Watchdog: US Congresspeople Were Slurped (Maybe)
The Australian Privacy Commissioner has ruled that Google ran afoul
of the country’s privacy laws when its Street View cars collected
personal data from open Wi-Fi networks.
"On the information available I am satisfied that any collection of
personal information would have breached the Australian Privacy Act,"
said Privacy Commission Karen Curtis in a statement [1].
"Collecting personal information in these circumstances is a very
serious matter. Australians should reasonably expect that private
communications remain private."
Under the Privacy Act, Curtis is unable to sanction a company when
she initiates an investigation. But she ruled that Google must publicly
apologize, conduct "privacy impact assessments" of any new Street View
data collection in Australia that includes personal information, and
regularly consult with her about "personal data collection activities
arising from significant product launches" in Australia.
"My role is to work with the organisation to ensure ongoing
compliance and best privacy practice," Curtis said. Google must follow
Curtis’ directives for three years.
Google duly apologized on its Australian
blog [2]. "We have been working with the Privacy Commissioner to
support her investigation into what happened. We welcome today’s
conclusion of this investigation, and as a result we have committed to
working even more closely with them going forward on the privacy
implications of our product launches," the company said.
"We want to reiterate to Australians that this was a mistake for
which we are sincerely sorry. Maintaining people’s trust is crucial to
everything we do and we have to earn that trust every single day. We are
acutely aware that we failed badly here."
The Australian Federal Police have launched a separate investigation
into Google’s Wi-Fi data collection. And since this and other
investigations may still be ongoing, Curtis said she would not comment
in more detail.
In May, with a blog post, Google said [3]
that its world-roving Street View cars had been collecting payload data
from unencrypted Wi-Fi network, contradicting previous assurances by
the company. The post said that the data was collected by "mistake" and
that the data has not been used in any Google products, and the company
grounded its Street View fleet.
A month before, in response to a complaint from the German privacy
commissioner, a Google blog post said that in scanning Wi-Fi networks
its Street View cars were collecting only the SSIDs that identify the
networks and MAC addresses that identify particular network hardware,
including routers. Google uses this data in products that rely on
location data, such as Google Maps.
Google has said it collected payload data in 30 separate countries,
and though investigations are still underway in many, the company
announced on Friday that after speaking to regulators, it is sending its
Street View Cars back on the road in Ireland, Norway, South Africa, and
Sweden. This cars will resume their 360 degree picture taking next
week, but they will no longer collect any Wi-Fi information.
In an effort to spur a Congressional investigation in the States, the
consumer watchdog known as Consumer Watchdog has retraced Street View’s
past Washington D.C. routes and found that various members of Congress
have open Wi-Fi networks whose data may have been lifted by the Google
cars. The watchdog wrote a letter to Representative Jane Harman, chair
of the Homeland Security Subcommittee on Intelligence, Information
Sharing and Terrorism Risk Assessment and a former ranking member of the
Intelligence Committee, telling her that Google may have lifted her
personal info.
"We write to warn you that with commonplace technologies, the
Internet and email activity at the homes of Members of Congress can
easily be spied upon," the letter reads. "We are sure of this because
Google recently admitted it has collected large quantities of internet
data from houses all over the United States. One of these houses may
have been yours."
"We know this because we recently performed a simulation of Google’s
operation and sent ‘packet sniffers’ to the neighborhoods of several
Members. In several locations, we found unencrypted networks, including
at least one that we are certain belongs to your residence in
Washington, DC."
Previously, some members of Congress called on Google to further
explain its actions, but there has been no official hearing.
It’s also rather amusing that the chair of the Homeland Security
Subcommittee on Intelligence, Information Sharing and Terrorism Risk
Assessment and a former ranking member of the Intelligence Committee
doesn’t encrypt her Wi-Fi network.
