Google Collected Wi-Fi Data For Years In Street View Missions: Oops

Google Collected Wi-Fi Data For Years In Street View Missions: Oops

Friday, May 14, 2010 - by Ray Willington
Oh boy, this won't go over well. Just as the weekend was getting set to kick into high gear, Google dropped one more bombshell for the news crowd to hop on. The company, which has seen lots of criticism lately over botched privacy efforts (most recently involving Google Buzz's auto-add friend feature), is about to be blasted once more after admitting that they actually cataloged Wi-Fi data while collecting information via Google Street View cars.


All of this started nine days ago, when the data protection authority (DPA) in Hamburg, Germany asked to audit the Wi-Fi data that the company's Street View vehicles were collecting; Street View is an awesome feature of Google Maps where you can actually see what the street looks like around a given address, and while driving cars around collecting images, Google was also tapping into Wi-Fi. Nothing wrong there, but here's where it gets sticky. Back in April, the company stated that they didn't "collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars," and they did not collect payload data (information sent over the network). That has now been proven untrue.

In a post today from the company, they confessed to mistakenly collecting samples of payload data from open (non-password protection) Wi-Fi networks, though that information was never used in any Google product. Still, when a company is this large, these kind of mistakes raise red flags, and Google is coming clean in order to hopefully make the bleeding less intense. They state that this was all "quite simply, a mistake," and as soon as they became aware of the issue they grounded the Street View cars and segregated the data on our network. This seems like a sensible way of handling it, but the company is going to far as to stop collecting Wi-Fi data entirely. Hopefully consumer use won't suffer because of this, but here's the company's final bullet points on the matter:

Maintaining people’s trust is crucial to everything we do, and in this case we fell short. So we will be:
  • Asking a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that we deleted the data appropriately; and
  • Internally reviewing our procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future.
In addition, given the concerns raised, we have decided that it’s best to stop our Street View cars collecting WiFi network data entirely.

This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today. Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search. For other services users can check that pages are encrypted by looking to see whether the URL begins with “https”, rather than just “http”; browsers will generally show a lock icon when the connection is secure. For more information about how to password-protect your network, read this.

The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake.
Via: Google Blogspot | News Archive | Tags: WiFi, Google, security, Internet, Privacy, Street View
View forum thread
Comments
0
 + -
By Inspector on May 14, 2010

YA if only it was a MISTAKE... :D

0
 + -
By 3vi1 on May 14, 2010

If you run open wifi, how concerned can you really be about security and privacy of data?

0
 + -
By rapid1 on May 14, 2010

That would be true if almost (probably 75% or more) consumers did not run unprotected networks setup as defaults. Of course there so smart they don't know anyone with rudimentary WIFI knowledge could hack into there router in 5 minutes if that, and into there computer in probably 15.

0
 + -
By Super Dave on May 14, 2010

News:
they confessed to mistakenly collecting samples of payload data from open (non-password protection) Wi-Fi networks

I'm not exactly sure what this means, but did they actually have to connect to the non-secured network to collect their payload data? Was this 'mistake' confined to Germany, or did Google pull the same stunt here in the US?

0
 + -
By Marius Malek on May 15, 2010

I don't understand what kind of effect this has. Unless people are afraid that google was secretly trying to take over the world without anyone noticing.

0
 + -
By jm0069 on May 15, 2010

Doubtful it was an accident heh.. people don't "catalog" broadcasted ssid's/wap information by accident. It may have been seen by accident, but I'm a bit confused as to how this was databased by "accident".

0
 + -
By realneil on May 15, 2010

People who don't secure their network deserve what they get.

I have a little gizmo that tells me when a signal is present and if it is locked or not. So I "could" drive around in neighborhoods and surf the web anytime I wanted to.

I have really nice 10Mbps access at home though.

0
 + -
By ClemSnide on May 16, 2010

The thing is, (1) not everyone knows how to enable security features. I know, the default technogeek answer is that they deserve what they get, but that's as wrong as saying that someone who doesn't lock their door deserves to be robbed. Or that someone who works a night shift and walks to the workplace deserves to be mugged.

And (2), sometimes it's impossible. If all of our devices were of the latest vintage, we'd be OK. But most of us drive a mixture of old and new devices. My old Linksys router doesn't allow the encryption that comes on my iPod Touch. (I've tried, kids. It just doesn't.) The closest I could come is MAC address filtering, which it does in a tremendously flaky manner that I'm not sure actually works.

Slot A, meet tab B. I really wish you two could be friends.

Login or Register to Comment
Post a Comment
Username:   Password: