Sophos Cloud Optix
Google seems to have neglected to turn its deep data pockets inside out.
The company admitted to the UK Information Commissioner’s Office on Friday that it’s stumbled on scraps of Street View car data that the ICO told it to trash back in November 2010.
You might remember this kerfuffle, since it’s been dragging on for a while.
Long ago, Google figured that any available wireless networks would be helpful tools for mobile devices to triangulate their positions, so it rigged its Street View cars to sniff the WiFi environments they drive through and to map out any networks they found.
Google got in trouble when it became clear that its data slurping included the capture and storage of data packets from any unprotected wireless networks, turning Google’s geolocation database into a privacy and security swamp full of passwords, usernames and private email.
First, Google denied it.
Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data.
Oops, their bad – they then turned around and admitted it .
In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.
In fact, it turned out, Google staff had known about the Street View data breach since 2007.
Oh dear.
France got mad and fined Google €100,000, the US got mad because Google didn’t even bother to respond to Federal Communication Commission’s inquiries, and Australia got mad but didn’t actually have teeth in its privacy law, so it couldn’t do anything beyond scolding Google.
And so it continues.
On Friday, the UK’s ICO – the country’s data privacy watchdog – put out a statement saying that it had received a mea culpa from Google about the data still hanging around.
The apologetic letter – viewable on the ICO’s site, along with the ICO’s letter of response – was sent by Google’s Global Privacy Counsel, Peter Fleischer.
Fleischer writes that in physically inspecting and rescanning thousands of disks, Google came across lingering payload data from the UK and other countries, and the company wants to know just what, exactly, it should do with it: destroy it? Hand it over?
The ICO responded with a letter requesting that Google prepare to hand over the data for the ICO to inspect “as soon as practicable”.
Which, it appears, is a polite rendition of “hand it over immediately”, judging by the ICO’s statement on the matter:
Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action.
The ICO said it’s also in touch with data protection watchdogs in the EU and elsewhere in order to coordinate a response.
The statement expresses a touch of disappointment in Google’s failure to comply with previous directions to kill the offending data:
The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern.
Cause for concern, indeed.
Google’s darn good at collecting data, but when it comes to deleting it, the company’s evidently got a hoarding problem.
All these people with unprotected networks and Google is being scolded? Not that Im defending what Google did. If you cant secure your own network then you cant cry when someone hops on. Its the 21st century, secure your networks people!
Google is trying to play world police. They are pushing it too much. When will we ever teach them a lesson. Just because you are big doesn't mean you can do anything and get away with it. I should use Bing more often. Google has become a ridiculous company in the past years. OH not to mention their stupid algo updates which messes up genuine rankings and put businesses out of pocket while they profit on ads. Bastards !
Before Googlenet, there was the Internet and search engines respected people’s privacy.
Anti-everythingware should include an option to block the Googoyles from Google-net. Unfortunately, those born and raised with Google think it is the second coming and can turn water in to wine. They gobble up Google.
I agree with Delta2 – big doesn’t mean they can be the Internet bully forcing their wares on everyone and taking what they want.
Great article Lisa – I hope billions read it – except the Google-cops 😉
You must see their Google places crap. Even if you don't put a google places for your business Google takes the big daddy role and automatically does it without your permission. Now its open to abuse. Anyone can go on and write FAKE negative reviews about your company (Even competitors) and you can't do a damn thing about it. If you claim it and delete it Google never deletes the fake reviews. If you report it then they wont process it for atleast an year.
Google is the worst thing happened to man kind.
Google is one of the best thing that happened to mankind IMHO. I do agree that there are issues which need to be addressed but they are eventually, in the mean time the world is allowed to evolve and adapt. If it were not for big companies such as Google we'd still be depending on wars for our world to evolve… Established institution being so reluctant to change.
So yes sometimes unpleasant thing such as fake reviews on Google Maps happens but would you prefer no Google Map and no review at all?
Oh yes you can. You reply back to the reviews.
Dude, are you a child or a businessman? Any business is open to customers compalining, or competitors making stuff up. This circulates word-of-mouth and then you REALLY can't do anything about it.
At least when it is up on the web, you know what is there and have a chance to address the comment / review.
Just guessing here, but I think you run a business with poor customer service, and now you are upset that people have pointed it out. Am I wrong?
Hey — if the Google car can drive down the public street and pick this stuff up — IT IS PUBLIC INFORMATION! Every bit as public as the idiot who was picking his nose right in front of everybody when their car drove by.
I'm so sorry about the idiots who decided to put up a network with no security, then stick their passwords and other info that SHOULD be protected onto that network. Their fault — not Google's.
Maybe they will get a clue that anybody else can drive down their street and get the same info.
(Now, not to say Google shouldn't dump the data just for the principal of being nice guys and not making that public information that should not have been public, um…public)