Google initially justified their Street View cars collecting SSID data (network names)and MAC addresses from WiFi routers. Google insisted that:
...we do not collect any information about householders, we cannot identify an individual from the location data Google collects via its Street View cars... We do not believe it is illegal--this is all publicly broadcast information which is accessible to anyone with a WiFi-enabled device. Companies like Skyhook have been collecting this data cross Europe for longer than Google, as well as organizations like the German Fraunhofer Institute.Then the data protection authority (DPA) in Hamburg, Germany requested an audit of the data collected. Google says:
His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect.Here is a link to that Google post, Data collected by Google cars
Turns out Google WAS collecting payload data (network users data sent across the network) from unprotected networks. But of course everything is OK because it was only samples of data, it was a mistake and they never used the data.
Here's how Google described it:
In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.
However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks.
So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.
As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it.Here is a link to the Google blog post detailing the faux paus WiFi data collection: An update
Now InformationWeek is reporting that Google is being sued by at least three individuals in the US for violating the Federal Wiretapping Act. Stay tuned for more litigation and regulatory investigations! Here is the InformationWeek article Google Sued For Vacuuming WiFi Data.
Visit On-Site Technical Solutions for information on how you can move to Google Apps or other Cloud Computing applications. We can also help you with your mobile computing. You should follow us on Twitter here. Call or text me at 949-212-2168.
Technorati Tags
On-Site Technical Solutions
privacy
Google Street View
No comments:
Post a Comment