You are here
Google’s FCC Title II Privacy Liability Nightmare
Submitted by Scott Cleland on Fri, 2015-02-06 11:10
The FCC’s official confirmation that it will reclassify wireline and wireless broadband as Title II “telecommunications,” and that it also will apply Title II “Section 222: Privacy of Customer Information” has sweeping, under-appreciated, and negative implications for Google Inc.
Google will certainly be captured by the new privacy regulations. Given its core business model of monetizing users’ information without their meaningful permission, and given its industry-worst privacy record and rampant Android security problems protecting users’ private information, Google will own more serious Section 222 privacy liabilities than any FCC captured entity -- by far.
The supreme irony here is that Google, the corporate entity most responsible for orchestrating Title II regulation of non-dominant competitive ISPs behind-the-scenes, is uniquely dominant in the collection, profiling and monetization of users’ “Customer Proprietary Network Information” (CPNI) that Title II regulates strictly.
In a nutshell, to date Google’s core advertising business has fallen outside of legacy pre-Internet privacy law, and now FCC Title II reclassification threatens to make much of what Google routinely does today, illegal going forward.
Section 222 privacy regulations may limit some experimental services of traditional ISPs on the margin, but they create franchise risk for Google, which has long assumed it could monetize sensitive CPNI data without disclosure, and with impunity.
Why will Google be captured by FCC Title II Section 222 privacy regulation?
Google Android, the nation’s most ubiquitous mobile operating system, routinely vacuums-up copious amounts of Section 222 covered CPNI. Google Fiber is a Google broadband service in Kansas, Texas and Utah today and shortly will be in Georgia, North Carolina and Tennessee. Google reportedly has plans in 2015 to become a MVNO wireless reseller of Sprint and T-Mobile. Google is a WiFi provider to Starbucks and many other entities. Google also is an FCC-approved database manager of White Spaces and WiFi spectral use optimization. In addition, Google has touted publicly its plans to facilitate broadband access in hard to reach areas with satellites, drones, balloons and Super WiFi mesh networks via Android.
Google also will be captured broadly by Section 222 because it routinely commingles all its collected CPNI from Android and Google Fiber with all its other collected data by design, for centralized efficiency and speed purposes, and for customer ad profiling purposes.
What is Title II Section 222 and why is it seriously problematic for Google?
Section 222 is the legacy customer privacy regulation of the 1934-1984 AT&T telephone monopoly that strictly protected the privacy of customer information. In 2014, Google has replaced legacy-AT&T as by far the most dominant entity in the collection of Americans’ CPNI private information, because Google offers the most complete and integrated set of digital communications services integrated with real-time, precision-network-location data and user-identifier information across devices for commercial advertising purposes, of any entity in America.
Section 222 will create for Google a legal “duty to protect the confidentiality of proprietary information” of “other telecommunications carriers, equipment manufacturers, and customers” which also includes resellers. Given the number of entities that have accused Google of stealing their proprietary information and property, or abusing their privacy without their legally meaningul permission, Section 222 opens the door to unexpected massive privacy lawsuits and liabilities for Google going forward.
Section 222 also could legally prohibit Google’s commercialization of the CPNI data that Android “receives or obtains” from an Android carrier partner. The law says: a “telecommunications carrier” [Google] “shall not use such [CPNI] information for its own marketing purposes.” This creates a new legal risk that a significant portion of Google’s advertising model may now be made illegal under Section 222.
Potentially most interesting and problematic for Google is that Section 222 was written to control legacy AT&T monopoly power over directories or what used to be the white and yellow pages of the phone book. Most don’t appreciate that Google’s search index has now become the de facto dominant phone book, directory, and map to Americans CPNI. The law also could capture and regulate “primary advertising classifications,” which are the modern day equivalent of Google’s advertising profiles of most Americans. How this is resolved will be critical to Google’s current, un-regulated, data-dependent, advertising model.
Overall it could be many years that this new huge business model uncertainty overhangs Google because the FCC must investigate, update and adjudicate how it will handle this Section 222 matter going forward, and because individuals, privacy groups and other entities will have an unpredictable role in how they petition the FCC or sue in court to compel Google to comply with its new Section 222 requirements.
Why can’t this Section 222 privacy regulation liability be dismissed?
First, the President and the FCC Chairman have repeatedly stated publicly that the FCC needs the “strongest possible” Title II rules. And the Administration has indicated that it soon will be introducing privacy legislation that will advance a consumer privacy Bill of Rights, that is expected to define “personal information” broadly to capture tech companies like Google and other Big Data companies use of consumer private information.
