Google in trouble for StreetView all over again, this time in Brazil

Filed Under: Data loss, Featured, Google, Privacy

We've written about Google's "Wi-Spy" saga many times before.

And even when we've covered a story that suggested that the issue would at last get closure, we've said, "Betcha this won't be the last of it."

Of course, in just the same way that eventually there isn't any more toothpaste in the tube, we'll lose that bet some day.

But not yet, and definitely not this week.

That's because Google is back in the firing line yet again, years since this all started, this time from Brazil.

The story so far

First, however, here's the saga so far, or as much as I can remember of it, and not necessarily in chronological order (it all gets a bit hazy after a while).

THE GOOGLE WI-SPY STORY AS A HAIL OF BULLETS, BY P DUCKLIN

• Google's Street View cars collect Wi-Fi access point information in bulk for geolocation purposes. (Home and business access points tend to stay put, with the same name, for months or years.)

• In 2010, it emerged that for the several years, Google had been sucking up your Wi-Fi payload data at the same time as locating your access point.

• Some Privacy Commissioners decided they didn't like this and ordered Google to destroy the data at once to prevent its abuse.

• Some Privacy Commissioners decided they didn't like this and ordered Google to retain the data for investigative purposes.

• Google denied it had collected payload data.

• Google changed its mind and decided that it had collected payload data.

• Australia dubbed it the "single greatest breach in the history of privacy," but ironically found that local laws didn't allow any action against Google.

• France fined Google EUR100,000 for not co-operating with the privacy office's investigation.

• The FTC in the US fined Google US$25,000 after it asked for information five times but got no answer.

• Google then criticised itself by going public with redacted data from the FTC's report to show that it had known about the collection for years.

• Google wrote to the Australian Privacy Commission to say that the data had been destroyed.

• Google changed its mind and wrote to the Australian Privacy Commission to say that it had found disks on which some of the data remained after all.

• Australia told Google it really, really had to destroy the data this time.

• Google admitted fault to the Information Commissioner’s Office (ICO) in the UK, and got ready to delete the data at last.

• Google paid out $7,000,000, and apologised, to settle a multi-state investigation in the USA.

• The UK ICO found out Google hadn't deleted all the data, and told Google it really, really had to destroy the data this time.

THE END. BETCHA THIS WON'T BE THE LAST OF IT.

Brazil joins in

Indeed, the ICO's fist-waving wasn't the last of it.

In the latest phase of the drama, Brazil has joined in with its own demands.

Late last week, Google was given just five days to cough up "detailed information about Google Street View."

It's not immediately clear what Google will be expected to reveal, though one imagines that the Brazilians are after as much as they can get.

So Google may well end up handing over information such as: source code; project-related emails from 2007 and beyond; representative samples of collected data; and the details of any previous public investigations already conducted.

→ If Brazil asks for examples of StreetView Wi-Fi data collected back in 2007-2010, there will be a small irony in the assumption that Google has kept that data - and kept it for so long - when its failure to get rid of it in other jurisdictions caused so much trouble for the company.

The penalty if Google doesn't play ball is a fine of R$100,000 per day (about US$45,000), but the fine only accumulates for ten days, apparently topping out at R$1,000,000 (about US$450,000).

What to do?

Don't forget that it's not just Google, but anyone in your vicinity with a Wi-Fi card, who can sniff out your wireless transmissions.

Google, of course, is uniquely placed in respect of the scale of collection it can achieve, and the range of uses to which it can put your data after slurping it up, and that's why there has been such a long-running outcry over Wi-Spy.

But a data leak is a data leak.

So make sure your own Wi-Fi security is in order today.

Use WPA or WPA2 with a long and hard-to-guess passphrase (you only need to enter it once on each device), and don't rely on security short-cuts like network name hiding or MAC address filtering.

These short-cuts don't give you the security you might think, and here's why:

What next?

Betcha this won't be the last of it.

, , , , , ,

You might like

3 Responses to Google in trouble for StreetView all over again, this time in Brazil

  1. ScottK · 284 days ago

    I still have to facepalm at this whole saga. Its called "open wifi" for a reason. Secure your stuff!

  2. Andy · 284 days ago

    am I surprised, no

  3. Steven · 79 days ago

    The only things I can see people show concern or worry to use privacy in street view is being caught doing something wrong, I can not see much about someone with a lot of information showing being a problem, because I am on the other side of world and others would too when they look at my house showing - you can see trees and everything.. People campaign for office here show their house and street address, with pictures of everyone in the family, .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog