This issue kind of fell by the wayside in all the WebM and Android violence, but apart from the cool things Google did this past week, they’ve also done something really bad. They claim it’s a mistake, but the company has collected 600GB of data from open personal wireless networks in 33 countries through its Street View cars, prompting several countries to initiate official investigations into the search giant.
Most of you are probably familiar with Google Street View. All that photographic material is collected by Street View cars with crazy camera contraptions mounted on their roofs. I saw one drive through my street and neighbourhood a few years ago, but the data for The Netherlands and my small rural home town were only added a few months ago.
In any case, the Street View cars also collect information about wireless networks, namely the SSIDs and MAC addresses. Google collects this information for its location services, similar to what Skyhook and the Fraunhofer Institute have been doing for a while now. Google claims that because anyone with a wireless device can obtain this information simply by walking down the street, it can’t be called a privacy violation.
I’d say there’s a difference between an individual and a huge American (thus, foreign) corporation, but alas.
However, May 14, Google published a new blog post in which it explained it had in fact been collecting personal data as well from open wireless networks. “It’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products,” the company wrote.
“However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second,” Google added, “In addition, we did not collect information traveling over secure, password-protected WiFi networks.”
How did this happen? Google claims it was a mistake. “In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data,” the company explained, “A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software – although the project leaders did not want, and had no intention of using, payload data.”
Fragments or no, mistake or no, the backlash has been huge, and rightfully so. Ireland, Denmark, and Austria have asked Google to destroy the data they’ve collected, and the company has complied. Several others, Belgium, France, Italy, Spain, Germany, Switzerland and the Czech Republic, however, have asked Google to hand over the data so they can investigate whether or not the company is telling the truth when it says it only collected small snippets of data. The US and The Netherlands, too, have announced investigations into the matter.
Google CEO Eric Schmidt, in the meantime, believes his company shouldn’t be prosecuted because it was an honest mistake, and no harm has been done – “no harm, no foul”, further adding more damage had been done to the company’s reputation than to individuals.
Of course, Google’s reputation can fall of a cliff for all I care. If countries’ privacy laws have been broken here, the company should be punished for it fair and square. The matter carries additional weight with me because of Google’s immense size, as well as the fact it is a foreign entity. On top of that, it’s a company built around information, and as such, must be carefully watched as to prevent it from crossing the line.
Mistake or no, this matter should be investigated thoroughly, if only to send a clear warning shot across Google’s bow.