Google has admitted that for the past three years it has wrongly collected information people have sent over unencrypted wi-fi networks.
(Click here to view news broadcast segment on BBC News.)
The issue came to light after German authorities asked to audit the data the company’s Street View cars gathered as they took photos viewed on Google maps.
Google said during a review it found it had “been mistakenly collecting samples of payload data from open networks”.
The admission will increase concerns about potential privacy breaches.
These snippets could include parts of an email, text or photograph or even the website someone may be viewing.
In a blogpost Google said as soon as it became aware of the problem it grounded its Street View cars from collecting wi-fi information and segregated the data on its network.
It is now asking for a third party to review the software that caused the problem and examine precisely what data had been gathered.
“Maintaining people’s trust is crucial to everything we do, and in this case we fell short,” wrote Alan Eustace, senior vice president of engineering and research.
“The engineering team at Google works hard to earn your trust – and we are acutely aware that we failed badly here.”
‘Pushing the envelope’
Google said the problem dated back to 2006 when “an engineer working on an experimental wi-fi project wrote a piece of code that sampled all categories of publicly broadcast wi-fi data”.
That code was included in the software the Street View cars used and “quite simply, it was a mistake”, said Mr Eustace.
“This incident highlights just how publicly accessible, open, non-password protected wi-fi networks are today.”
Dan Kaminsky, director of penetration testing for security firm Ioactive, said there was no intent by Google.
“This information was leaking out and they picked it up. If you are going to broadcast your email on an open wi-fi, don’t be surprised if someone picks it up.”
John Simpson, from the Consumer Watchdog, told the BBC: “The problem is [Google] have a bunch of engineers who push the envelope and gather as much information as they can and don’t think about the ramifications of that.”
Dr Ian Brown, an expert on privacy and cyber security at the Oxford Internet Institute, told BBC News the wi-fi data collection was part of an idea to accurately map a user’s location on Google Map and Street View.
“The idea was to use to the different signals and strengths from wi-fi and phones to position a users – think of it as a sort of GPS.
“However, there are concerns in many countries that Google has broken numerous data protection and privacy laws by collecting this data and I expect a clutch of lawsuits to follow,” he said.
Sat, May 15, 2010 at 12:55 pm