Google admits collecting passwords and emails
By Nicole Kobie
Posted on 25 Oct 2010 at 08:43
Google has admitted that its Street View cars picked up private emails and passwords while scanning wireless connections, forcing the ICO to reconsider taking action.
Google sent out its Street View camera cars with Wi-Fi scanning equipment earlier this year, inadvertently, it says, picking up data being sent over the connections.
In May, Google said the data was so fragmented it couldn't be pieced together, but has now admitted that examinations of the collected data by "external regulators" has shown that's not the case.
It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords
"It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," wrote Alan Eustace, senior vice president of engineering and research, in a post on the Google blog.
"We want to delete this data as soon as possible, and I would like to apologise again for the fact that we collected it in the first place," he said, adding the company was "mortified" by what had happened.
Time for ICO action?
While several governments have taken action over the privacy intrusion, the UK data watchdog, the UK Information Commissioner's Office, merely called for the collected data to be deleted.
Its investigation consisted of viewing a few samples of the data at Google's London office, and the watchdog concluded at the time that the bits collected were not "meaningful".
Google's admission - forced by other regulators - means the ICO now must reconsider its own findings. "Whilst the information we saw at the time did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await the findings of, the investigations carried out by our international counterparts," the watchdog said in a statement.
"Now that these findings are starting to emerge, we understand that Google has accepted that in some instances entire URLs and emails have been captured," it said.
The ICO hasn't yet spoken to Google, and is waiting to get more data from the web giant and other regulators before considering action. "We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers."
The ICO is able to fine organisations up to £500,000, but has yet to dish out any such punishment.
Google also faces an investigation by the Met Police, but as of this summer still hadn't decided whether to start a full investigation into the matter.
The news will add more fire to a debate on the topic in parliament on Thursday, organised by Tory MP Rob Halfon - who has repeatedly called for the Government to take action against Google over the data blunder.
From around the web
This is such dodgy, dangerous behaviour from a private corporation.
Very concerning.
By Grunthos on 25 Oct 2010 
The worst punishment the ICO can mete out is a £500k fine?! That isn't even a rounding error on Google's daily chicken feed bill. They could probably find that much just by digging down the back of the sofas in the Googleplex.
By flyingbadger on 25 Oct 2010
Shoot the messenger ...
Sorry, but are we not all spectacularly missing the real problem here? The problem is not that Google have done this, but that ANYONE could and can do this. The scandal is the laxity of the WiFi protocols, not what Google may have inadvertently collected in its understandable and socially useful attempts to map the WiFi data-sphere.
By JohnAHind on 25 Oct 2010
Can't see why Google would collect email details on purpose having millions of gmail users already in the databases so any assumption of intended wrongdoing is, at least for me, rather laughable.
They should get a good slap on their wrists though and it doesn't matter whether the fine is a big one, as long as it's well covered in media. That is where it really hurts and Google deserves it for slacking off in the area they should be setting an example actually.
By Josefov on 25 Oct 2010
@JohnAHind - you are quite right, this is a lot of fuss over nothing.
Google collected unencrypted packets from unsecured wireless networks that could IN THEORY contain passwords or complete emails. How much data do you think a car driving past can collect?
Anybody could do the same with a notebook PC.
By Stiggy on 25 Oct 2010
'Investigation'?
Agree there are wider issues highlighted by this well beyond the bits of data gathered. Big one for me is how poorly protected we all are by this particular 'watchdog'. Never mind not having teeth, it has no eyes either.
How does it expect to carry out meaningful checks when it only looks at data spoonfed by the body that it is investigating?
By colsmith on 25 Oct 2010
Of course it's bad that people have unsecure networks etc... but that doesn't excuse a company from collecting the data.
If you leave your door unlocked, it may be stupid, but it doesn't give a person the right to come in a steal from your home!
It still amazes me how people are so happy for a company to invade their privacy as long as that company give them something free in return (whether that be Google, Facebook etc.)
By Grunthos on 25 Oct 2010
Shocking what they were collecting
Time to change the SSID and key to your router....
By everton2004 on 25 Oct 2010
google is evil.
By skyline100 on 25 Oct 2010
screen settings
it took me 2 hours yesterday to resolve a browser screen resolution problem when google thought i was viewing in a 768 resoltion even when my settings where at 1440x900!
thank you google!
By JamesBub on 25 Oct 2010
*Facepalm*
The most serious problem highlighted by this report isn't that WiFi is insecure out of the box. It's not that Google collect data. It's that the ICO, who had supposedly "investigated" didn't know what sort of data had been collected until Google's press release. Some investigation. Between an ICO that marries incompetence with lethargy to a degree not seen since Orinoco the Womble took up parkour, a central government that is only too happy to knock a complaint into the rough grass between departments and a City of London police that's only interested in RIPA if it's empowering them rather than protecting us, we have absolutely no protection from the predations of corporate entities OR government. *nichomach0 froths at mouth and drums heels on floor*
By nichomach0 on 25 Oct 2010
It would be oh so different...
... if Google had downloaded MP3's
By cheysuli on 25 Oct 2010
Gah! Double post!
Sorry - random refresh button effect.
By nichomach0 on 25 Oct 2010
Skyhook
For those attcking Google, do a search for 'Skyhook' and then tell me how it's any different from what google have done.
"WPS determines location based on Skyhook's massive worldwide database of known Wi-Fi access points."
By Stiggy on 26 Oct 2010
What did they do wrong anyway?
Given that this data was free to receive by anyone, and that they have not published it in any way, thus even the most confidential or embarrassing information is not revealed, what have they actually done wrong?
By MJ2010 on 26 Oct 2010
@MJ2010
Shhh...
There's a lot of money to be made in fines from Google for 'privacy breeches' such as this
By greemble on 26 Oct 2010
Fat chance of the ICO doing anything anyway. They don't actually levy fines (won't, not can't) and are very minimalist about how they interpret their scope (from personal experience!)
By ghirson on 28 Oct 2010
Stupidity
This story shows that:
1. a significant number of people are too ignorant and too stupid to run any form of wireless networking
2. Google are stupid for telling plain lies about they've collected. (Thus feeding the paranoia of such as skyline100)
3. ICO are just too stupid for words.
By bobellsmore on 28 Oct 2010
Stupidity
This story shows that:
1. a significant number of people are too ignorant and too stupid to run any form of wireless networking
2. Google are stupid for telling plain lies about they've collected. (Thus feeding the paranoia of such as skyline100)
3. ICO are just too stupid for words.
By bobellsmore on 28 Oct 2010
@greemble
'privacy breeches' ??
I'm wearing mine right now!
(sp: breaches)
By dickhamilton on 1 Nov 2010
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
