Sunday, May 16, 2010
GOOGLE ADMITS COLLECTING WI-FI DATA THROUGH STREET VIEW CARS
German request for data audit reveals the web giant 'accidentally' stored payload information from open networks
Jemima Kiss The Guardian, Saturday 15 May 2010
A Google mapping car in of Bedminster, UK
A Google mapping car with which the web giant admits accidentally collecting wifi data. Photograph: Ben Birchall/PA
Google has been accidentally gathering extracts of personal web activity from domestic wifi networks through the Street View cars it has used since 2007, it said last night.
It was discovered as a result of a data audit demanded by Germany's data protection authority, and is likely to inflame critics of Google concerned about the web giant's use of private data.
As well as systematically photographing streets and gathering 3D images of cities and towns around the world, Google's Street View cars are fitted with antennas that scan local wifi networks and use the data for its location services.
In a post on its European Public Policy blog on 27 April, Google stated that although it does gather wifi network names (SSIDs) and identifiers (Mac addresses) for devices like network routers, it does not gather "payload" data passed through those wifi networks.
But yesterday Google blogged that the audit had prompted it to "re-examine everything we have been collecting" and admitted its mistake.
"It is now clear that we have been mistakenly collecting samples of payload data from open wifi networks, even though we never used that data in any Google products."
Google said it amounted to 600GB, equivalent to a consumer hard drive, but that this data consisted only of fragments of activity from open wifi networks. Password-protected web services, such as banking or secure HTTP addresses, would not have been included, and neither would data from password-protected wireless networks.
Google blamed the mistake on a piece of legacy code from an experimental project that had been re-used to programme equipment on the Street View cars, and said it will ask a third party to oversee deletion of the data and its procedures.
"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."
Google said the discovery highlighted the vulnerability of data in open wifi networks. It has previously said other companies, including Skyhook and Microsoft, already scan wifi networks and gather information in this way.
The Google Street View feature in Google Maps, introduced in 2007, now displays street-level images from cities in nine countries, including 21 in the UK.
But it has faced regular concerns about privacy, which started in Britain on the day of the launch after users found images of a man throwing up in the street and another leaving a sex shop. In April last year, residents in Broughton barricaded roads to stop the Street View car entering the village, saying it would encourage crime and was an invasion of privacy.
Google is struggling with stricter privacy laws in Germany, where it has yet to launch the service, and Switzerland where it was introduced in August. Despite a flood of demands from the European Union, including wiping its Street View images after six months instead of 12, Google has said it remains committed to Street View in Europe. It said reports that it would stop mapping streets in any more EU countries are inaccurate.
* guardian.co.uk © Guardian News and Media Limited 2010