Marius Milner, who created the code that enabled Street View vehicles to capture personal data from WiFi networks, has worked at the company since 2003.
The Google engineer behind the software code used to collect wireless network data and personal information in connection with the company’s Street View program has been identified as a software maker who has been with the search engine giant since 2003.
The New York Times, quoting an anonymous former investigator for a state that was doing its own probe of Google’s Street View program, reported April 30 that Marius Milner was the “Engineer Doe” mentioned in the Federal Communications Commission’s (FCC) report on its investigation, and the person Google laid the blame on for the Street View vehicles collecting personal data from millions of people in dozens of countries.
In his LinkedIn profile, Milner said he has been a software engineer with Google since 2003 and with Google-owned YouTube since 2008. He also created software called NetStumbler, which is designed to detect WiFi networks and collect information on them, including their signal strength and whether they’re secure. He wrote that NetStumbler is the “world’s first usable ‘Wardriving’ application for Windows” and that it is now a “de facto wireless security tool used by hundreds of thousands of people.”
Wardriving refers to the practice of driving around looking for WiFi networks.
Before arriving at Google, Milner also worked for Avaya and Lucent Technologies.
Google’s Street View program has come under scrutiny both in the United States and in Europe after it was learned that between 2007 and 2010, the program’s vehicles had collected personal data—such as passwords, emails, text messages and users’ Internet usage histories—along with other WiFi information. In its April 13 report, the FCC said that the Street View vehicles had collected more than 200GB of such “payload data.”
The data on the WiFi networks was being used to help Google create better location-based services, company officials have said. Street View is a program designed to take photos of streets throughout the world and make them available online.
However, Google officials initially denied that payload data had been collected, as well. They later admitted that the Street View cars had collected such personal information, and laid the blame at the feet of a rogue engineer that they said put that capability into the software on his own accord. Neither Google nor the FCC would name the engineer, who was referred to as “Engineer Doe” in the commission’s report.
But the agency noted in the report that Engineer Doe had at least twice told colleagues—including a supervising manager in the Street View program—that this payload data was being collected, contradicting Google officials’ earlier statements.
In their report, FCC officials said they couldn’t determine whether Google had violated any laws, but said that Google had impeded the investigation by not fully cooperating and fined the company $25,000. The commissioners also said it would be difficult to get the full story about what happened because Engineer Doe asserted his Fifth Amendment rights against self-incrimination and declined to answer investigators’ questions.
Google officials denied hampering the FCC’s investigation, but said they would not dispute the fine. Some in the tech industry scoffed at the size of the fine, considering the billions that Google rakes in every quarter.
“It has to be said, considering the privacy storm that came out of the Street View data breach, Google has got away remarkably lightly,” Graham Cluley, senior technology consultant at security software company Sophos, said in an April 30 post on the company’s blog. “For a company of Google's size, a $25,000 fine is going to feel like a minor slap on the wrist.”
In a letter April 30, John Simpson, privacy project director for the advocacy group Consumer Watchdog, urged Sen. Al Franken (D-Minn.), chairman of the Senate Judiciary Committee Subcommittee on Privacy, Technology and the Law, to conduct hearings into “the Google Wi-Spy incident that will finally get to the bottom of what was the largest wiretapping effort in history.”
Simpson urged Franken to grant Engineer Doe immunity from prosecution so that he can testify and to call Google CEO Larry Page to testify.
Simpson disagreed with Google’s view that the FCC’s report exonerated the company from any wrongdoing, noting that the engineer did not testify and adding that questions about the data collecting remain.
“The FCC order shows a troubling a portrait of a company where an engineer could run wild with software code that violates the privacy of tens of millions people worldwide, but the corporate culture of ‘Engineers First’ prevented corporate counsel or other engineers from stopping the privacy violations,” he wrote.
Several European countries have determined that Google’s Street View program violated their privacy laws.
