The Guardian newspaper reported yesterday that “Google has been accidentally gathering extracts of personal web activity from domestic wifi networks through the Street View cars it has used since 2007”.
Can anyone really believe that Google did this by accident? The ‘discovery’ was made because Germany’s data protection authority demanded an audit of Google’s data. As the Guardian report continued “As well as systematically photographing streets and gathering 3D images of cities and towns around the world, Google’s Street View cars are fitted with antennas that scan local wifi networks and use the data for its location services”.
This is a clear invasion of privacy, and is absolutely typical of Google’s cavalier attitude towards the ways in which ICTs have transformed our approaches to what can be deemed ‘public’ and ‘private’ information.
Google’s blog on the 14th May, included a statement by Alan Eustace, Senior VP, Engineering & Research who commented that “Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect. In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products”.
Google went on to say that this was quite simply a mistake: “So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data”.
The point is that mistakes do happen; no digital system is entirely secure. This is one of the reasons why they should not be collecting such data in the first place! If they make mistakes such as this, how can anyone believe them when they say that they are not using the data? They use all other data that they collect, such as information from searches on Google, and the e-mails people send using Google mail!
Eustace concluded by saying what Google would do about this incident: “Maintaining people’s trust is crucial to everything we do, and in this case we fell short. So we will be:
- Asking a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that we deleted the data appropriately; and
- Internally reviewing our procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future…
The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake”.
Google have not had my trust for a very long time. Yes, they have a great search engine – but they should stick to that, and stop “ogling” at us in other ways!
It is also a timely reminder for those who do not protect their WiFi networks, that they should indeed do so with robust passwords!
Other reports on this announcement include: