This issue kind of fell by the wayside in all the WebM and Android violence, but apart from the cool things Google did this past week, they’ve also done something really bad. They claim it’s a mistake, but the company has collected 600GB of data from open personal wireless networks in 33 countries through its Street View cars, prompting several countries to initiate official investigations into the search giant.
Most of you are probably familiar with Google Street View. All that photographic material is collected by Street View cars with crazy camera contraptions mounted on their roofs. I saw one drive through my street and neighbourhood a few years ago, but the data for The Netherlands and my small rural home town were only added a few months ago.
In any case, the Street View cars also collect information about wireless networks, namely the SSIDs and MAC addresses. Google collects this information for its location services, similar to what Skyhook and the Fraunhofer Institute have been doing for a while now. Google claims that because anyone with a wireless device can obtain this information simply by walking down the street, it can’t be called a privacy violation.
I’d say there’s a difference between an individual and a huge American (thus, foreign) corporation, but alas.
However, May 14, Google published a new blog post in which it explained it had in fact been collecting personal data as well from open wireless networks. “It’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products,” the company wrote.
“However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second,” Google added, “In addition, we did not collect information traveling over secure, password-protected WiFi networks.”
How did this happen? Google claims it was a mistake. “In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data,” the company explained, “A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software – although the project leaders did not want, and had no intention of using, payload data.”
Fragments or no, mistake or no, the backlash has been huge, and rightfully so. Ireland, Denmark, and Austria have asked Google to destroy the data they’ve collected, and the company has complied. Several others, Belgium, France, Italy, Spain, Germany, Switzerland and the Czech Republic, however, have asked Google to hand over the data so they can investigate whether or not the company is telling the truth when it says it only collected small snippets of data. The US and The Netherlands, too, have announced investigations into the matter.
Google CEO Eric Schmidt, in the meantime, believes his company shouldn’t be prosecuted because it was an honest mistake, and no harm has been done – “no harm, no foul”, further adding more damage had been done to the company’s reputation than to individuals.
Of course, Google’s reputation can fall of a cliff for all I care. If countries’ privacy laws have been broken here, the company should be punished for it fair and square. The matter carries additional weight with me because of Google’s immense size, as well as the fact it is a foreign entity. On top of that, it’s a company built around information, and as such, must be carefully watched as to prevent it from crossing the line.
Mistake or no, this matter should be investigated thoroughly, if only to send a clear warning shot across Google’s bow.
Search providers deal with lots of data, and much of it is private. There are other less invasive methods of locating people to within an area that is small enough for most static applications. Or here’s a suggestion, ask them if they WANT their location stored so that search results can be customised. On mobile devices – well at least on the iPhone, I can’t speak first hand for many of the others – you are asked if you want to allow location services to find your position.
As I drive along in my local area My iPhone regularly asks me if I want to join wifi networks it locates. This doesn’t give me the right to collect all the locations and use that information for my own purposes. Especially when their targeted search results are just another marketing tool for them to sell their advertising.
This follows further too. Just because I might put a file that contains personal information on a server somewhere for a short period buried deep in a random folder structure so that someone in another part of the world can gain quick access to it doesn’t mean I want Google to index it and serve it up in their search results. While there are methods to prevent this they are not known by a lot of people. I believe at the moment all search providers are afforded way too much freedom. The web has matured to a stage where I believe they should have to be specifically allowed by the user to search and index sites. No code in the header to allow it = no index.
We just need some governments to stand up and have the kahunas to do something about it, but then, with the amount of data governments collect on people it would be a bit like Tommy Lee giving Tiger Woods a lecture on commitment.