiled Saturday is an unredacted version of an FCC finding, which was published last month with dozens of lines blacked out. The report said that Google could not be held liable for wiretapping, despite a federal judge holding otherwise.

The unredacted FCC report refers to a Google design document written by an engineer who crafted the Street View software to collect so-called payload data, which includes telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files sent over open Wi-Fi networks.

The engineer is referred to as Engineer Doe in the report, though he was identified on Sunday as Marius Milner, a well-known figure in the Wi-Fi hacking community. The document says the software Milner used collected 200 gigabytes of data via Street View cars between 2008 and 2010:

The design document showed that, in addition to collecting data that Google could use to map the location of wireless access points, Engineer Doe intended to collect, store, and analyze payload data from unencrypted Wi-Fi networks. The design document notes that [w]ardriving can be used in a number of ways, including to observe typical Wi-Fi usage snapshots. In a discussion of Privacy Considerations, the design document states, A typical concern might be that we are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing. That statement plainly refers to the collection of payload data because MAC addresses, SSIDs, signal-strength measurements. and other information used to map the location of wireless access points would reveal nothing about what end users were doing. Engineer Doe evidently intended to capture the content of Wi-Fi communications transmitted when Street View cars were in the vicinity, such as e-mail, and text messages sent to or from wireless access points. Engineer Doe identified privacy as an issue but concluded that it was not a significant concern because the Street View cars would not be in proximity to any given user for an extended period of time, and [n]one of the data gathered [would] be presented to end users of [Google's] services in raw form. Nevertheless, the design document listed as a to do item, [D]iscuss privacy considerations with Product Counsel. That never occurred. The design document also states that the Wi-Fi data Google gathered be analyzed offline for use in other initiatives, and that [analysis of the gathered data [was] a non goal (though it [would] happen.

The majority of those words were originally blacked out at Googles request, but the commission subsequently concluded, after the report was filed, that much of it should be made publicly available because Disclosure of this information may cause commercial embarrassment, but that is not a basis for requesting confidential treatment.

Rewind to May 2010, when Google announced the Street View debacle:

Read the rest here:
An Intentional Mistake: The Anatomy of Google’s Wi-Fi Sniffing Debacle