CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 15th, 2010

Google Street View Collected Personal Data From WiFi Networks

Google has said that its world-roving Street View cars have been collecting information sent over open WiFi networks, contradicting previous assurances by the company. This means that Google may have collected emails and other private information if they traveled over WiFi networks while one of the cars was in range. Previously, the company said no payload data was ever intercepted.

In a blog post published on Friday afternoon, the company said that it collected the data by “mistake” and that the data has not been used in any Google products. Street View cars have now been grounded, according to the post, and the company has promised to delete the data. But before doing so, it will be asking regulators in “the relevant countries” how this should be done.

It arrives less than three weeks after the company said that such data was not being collected. But since then, Google conducted a review of the data being collected by its Street View cars after the data protection authority (DPA) in Hamburg, Germany requested such an audit.

Ginger McCall, a staff counsel with the Electronic Privacy Information Center (EPIC), a public watchdog, calls the data collection a “violation of customers’ trust,” and she questions Google’s claim that it was collecting the data by mistake. “People need to ask why was Google was collecting this information,” McCall told The Reg. “It’s difficult to believe that this would be done accidentally.

“This really flies in the face of their assertion that customers should just trust them.”

On April 27, in response to a complaint from the German DPA, a Google blog post said that in scanning open WiFi networks its Street View cars were collecting only the SSIDs that identify the networks and MAC addresses that identify particular network hardware, including routers. Google uses this data in products that rely on location data, such as Google Maps.

But the company now says that when Street View cars began collecting this data, it accidentally included some additional code with the cars’ software. “So how did this happen? Quite simply, it was a mistake,” today’s blog post reads. “In 2006, an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data.

“A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software — although the project leaders did not want, and had no intention of using, payload data.”

As EPIC’s McCall says that Google’s admission undermines trust in the company, Google seems to acknowledges as much. “Maintaining people’s trust is crucial to everything we do, and in this case we fell short,” the company says.

In response, the company says it will ask a third party to review the its WiFi data collection software and to confirm that it deleted the data appropriately. It also says it will review its “procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future.”

Separately, the company will soon offer SSL encryption for its core search service. In July 2008, Google added an HTTPS-only option to its Gmail email service, and in mid-January, just after announcing that alleged Chinese had nabbed intellectual property from its internal systems, it turned on SSL by default.

It also offers SSL as an option with its Calendar, Docs, and Sites services, and just recently, it began doing the same with Google Web History and Google Bookmarks, after a security vulnerability was found in the search personalization service that taps Web History.

Google says that following today’s admission, its Street View cars will stop collecting WiFi data entirely, including SSIDs and MAC addresses. But presumably, they will not stop collecting photos of every street on the planet and posting them online.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Personal Information Sent To An Analysis Firm Stolen From State Street Corporation
  • 34000 Of Customers Bank Details On Stolen Boots Backup Tape
  • Privacy Dashboard Service Launched By Google
  • New Tool For Graphics Cards Threaten Wireless Networks Encryption
  • Private Data Exposed By Hackers In University Of Texas At Dallas

    • Posted in Google, Privacy | Print This Post Print This Post

    This entry was posted on Saturday, May 15th, 2010 at 3:28 pm and is filed under Google, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Google Street View Collected Personal Data From WiFi Networks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »