Google has admitted that for the
past three years it has wrongly collected information people have sent
over unencrypted wi-fi networks.
(Click
here to view news broadcast segment on BBC News.)
The issue came to light after German authorities asked to audit the
data the company’s Street View cars gathered as they took photos viewed
on Google maps.
Google said during a review it found it had “been mistakenly
collecting samples of payload data from open networks”.
The admission will increase concerns about potential privacy
breaches.
These snippets could include parts of an email, text or photograph
or even the website someone may be viewing.
In a blogpost Google said as soon as it became aware of the problem
it grounded its Street View cars from collecting wi-fi information and
segregated the data on its network.
It is now asking for a third party to review the software that
caused the problem and examine precisely what data had been gathered.
“Maintaining people’s trust is crucial to everything we do, and in
this case we fell short,” wrote Alan Eustace, senior vice president of
engineering and research.
“The engineering team at Google works hard to earn your trust – and
we are acutely aware that we failed badly here.”
‘Pushing the envelope’
Google said the problem dated back to 2006 when “an engineer working
on an experimental wi-fi project wrote a piece of code that sampled
all categories of publicly broadcast wi-fi data”.
That code was included in the software the Street View cars used and
“quite simply, it was a mistake”, said Mr Eustace.
“This incident highlights just how publicly accessible, open,
non-password protected wi-fi networks are today.”
Dan Kaminsky, director of penetration testing for security firm
Ioactive, said there was no intent by Google.
“This information was leaking out and they picked it up. If you are
going to broadcast your email on an open wi-fi, don’t be surprised if
someone picks it up.”
John Simpson, from the Consumer Watchdog, told the BBC: “The problem
is [Google] have a bunch of engineers who push the envelope and gather
as much information as they can and don’t think about the
ramifications of that.”
Dr Ian Brown, an expert on privacy and cyber security at the Oxford
Internet Institute, told BBC News the wi-fi data collection was part of
an idea to accurately map a user’s location on Google Map and Street
View.
“The idea was to use to the different signals and strengths from
wi-fi and phones to position a users – think of it as a sort of GPS.
“However, there are concerns in many countries that Google has
broken numerous data protection and privacy laws by collecting this data
and I expect a clutch of lawsuits to follow,” he said.
