We’ve written about Google’s “Wi-Spy” saga many times before.
And even when we’ve covered a story that suggested that the issue would at last get closure, we’ve said, “Betcha this won’t be the last of it.”
Of course, in just the same way that eventually there isn’t any more toothpaste in the tube, we’ll lose that bet some day.
But not yet, and definitely not this week.
That’s because Google is back in the firing line yet again, years since this all started, this time from Brazil.
The story so far
First, however, here’s the saga so far, or as much as I can remember of it, and not necessarily in chronological order (it all gets a bit hazy after a while).
THE GOOGLE WI-SPY STORY AS A HAIL OF BULLETS, BY P DUCKLIN
• Google’s Street View cars collect Wi-Fi access point information in bulk for geolocation purposes. (Home and business access points tend to stay put, with the same name, for months or years.)
• In 2010, it emerged that for the several years, Google had been sucking up your Wi-Fi payload data at the same time as locating your access point.
• Some Privacy Commissioners decided they didn’t like this and ordered Google to destroy the data at once to prevent its abuse.
• Some Privacy Commissioners decided they didn’t like this and ordered Google to retain the data for investigative purposes.
• Google denied it had collected payload data.
• Google changed its mind and decided that it had collected payload data.
• Australia dubbed it the “single greatest breach in the history of privacy,” but ironically found that local laws didn’t allow any action against Google.
• France fined Google EUR100,000 for not co-operating with the privacy office’s investigation.
• The FTC in the US fined Google US$25,000 after it asked for information five times but got no answer.
• Google then criticised itself by going public with redacted data from the FTC’s report to show that it had known about the collection for years.
• Google wrote to the Australian Privacy Commission to say that the data had been destroyed.
• Google changed its mind and wrote to the Australian Privacy Commission to say that it had found disks on which some of the data remained after all.
• Australia told Google it really, really had to destroy the data this time.
• Google admitted fault to the Information Commissioner’s Office (ICO) in the UK, and got ready to delete the data at last.
• Google paid out $7,000,000, and apologised, to settle a multi-state investigation in the USA.
• The UK ICO found out Google hadn’t deleted all the data, and told Google it really, really had to destroy the data this time.
THE END. BETCHA THIS WON’T BE THE LAST OF IT.
Brazil joins in
Indeed, the ICO’s fist-waving wasn’t the last of it.
In the latest phase of the drama, Brazil has joined in with its own demands.
Late last week, Google was given just five days to cough up “detailed information about Google Street View.”
It’s not immediately clear what Google will be expected to reveal, though one imagines that the Brazilians are after as much as they can get.
So Google may well end up handing over information such as: source code; project-related emails from 2007 and beyond; representative samples of collected data; and the details of any previous public investigations already conducted.
→ If Brazil asks for examples of StreetView Wi-Fi data collected back in 2007-2010, there will be a small irony in the assumption that Google has kept that data – and kept it for so long – when its failure to get rid of it in other jurisdictions caused so much trouble for the company.
The penalty if Google doesn’t play ball is a fine of R$100,000 per day (about US$45,000), but the fine only accumulates for ten days, apparently topping out at R$1,000,000 (about US$450,000).
What to do?
Don’t forget that it’s not just Google, but anyone in your vicinity with a Wi-Fi card, who can sniff out your wireless transmissions.
Google, of course, is uniquely placed in respect of the scale of collection it can achieve, and the range of uses to which it can put your data after slurping it up, and that’s why there has been such a long-running outcry over Wi-Spy.
But a data leak is a data leak.
So make sure your own Wi-Fi security is in order today.
Use WPA or WPA2 with a long and hard-to-guess passphrase (you only need to enter it once on each device), and don’t rely on security short-cuts like network name hiding or MAC address filtering.
These short-cuts don’t give you the security you might think, and here’s why:
Betcha this won’t be the last of it.