Google has ceased collecting Wi-Fi data as part of its Street View program days after being sent a letter by privacy groups worried about security and privacy.
The decision was announced in a blog post by Google senior vice-president of engineering and research, Alan Eustace.
In the post, Eustace said an audit request by the German data protection authority (DPA) into the Wi-Fi data collected by its Street View cars led to an internal examination of the program that found the company had "mistakenly" collected payload data (information sent over a network) in addition to SSID and MAC address details.
This was contrary to information the company had provided to German authorities and published in a blog post on 27 April.
Eustace also said Google had not used any of the data gathered in products and only fragments of payload data were collected because "our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks".
He went on to call the payload data collection a mistake.
"In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data," the blog post reads.
"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."
Earlier in the week the Electronic Frontiers Association (EFA) and Australia Privacy Foundation (APF) jointly questioned potential security breaches conducted by Google's Street View program.
In an open letter addressed to Google Australia's head of public policy and government affairs, Iarla Flynn, the two organisations highlighted the company's collection of Wi-Fi access point data by cars taking photos of streets and houses as part of its Street View feature.
The letter's complaint centred on Google's announcement last month that its Street View cars captured Wi-Fi access points' unique MAC addresses while also taking 360 degree imagery of the surrounding area. While users can change the name, or SSID, of their wireless network, the MAC addresses are fixed to the router or device.
In the Google blog entry that incited the open letter, the company explained that it utilises this data to provide better location data for GPS-enabled devices such as smartphones.
Many consumer devices, including the iPad and Android-based smartphones, utilise three or more surrounding wireless access points to triangulate their location, which is often faster than satellite-based GPS data, though not necessarily as accurate. While smartphones don't typically cache this data, the letter's co-authors expressed concern that Google may store this data for unknown uses.
As a result of the debacle, Google said it will now invite a third party to review the Street View software and confirm it has deleted all the data appropriately.
"The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here," the blog post reads. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."
The blog post also notes Google will begin offering an encrypted version of Google Search from next week.