We now know much more about the Google Street View WiFi story, thanks to Google’s decision to release an unredacted version of the FCC report, to the New York Times’s identification of the Google employee involved as Marius Milner, and to further reporting from Ars Technica. The picture it paints is in some respects more flattering to Google, and in some respects worse.
Milner is the creator of NetStumbler, a tool for detecting and analyzing WiFi access points. It makes sense in hindsight that he ended up using his 20% time for the part of the Street View project that aimed to build a database of WiFi networks. And it turns out that he thought about the ethics and legality of recording payload data. He appears to have read some law-review scholarship on wardriving. He considered potential privacy issues, and concluded that the mobility of the Street View cars would minimize the risk of extensive data-gathering from any one user. Further, he emphasized that none of the data would be shared with Google users.
This is, I have to say, above the baseline of ethical cognition for programmers. Looking to legal scholarship at all is quite unusual. In fact, Milner’s thoughtfulness strikes me as roughly par for the course for front-line Google technologists. It’s a company that hires reasonably thoughtful people and encourages them to think about the implications of what they do for society, both good and bad.
But if Google is a company of smart, reflective, and well-intended individuals, collectively they make bad choices. Milner put his privacy concerns and the details of the WiFi payload recording in a design document. The document included a “to do”: “[D]iscuss privacy considerations with Product Counsel.” He talked to a member of the search quality team about the idea; he circulated the design document together with his code to Street View’s project leaders, who forwarded it to the entire Street View team. And he exchanged emails with other Street View programmers and managers that made clear Google was collecting payload data. But nothing happened. For fifteen months, Google Street View cars sucked up and recorded WiFi payload data.
As I said in an earlier post:
When it comes to privacy, this is a company out of control. Google’s management is literally not in control of the company.
Google’s Street View managers failed badly at their jobs. One of them “pre-approved” the design document before it was written, demonstrating complete failure to understand the purpose of managerial review. No one followed up to make sure the discussion with Product Counsel actually happened. Other engineers read the design document and Milner’s code, but either missed the fact that it was collecting payload data or didn’t realize that this could be a potential issue. Again, this is a failure of management: it’s an important part of their job to make programmers aware of the possible legal trouble zones in the areas they’re working on.
Milner has invoked the Fifth and isn’t talking to reporters. He made a mistake, but he’s not a legal expert and it’s a bit unfair to expect him to be. No, his managers let him—and the rest of us—down.