Those Street View cameras aren’t just collecting pictures of streets and buildings to make Google Maps better, they’re also scooping up email addresses and passwords, Google admitted Friday.
Back in May the company announced that its Street View cars were mistakenly collecting data from unencrypted wireless networks; now they’ve acknowledged that this data included emails, url addresses, and passwords from people who were sending that data over open (non-password protected) networks when a Google car passed by.
We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users. [Official Google Blog]
The data-collecting code was a part of the software running on Google’s Street View cars, which have so far mapped over 30 countries, and have established a presence on every continent–including Antarctica. The software was meant to just collect basic data about the presence of WiFi networks as the car-mounted cameras snapped pictures.
But the software did more than that. The extent of the breach has been established by several investigations, including one by the Canadian privacy commissioner:
It was established that the incident “was the result of a careless error” of one Google engineer who developed the unintentionally nefarious code in 2006. The engineer identified “superficial privacy implications” with the code, the commissioner found, but the implications were never assessed by other Google officials and the company was unaware of the presence of the code when its Street View cars were rolled into action. [The Guardian]
Not only is this kind of violation a public relations nightmare, but several countries are debating filing charges or changing the way they do business with Google, including the United Kingdom, which just reopened an investigation of the breach. Both Canada and Australia have already declared that Google’s Street View data collection broke their privacy laws. Over the past few months, it’s become clear that the incident will have worldwide repercussions.
Italy demanded that Google give residents several days notice before its cars roam their neighborhoods, Reuters reported. Regulators in France, Germany and Spain have begun investigations of their own. More than 30 state attorneys general in the United States also have launched a joint probe. [Washington Post]
Obvious idea of the day: Only send sensitive information over password-protected networks! As for controlling information transmitted over unprotected networks, like public WiFi hotspots, in May Google started encrypting searches from https://www.Google.com.
80beats: Location-Software Maker Sues Google, Saying It’s Being Evil (& Microsoft-like)
80beats: Take a Virtual Tour of Pompeii on Google Street View
80beats: Google’s Self-Driving Cars Are Cruising the California Highways
Discoblog: Google Street View Goes to Antarctica, Brings Maps to the Penguins
Discoblog: Pedestrian-Removing Software Makes for a Creepy Google Streetview
DISCOVER: Your Digital Privacy? It May Already Be an Illusion