Second, one of the biggest parochial reasons for the FCC deciding to invoke Title II, and Section 222 in particular, is that it creates the opportunity for FCC to unilaterally become a consumer privacy protection equal to the FTC, and to burnish its consumer protection chops in an a politically popular manner.
Third, Google has the worst privacy abuse record of any company in the FCC’s universe – see their latest privacy abuse rap sheet here, and Android’s atrociously bad track record of protecting users’ private data – here.
Finally and possibly most importantly, Google has much under-appreciated massive wiretapping liabilities.
To set the stage on this very important point, let’s start with Google’s ignominious history with the FCC on the wiretapping issue.
In 2012 the FCC’s Enforcement Bureau ruled, and fined Google the maximum amount possible for "deliberately impeding and delaying" its Google Street View wiretapping investigation. Since Google did not fully cooperate or provide the requested information to the FCC, and since the key Google engineer in the case invoked his Fifth Amendment right to not incriminate himself, the FCC could not fully determine if Google violated wiretapping laws. Tellingly, Google's spokesperson publicly flouted the FCC’s official enforcement action by claiming: “We worked in good faith to answer the F.C.C.’s questions throughout the inquiry, and we’re pleased that they have concluded that we complied with the law.”
As I wrote previously in the Daily Caller on Google’s widespread wiretapping liabilities:
In June 2014, the U.S. Supreme Court (SCOTUS) “refused to hear Google’s appeal in “Google v. Joffe,” which declared Google Street View’s mass-collection of millions of homes’ unencrypted WiFi signals as illegal interceptions, or wiretaps, of private communications — not legal collection of public communications, as Google tried to argue.
This is a big decision — the court effectively rejected Google’s longstanding data-collection presumption that if communications are not encrypted and Google can technically, easily, or cheaply intercept them, then Google can deem them public instead of private.
Google’s routine records interception of communications from Google and non-Google users involving Gmail, YouTube, Android, etc. represents the company’s broad legal presumption of “implied consent.”
The seriousness here for Google is two-fold. The first discovery was in the Gmail class action case “Fread v. Google,” which exposed Google’s secret install of a “Content One Box” to intercept, read and analyze all emails prior to reception from 2010 to 2013, according to Bloomberg.
In the case Federal District Court Judge Lucy Koh ruled Google was not exempt from wiretap law, and that creating personal advertising profiles by reading people’s email is not an “ordinary course of business.” Koh went to say that “accepting Google’s theory of implied consent… would eviscerate the [wiretap] rule against interception.”
That means Google secretly, and without reasonable consent from users, intercepted three years of email communications from more than one hundred million Americans and just as many Europeans for commercial purposes.
It is very likely the largest illegal commercial wiretap in history.”
In sum, what is the big takeaway here for Google?
Simply, the FCC is opening Google’s privacy Pandora’s Box, by reclassifying the wireline and wireless Internet as Title II regulated, and choosing to use and enforce Section 222 powers to protect the “Privacy of Customer Information.”
Once invoked, neither the FCC nor Google can control how this new authority and creation of new privacy legal liabilities play out, because those injured can sue in Federal court for relief under the law if the FCC does not equally enforce the law, that it chose to apply to companies integrally involved in providing “telecommunications” like Google.
Simply, in reclassifying the wireline and wireless Internet as Title II “telecommunications” the FCC will be unleashing a complex and uncertain climate of uncertainty and privacy liability for Google and other Silicon Valley companies vertically integrating into the “telecommunications” space, like Amazon and its Kindle wireless reseller service.
And as Google gets dragged into this new privacy quagmire, expect it to do what it always does, to drag others, like Facebook and Amazon, down with it in the Title II Section 222 privacy regulation whirlpool, in hopes of minimizing the relative damage or increasing the chances of some kind of special treatment waiver or relief from Google’s Government allies.
In a word, the FCC and Administration have unwittingly put Google's advertising franchise and business model at serious risk long term with their unnecessary and unwarranted, dictate of the "strongest possible rules" under Title II for the Internet.
This is precisely the type of marketplace fiasco that can result from the government unilaterally dictating application of the most outdated law to the most modern part of the economy for the transparent political purposes of bypassing Congress and the courts to maximize federal Government regulatory power and control over the Internet.
Google’s Disrespect for Privacy Series
Part 1: Why Google is the Biggest Threat to Americans' Privacy; House Testimony [7-18-08]
Part 2: Google Book Settlement "absolutely silent on user privacy" [8-31-09]
Part 3: Yet more evidence of Google's hostility to privacy [9-4-09]
Part 4: Google's Schmidt: "Because we say so" on trusting Google's Privacy Dashboard [11-6-09]
Part 5: Fact Checking Google's New Privacy Principles [1-28-10]
Part 6: Google's Privacy "Buzz" Saw [2-11-10]
Part 7: Exposing Google's Systemic Privacy Vulnerabilities [5-15-10]
Part 8: What Private Information Google Collects -- A One-Page Fact Sheet [5-24-10]
Part 9: What else does Google secretly track? Top 10 questions for privacy investigators [6-2-10]
Part 10: Google's "Total Information Awareness" Power - A one-page graphic [6-4-10]
Part 11: Americans want online privacy -- per new Zogby poll [6-8-10]
Part 12: Why Privacy Is an Antitrust Issue & Why Google is its Poster Child [7-22-10]
Part 13: Google's Deep Tracking Inspection -- a privacy nightmare [8-31-10]
Part 14: Why is the FTC AWOL on Google Privacy? [10-27-10]
Part 15: Why Google's Privacy Controls are a Joke -- Lessons for FTC/FCC [11-11-10]
Part 16: Google's No Privacy by Design Business Model [3-17-11]
Part 17: FTC-Google Privacy Settlement Takeaways [3-31-11]
Part 18: Google vs Apple: How Business Models Drive Disrespect vs. Respect for Privacy [5-6-11]
Part 19: Big Brother Inc. -- My Huffington Post Op-ed on Google & Privacy [5-24-11]
Part 20: "G-Male:" a very funny new Google privacy satire [9-7-11]
Part 21: Where's the Market for Online Privacy? [1-31-12]
Part 22: Google's Latest Privacy Scandal Spin – A Satire [2-17-12]
Part 23: Google's Top 35 Privacy Scandals [2-22-12]
Part 24: Google's Privacy Excuse Algorithm Team - a Satire [3-16-12]
Part 25: Google's Privacy Rap Sheet [6-14-12]
Part 26: Why FTC's $22.5m Google Privacy-Fine is Faux Accountability [7-12-12]
Part 27: Google's Top Ten Anti-Privacy Quotes [10-15-12]
Part 28: The Unique Google Privacy Problem -- Korean Privacy Council in Seoul [10-25-12]
Part 29: Google's Privacy Words vs. Google's Anti-Privacy Deeds [3-8-13]
Part 30: Google’s Privacy Rap Sheet: Fact-Checking Google’s Claims on Privacy [3-13-13]
Part 31: Google’s Creepy Glass-arazzi? [3-14-13]
Part 32: Six EU nations Revolt over Google’s Virtual Colonialization of their Private Data [4-5-13]
Part 33: Big Brother Inc. – a One-page Graphic [6-10-13]
Part 34: Google Spy [7-8-13]
Part 35: Google’s SpyGlass – Google’s Big Rest-of-World Trust Problem [9-9-13]
Part 36: Video: Why Google’s WiSpy Wiretapping is Now Class Action Catnip [9-16-13]
Part 37: Are Google Glass’ Recordings Illegal Wiretapping Too? [12-9-13]
Part 38: Google’s Empty Privacy Promises for Nest, Contacts, etc. [1-20-14]
Part 39: Widespread Wiretapping Could Have Snowden-esque Repercussions [3-20-14]
Part 40: Google’s Glass House [4-14-14]
Part 41: Google Apps for Education Dangers -- Letter to School Administrators/Parents [5-17-14]
Part 42: Google’s Privacy Rap Sheet, Dominance & Duplicity Not to Be Forgotten [6-20-14]
Part 43: Dropcam Key to Google’s New Ubiquitous Physical Surveillance Network [6-24-14]
Part 44: Google’s Right to Be Forgotten Hypocrisy [7-14-14]
Part 45: Six Ways the FTC is AWOL on Google [7-16-14]
Part 46: Supreme Court & EU Expose Google’s Massive Privacy Liabilities [7-31-14]
Part 47: Google’s WorldWideWatch over the WorldWideWeb [9-14]
Part 48: Google: We Will Track You – a Satire [12-19-14]
Part 49: Breaking Privacy Promises is How Google Works - New Student Privacy Pledge [1-22-15]