Why-Spy? an Analysis of Privacy and Geolocation in the Wake of the 2010 Google "Wi-Spy" Controversy
Chow, Raymond, Rutgers Computer & Technology Law Journal
INTRODUCTION I. GEOLOCATION METHODOLOGIES A. INTERNET PROTOCOL ADDRESS MAPPING. B. CELLULAR PHONE SIGNAL TRIANGULATION C. WI-FI MAC ADDRESS MAPPING II. PRIVACY IMPLICATIONS. A. ON THE NATURE OF MAC ADDRESSES B. CELL PHONES AS HOTSPOTS III. THE 2010 GOOGLE SCANDAL. A. OVERVIEW B. GOOGLE'S RESPONSE. 1. SHIFT TO SMARTPHONE DATA COLLECTION. 2. OPTING OUT OF THE GEOLOCATION D AT ABAS C. DOMESTIC RESPONSE. 1. FEDERAL TRADE COMMISSION ACTION 2. FEDERAL COMMUNICATIONS COMMISSION ACTION 3. DEPARTMENT OF JUSTICE ACTION. 4. PROPOSED LEGISLATION. 5. STATE ACTIONS 6. CIVIL ACTIONS. VI. DOMESTIC STATUTORY ANALYSIS SCANDAL A. 18 U.S.C.A. [section] 2511 - FEDERAL WIRETAP ACT. 1. INTENTIONAL INTERCEPT 2. PUBLIC BROADCAST EXCEPTION 3. INTENTIONAL USE /DISCLOSURE V. INTERNATIONAL RESPONSE A.FRANCE. 1. DECLARATION 2. TRANSFER TO FOREIGN COUNTRIES. 3. DATA COLLECTION PRO VISIONS. 4. APPLICATION OF THE FDP ACT TO GOOGLE. VI. ADVOCACY A. FEDERAL PRIVACY LEGISLATION B. FEDERAL SUPERVISING BODY WITH SANCTION POWERS. C. MANDATORY DECLARATION & REVIEW. CONCLUSION
Google's reputation was marred in 2010 when it found itself in the middle of what has been called the "Wi-Spy" incident. Google's Street View service gathered street-level imagery visible to the general public on Google Maps by roaming the streets with omni-directional cameras mounted on their cars. (1) Sometime after the service was launched, Google upgraded the cars to include a wireless signal detector, which would record the Media Access Control Address (MAC address) (2) along with other data, make a note of the car's current global positioning system (GPS) location, and correlate the two in a massive database. (3) This geolocation database was then made available to the public; an individual's cell phone or other mobile device would query the database with a list of visible nearby networks, and Google's system would return a fairly accurate geolocation. (4) This system was brought to public attention upon discovery that the data collection was more extensive than first thought: Google had inadvertently captured significant amounts of payload data, including passwords and sensitive personal data. (5)
Most geolocation-related legal commentary focuses on the relationship between client and third party, e.g., the developer of an application using a user's geolocation to target advertising, or otherwise track that user. (6) Instead, this Note focuses on the legality of the relationship between location provider, client, and source data. In other words, this Note focuses on how a device gets its location from a private location provider and how that provider obtained its database, not what applications do with the location information once a device obtains it.
This Note will examine domestic and international responses to the 2010 Google incident, as an entry point into analyzing respective legislative treatments of privacy, as applied to emergent geolocation technologies. The purpose of this Note is to identify portions of international laws that are more effective than our domestic counterparts at balancing the privacy interests of individuals with the value of those technologies, and advocate for their adoption.
Part I will introduce the various types of geolocation methodologies currently in use and explain how Wi-Fi MAC address mapping (the method used by Google) works. Part II will hypothesize on the theoretical privacy implications that can arise with Wi-Fi MAC address mapping and apply common-law notions of invasion of privacy to demonstrate their inapplicability. Part III will describe the 2010 Google scandal, outline Google's response, and examine domestic reactions. Part IV will analyze the relevant domestic federal statutory provisions that could provide protections for citizens within the context of the Google scandal. …