For the past four years, Google has been
reaching into unprotected Wi-Fi networks in homes and businesses in
more than 30 countries and retaining data about people’s online
activities, a practice that the company said Friday was inadvertent and
has been stopped.
Mountain View-based Google said it discovered it was collecting the
data after a request nine days ago from authorities in Hamburg,
Germany, to review Wi-Fi data collected by its Street View cars, which
provide detailed street-level photo imaging used in Google Maps.
Google said it had accumulated about 600 gigabytes of data — roughly
equivalent to 300 million printed pages — transmitted over public
Wi-Fi networks. But the company said none of that data was ever
accessible to anyone outside the company, nor used in any Google
product. Google did not collect any user content from password-protected
“The engineering team at Google works hard to earn your trust — and
we are acutely aware that we failed badly here,” Alan Eustace, Google’s
senior vice president for engineering and research, wrote in a posting
to Google’s office blog Friday afternoon. “We are profoundly sorry for
this error and are determined to learn all the lessons we can from our
Google said the data collection was the result of a piece of
computer code written by a single engineer in an experimental Wi-Fi
program in 2006 that was inadvertently used for the Street View
program. The company collects data on Wi-Fi networks for the principal
purpose of providing locational information to geographic services such
as Google Maps.Google said it would delete the data as quickly as
possible, and promised to enlist an independent “third party” — perhaps
a government agency or other independent group — to review the
circumstances behind the breach. But the admission provoked concerns
from some privacy advocates.
“Here they are just out and out snooping in neighborhoods and spying
on people,” said John Simpson of Consumer Watchdog, a frequent Google
critic who questioned whether Google violated wiretapping laws.
“This is still under internal investigation, but leaving aside the
legality of the issues involved, this was a mistake,” Gabriel Stricker,
a Google spokesman, said in an e-mail. “As soon as we uncovered our
error, we grounded our Street View cars and segregated the data on our
network, which we then disconnected to make it inaccessible.”
Other experts said that the unique Wi-Fi network identifying code
that Google also said it was collecting from all Wi-Fi networks —
called a MAC address — could be a privacy issue as well.
“With a database of MAC addresses, you can tie communications back
to a certain location and in the process make anonymity on the Web
harder and harder to achieve,” said Chris Hoofnagle, a privacy expert
at the UC Berkeley law school.