Home » 

UK ISP News Archives

 » 
Sponsored Links

UPDATE Canada Reveals True Extent of Google StreetView WiFi Snooping Cars

Posted: 20th Oct, 2010 By: MarkJ
internet securitygoogleInternet search engine and advertising giant Google is in hot water once again after an official investigation by Canada's Privacy Commissioner condemned the firm for "inappropriately [collecting] personal information from unsecured wireless networks" (e.g. e-mails, usernames, passwords, phone numbers and addresses). Earlier this year Google admitted to unknowingly using their StreetView cars to map peoples home Wi-Fi wireless networks in multiple countries, including the UK.

Google's StreetView cars typically take pictures of every road they go down and present it on their website as part of an interactive and often quite useful navigation service. At the time Google claimed that using scanners to map wireless networks and record their unique Media Access Control (MAC) addresses and SSID (network names) was "by its very nature publicly broadcast and collecting it for geolocation purposes is not new or unique to Google".

Indeed many other organisations do exactly as Google have suggested, although none have their unique ability to cross reference so much data about an individual. However the Canadian investigation shows that Google, which blamed the mistake on an engineer’s careless error, collected significantly more information than first thought.

Google's Alan Eustace, Senior VP of Engineering & Research, admitted in May 2010:

"We said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products."

Canada's Privacy Commissioner, Jennifer Stoddart, said yesterday:

"Our investigation shows that Google did capture personal information – and, in some cases, highly sensitive personal information such as complete e-mails. This incident was a serious violation of Canadians’ privacy rights [and] the result of a careless error – one that could easily have been avoided.

The impact of new and rapidly evolving technologies on modern life is undeniably exciting. However, the consequences for people can be grave if the potential privacy implications aren’t properly considered at the development stage of these new technologies."

The personal information collected included complete e-mails, e-mail addresses, usernames and passwords, names and residential telephone numbers and addresses. Some of the captured information was very sensitive, such as a list that provided the names of people suffering from certain medical conditions, along with their telephone numbers and addresses. Thousands of Canadians were affected by the incident.

Technical experts from the Office of the Privacy Commissioner travelled to the company’s offices in Mountain View, Calif. in order to perform an on-site examination of the data that was collected. They conducted an automated search for data that appeared to constitute personal information.

To protect privacy, the experts manually examined only a small sample of data flagged by the automated search. Therefore, it’s not possible to say how much personal information was collected from unencrypted wireless networks.

Canada has now called on Google to install a "governance model", which would include controls to ensure that necessary procedures to protect privacy are followed. It has further recommended that Google enhance privacy training to foster compliance amongst all employees. That should be fun to watch.

In addition, the firm has been told to appoint an individual responsible for privacy issues. Lastly, Google has been told that it can now DELETE the Canadian payload data it collected. Contrast this to the UK position in which the Information Commissioners Office (ICO) decided not to bother and let Google off the hook.

UPDATE 25th October 2010

The UK Information Commissioner's Office (ICO), which holds responsibility for regulating the use and storage of personal information, has now been embarrassed into taking a second look at what personal details were stolen by Google's Wi-Fi snooping Street View cars.

An ICO Spokesman told the BBC News:

"We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers."

Google itself has also announced improvements to its privacy controls (here).
Search ISP News
Search ISP Listings
Search ISP Reviews
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £24.00
132Mbps
Gift: None
Shell Energy UK ISP Logo
Shell Energy £26.99
109Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £15.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £21.00
150Mbps
Gift: £25 Love2Shop Card
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5470)
  2. BT (3505)
  3. Politics (2524)
  4. Openreach (2290)
  5. Business (2251)
  6. Building Digital UK (2234)
  7. FTTC (2041)
  8. Mobile Broadband (1961)
  9. Statistics (1778)
  10. 4G (1654)
  11. Virgin Media (1608)
  12. Ofcom Regulation (1451)
  13. Fibre Optic (1392)
  14. Wireless Internet (1386)
  15. FTTH (1381)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules