Google Says Mistakenly Got Wireless Data

Daily News Article — Posted on May 18, 2010

(by Alexei Oreskovic, Reuters.com) SAN FRANCISCO – Google Inc said its fleet of cars responsible for photographing streets around the world have for several years accidentally collected personal information that consumers send over wireless networks.

The company said on Friday that it is currently in touch with regulators in several countries, including the United States, Germany, France, Brazil and Hong Kong, about how to dispose of the data, which Google said it never used.

“It’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks,” Google Senior VP of Engineering and Research Alan Eustace said in a post on Google’s official blog on Friday.

Google, the world’s largest Internet search engine, did not specify what kind of data it collected, but a security expert said that email content and passwords for many users, as well as general Web surfing activity, could easily have been caught in Google’s dragnet.

“The bottom line is a lot of personal content is definitely available in open WiFi hotspots,” said Steve Gibson, the president of Internet security services firm Gibson Research Corp.

He noted that most non-Web based email products, based on the POP and IMAP standards, do not encrypt log-in information or the messages people send. And he said that Google’s own web email product, Gmail, has only in recent months encrypted the email messages that users send after their initial sign-on, which has been encrypted.

Google’s Street View cars are well known for crisscrossing the globe and taking panoramic pictures of the city streets, which the company displays in its Maps product.

Collecting the WiFi data was unrelated to the Google Maps project, and was done instead so that Google could collect data on WiFi hotspots that can be used to provide separate location-based services.

Google said the collection of data was a simple mistake resulting from a piece of computer code that was accidentally included from an experimental project. Google said it became aware of the mistake in the past week, shortly after telling a German regulator that it was not collecting such information.

A Google spokesperson said the Street View cars have been collecting the information since 2006 in more than 30 countries.

“As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible,” Google’s Eustace said, noting that Google had “failed badly” in maintaining its users trust.

(Reporting by Alexei Oreskovic, editing by Leslie Gevirtz and Bernard Orr)

Reprinted here for educational purposes only. May not be reproduced on other websites without permission from Thomson Reuters. Visit the website at Reuters.com.

Questions

1. When did Google Street View cars begin collecting information, which includes information from wireless internet connections inside people's homes?

2. In how many countries has Google Streets been collecting information?

3. a) What type of information do internet security experts say Google probably collected?
b) How was Google able to collect this information, according to Steve Gibson, president of an internet security company?

4. How is Google reacting, now that their invasion of individuals' privacy has been exposed?

5. From paragraph 9 of the article: "Google said the collection of data was a simple mistake resulting from a piece of computer code that was accidentally included from an experimental project. Google said it became aware of the mistake in the past week, shortly after telling a German regulator that it was not collecting such information."

A Financial Times article states that "[while] tak[ing] pictures for the group's imaging services, [Google] had been at the same time using the cars to assemble a database of electronic WiFi addresses intended to improve the functioning of its maps and other location services. Google said the project leaders ignored that the vehicles were also taking in snippets of activity on the WiFi networks."

A Yahoo News article reported that Alan Eustace, Google senior vice president for engineering and research, said in a blog post "It's now clear that we have been mistakenly collecting samples of payload data from open (ie non-password-protected) WiFi networks" and that Google is "profoundly sorry for this error."

a) What do you think of Google's claim that gathering the private information was "a mistake"?
b) Ask a parent the same question.

Background

FROM ADDITIONAL REPORTS ON GOOGLE'S DATA COLLECTION PRACTICES:

[Google] said it had been using a fleet of camera-equipped Street View vehicles, which take pictures for the group's imaging services, and had been at the same time using the cars to assemble a database of electronic WiFi addresses intended to improve the functioning of its maps and other location services.
Google said the project leaders ignored that the vehicles were also taking in snippets of activity on the WiFi networks.
"We didn't want to collect this data in the first place and we would like to destroy it as soon as possible," said Google's spokesman Peter Barron.
(from ft.com/cms/s/2/254ff5b6-61e2-11df-998c-00144feab49a.html)

Google is halting the collection of WiFi network information for its controversial "Street View" mapping service after admitting it ... gathered personal data sent over unsecured systems.
The [company] had insisted previously that it was only collecting WiFi network names and addresses with the Street View cars that have been cruising cities around the world taking photographs for the Google Maps service.
"It's now clear that we have been mistakenly collecting samples of payload data from open (ie non-password-protected) WiFi networks," Alan Eustace, Google senior vice president for engineering and research, said in a blog post...
Eustace said Google was "profoundly sorry for this error," which is likely to intensify criticism of Street View by privacy advocates and officials.
The Mountain View, California-based Google said it will end the collection of WiFi network information entirely by the Street View cars which have been used in over 30 nations, and was taking steps to delete the private data.
Street View, which is available for the United States and certain other countries, allows users to view panoramic street scenes on Google Maps and "walk" through cities such as New York, Paris or Hong Kong.
WiFi network information allows Google to build location features into mobile versions of Street View such as directions or nearby restaurants.
Eustace said a coding error was responsible for the collection of personal data sent by people over unsecured WiFi networks.
Eustace said Google discovered that personal data had been swept up a week ago following a request to audit WiFi data from the Data Protection Authority in Hamburg, Germany.
"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible," he said.
"We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it," Eustace said.
"Given the concerns raised, we have decided that it's best to stop our Street View cars collecting WiFi network data entirely," he added.
"Maintaining people's trust is crucial to everything we do, and in this case we fell short," he said. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."
(from au.news.yahoo.com/a/-/world/7242013/google-ends-wifi-collection-after-personal-data-captured/)

[Google has] promise[d] to delete the data "as soon as reasonably possible".
(from telegraph.co.uk/technology/google/7735178/Google-in-international-snooping-row.html)