SAN FRANCISCO (AP) — Google will pay a $7 million fine to settle a multistate investigation into a snoopy software program that enabled the Internet search leader to intercept emails, passwords and other sensitive information sent several years ago over unprotected wireless networks in neighborhoods across the world.
The agreement announced Tuesday covers 38 states and the District of Columbia, part of the area where households and local merchants unwittingly had some of their communications on Wi-Fi networks snatched by Google Inc. from early 2008 until the spring 0f 2010.
Google stopped the data collection in May 2010, shortly before the company revealed cars taking street-level photos for its online mapping service also had been grabbing information transmitted over Wi-Fi networks that had been set up in homes and businesses without requiring a password to gain access.
The company blamed the intrusion on a rogue engineer who rigged a data-collection program into equipment that was supposed to only detect basic information about local Wi-Fi networks to help plot the locations of people using its mapping service and other products.
After concluding its own investigation, the Federal Communications Commission last year asserted that some of Google’s managers knew about the engineer’s plan to vacuum information being transmitted over the Wi-Fi networks.
Google hasn’t identified the engineer who set up the data-collection program.
The surveillance triggered outrage among privacy watchdogs and government investigations in more than a dozen countries. The backlash so far has been more of a public relations blow than a financial setback for Google, which has embraced “Don’t Be Evil” as its corporate motto.
Even as it repeatedly apologized for a breach of online etiquette, Google insisted that it didn’t break any laws in the U.S. The company is maintaining that position in the multistate investigation by entering into a settlement that doesn’t include any admission of wrongdoing.
Google, based in Mountain View, Calif., released another contrite statement Tuesday.
“We work hard to get privacy right at Google,” the company said. “But in this case we didn’t, which is why we quickly tightened up our systems to address the issue.”
The multistate agreement requires Google to destroy the personal data that it collected from the Wi-FI networks, unless a lawsuit or other legal action requires the information to be preserved. A series of class-action lawsuits are still being appealed in San Francisco federal court.
Google says it never looked at the data, although regulators in other countries have reviewed the information as part of their investigations. Canadian regulators said Google had obtained the full names, telephone numbers and address of some people using the unprotected Wi-Fi networks.
The $7 million fine that Google is paying the states and District of Columbia is the biggest U.S. penalty imposed on Google so far for Wi-Fi spying. It amounts to a speck on Google’s financial statement. The company brings in an average of $7 million per hour, based on its projected revenue of $61 billion this year.
The FCC also fined Google $25,000 last year for obstructing its investigation into the Wi-Fi spying.