Google "failed badly" over Wi-Fi data collection

Street View program to stop collecting Wi-Fi data as search giant apologies for "mistake"

Google has ceased collecting Wi-Fi data as part of its Street View program days after being sent a letter by privacy groups worried about security and privacy.

The decision was announced in a blog post by Google senior vice-president of engineering and research, Alan Eustace.

In the post, Eustace said an audit request by the German data protection authority (DPA) into the Wi-Fi data collected by its Street View cars led to an internal examination of the program that found the company had "mistakenly" collected payload data (information sent over a network) in addition to SSID and MAC address details.

This was contrary to information the company had provided to German authorities and published in a blog post on 27 April.

Eustace also said Google had not used any of the data gathered in products and only fragments of payload data were collected because "our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks".

He went on to call the payload data collection a mistake.

"In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data," the blog post reads.

"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."

Earlier in the week the Electronic Frontiers Association (EFA) and Australia Privacy Foundation (APF) jointly questioned potential security breaches conducted by Google's Street View program.

In an open letter addressed to Google Australia's head of public policy and government affairs, Iarla Flynn, the two organisations highlighted the company's collection of Wi-Fi access point data by cars taking photos of streets and houses as part of its Street View feature.

(In pictures: Google's trike at Taronga Zoo.)

The letter's complaint centred on Google's announcement last month that its Street View cars captured Wi-Fi access points' unique MAC addresses while also taking 360 degree imagery of the surrounding area. While users can change the name, or SSID, of their wireless network, the MAC addresses are fixed to the router or device.

In the Google blog entry that incited the open letter, the company explained that it utilises this data to provide better location data for GPS-enabled devices such as smartphones.

Many consumer devices, including the iPad and Android-based smartphones, utilise three or more surrounding wireless access points to triangulate their location, which is often faster than satellite-based GPS data, though not necessarily as accurate. While smartphones don't typically cache this data, the letter's co-authors expressed concern that Google may store this data for unknown uses.

As a result of the debacle, Google said it will now invite a third party to review the Street View software and confirm it has deleted all the data appropriately.

"The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here," the blog post reads. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."

The blog post also notes Google will begin offering an encrypted version of Google Search from next week.

More about: EFA, etwork, Google, Privacy Foundation, Taronga Zoo
References show all

Comments

1

magneto

Sat 15/05/2010 - 17:53

Whoops Google accidentally collected your data? Anyone that believes that monster does anything by accident probably also buys that they pulled out of China for ethical reasons. Whatever happened to 'dont be evil'?

2

pasc

Mon 17/05/2010 - 10:57

I actually have to side with Google on this one.

Collecting maps of SSIDs is actually useful. There's a number of free wifi hotspots around and it's hard to find one when you need one.

The Google cars aren't actually coming into your living room or looking through your windows to get this information, your wifi access point is transmitting it right into the street.

The payload data that the google streetview car would get is minimal. A car driving at 20km/h covers 100m in 20s, which means it can at worst grab 20s worth of data. In most cases this would be much less. The cars drive faster than that, and most residential wifi access points are not on the road but towards the centre of homes which would further restrict how far the streetview cars can see them.

Such a short time to grab MAC addresses and ESSIDs probably means that the cars are not even collecting full packets but snippets and trying to put them back together afterwards. That's pretty hard to do without collecting some payload information.

More importantly, if you have confidential data going over an unencrypted connection on an unencrypted wifi network, you have much bigger problems that what the payload data google streetview cars managed to grab as they drove past. Like the fact that all your neighbours can constantly spy on what you're doing online, as well as intercept and modify most of your connections. That is actually scary.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Australian Privacy Foundation (APF), Electronic Frontiers Australia (EFA), Google, google street view, privacy, wi-fi
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/22/cdex/

CDex

CDex can extract the data directly (digital) from an Audio CD, which is generally called a CD Ripper or a CDDA utility.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia