Friday, May 14, 2010

WiFi data collection: an update

(cross-posted from the Official Google Blog)

Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect.

In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.

However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks.

So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.

As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it.

Maintaining people’s trust is crucial to everything we do, and in this case we fell short. So we will be:
  • Asking a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that we deleted the data appropriately; and
  • Internally reviewing our procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future.
In addition, given the concerns raised, we have decided that it’s best to stop our Street View cars collecting WiFi network data entirely.

This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today. Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search. For other services users can check that pages are encrypted by looking to see whether the URL begins with “https”, rather than just “http”; browsers will generally show a lock icon when the connection is secure. For more information about how to password-protect your network, read this.

The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake.


祥傑 said...


Alexandre said...

Google does no evil.
When it does, it apologizes.

JMS said...

Once again Google has demonstrated a lack of concern for privacy. Its computer engineers run amok, push the envelope and gather whatever data they can until their fingers are caught in the cookie jar. Then a Google executive apologizes, mouthing bafflegab about how privacy matters to the company.

The takeaway from this incident is the clear need for government oversight and regulation of the data all online companies gather and store. The Justice Department or the Federal Communications Commission should examine the Google case in the United States.

Google’s announced plan to have an unnamed third party study what went wrong and to check that the improperly gathered private data has been eliminated is inadequate.

That’s like getting to pick the referees in a championship football game.

Consumer Watchdog is pleased Google has announced it will now offer SSL encryption on its search engine. This is a substantial protection for consumers. Google deserves praise for this important step and other companies should follow Google's lead.

Now, Google needs to factor privacy in from the beginning of all projects, rather than simply gathering as much data as it can, simply because it can. I hope they will learn a valuable lesson from this debacle.

--John M. Simpson
Consumer advocate
Consumer Watchdog

Mark Chambers said...

I agree that with such power as what Google wields, a separate Caution Department needs to be in place with round-the-clock operation; checking, balancing, brainstorming and simulating all the worst case scenarios before releases.

But I give them credit for their openness about the matter. Of all the company press releases I've read, Google's was the most candid, honest and personable – what one would expect from a good company that made an honest mistake and has nothing to hide.

So I don't agree with the lawsuits.

I wish I could give you angry people what you want. If only I had a magic wand with which to grant it, namely, banishing you to the Hidden Realm of Privacy along with all the lawyers and class action plaintiffs who are seeking to capitalize from this. Ah, and that is all you really want, isn't it? To stick your greedy hands into Google's deep pockets.

Nothing happened. No harm was done. Unless I am mistaken, no ones privacy was compromised that resulted in damages.

If only I could make those lawyers go *poof*!

Larry Medina said...

"Google does no evil. When it does it apologizes"


The fact that they set the systems up to capture ANYTHING aside from images at a Street View in the first place was EVIL... this was far outside the stated parameters of the project, which was already drawing complaints from many.

Gathering information about networks, whether it was "just snippets" or otherwise was nothing but invasion and techno snooping... what would have happened if someone from a Foreign Government had been caught doing this??

No evil? Think again... and as far as apologizing, well so did some of the Catholic priests that abused children, but I doubt they'll be forgiven either.

I hope the EFF helps the Senate build a case and they rip Google a new one over this

Fefe said...


John said...

Why on earth were you collecting ssid and mac address info in the first place? This is supposed to be o.k. as long as you're not collecting payload data? How so? Please, I can find no post anywhere where Google justifies this flagrant abuse of customer and citizen trust. After something like this, why should anyone trust any of your services?