May 17, 2010

Google Street View Collected Personal Data

Google has admitted that it collected personal data sent over unsecured WiFi signals as it gathered information using its controversial "Street View" mapping service over the last few years.

The Internet giant previously said it was only collecting WiFi network names and addresses with the Street View cars that have been cruising cities around the world taking photographs for the service.

"It's now clear that we have been mistakenly collecting samples of payload data from open (ie non-password-protected) WiFi networks," Alan Eustace, Google senior vice president for engineering and research, said in a blog post Friday.

Eustace said Google was "profoundly sorry for this error," which is likely to intensify the criticism being built up around the service.

The company said it will end the collection of WiFi network information entirely by the Street View cars, which have been used in over 30 nations.

Street View allows users to view panoramic street scenes on Google Maps and do a virtual walk through in cities like New York, Paris or Hong Kong.

Collecting WiFi network information allows Google to build location features into the mobile version of Street View, such as directions or nearby restaurants.

Street View already blurs faces and car registration plates because of the concerns that thieves could use pictures of private houses to gain access and photos of people were being published without their consent.

Eustace said a coding error was responsible for the collection of personal data sent by people over unsecured WiFi networks.

Google did not specify exactly what kind of information it gathered, but it could potentially include emails or details about which websites a person had visited.

Eustace said Google discovered the error a week ago after a request was made to audit WiFi data from the Data Protection Authority in Hamburg, Germany.

"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible," he told AFP.

"We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it," Eustace said.

"Given the concerns raised, we have decided that it's best to stop our Street View cars collecting WiFi network data entirely," he added.

According to a Google spokesperson, about 600 gigabytes of personal information had been gathered.

Eustace told AFP the data contained just fragments. "Because our cars are on the move, someone would need to be using the network as a car passed by, and our in-car WiFi equipment automatically changes channels roughly five times a second," he said.

John Simpson of Consumer Watchdog, an advocacy group that is a frequent critic of Google, said the company demonstrated a "lack of concern for privacy."

"Its computer engineers run amok, push the envelope and gather whatever data they can until their fingers are caught in the cookie jar," Simpson told AFP.

"The takeaway from this incident is the clear need for government oversight and regulation of the data all online companies gather and store," he said.

Jeffrey Chester, executive director of the Center for Digital Democracy, told AFP "Google has placed data collection before user privacy -- the DNA of the company is to harvest data for online marketing."

"Top management needs to ensure that privacy -- not data collection -- come first," Chester said.


On the Net: