Google and ICO in cahoots over Wi-Fi data probe
By Nicole Kobie
Posted on 21 Dec 2010 at 11:56
The Information Commissioner’s Office and Google teamed up on their response to an MP's complaint about the search giant's Wi-Fi scandal, according to documents obtained by PC Pro under the Freedom of Information Act.
Google was caught scraping data from unsecured Wi-Fi connections in May, but initially said no personal information was collected.
The ICO investigated in July, agreeing with that assertion, but in October both had to admit they were wrong after other data watchdogs uncovered that email addresses, passwords and URLs had in fact been picked up.
Following that admission, Tory MP Robert Halfon, started to ask questions about the investigation in parliament. “As a country we don’t take individual rights seriously enough and the Information Commissioner’s response has been woeful," Halfon said at the time, later comparing the ICO's investigators to Keystone Cops.
We are having an internal meeting next week about our next steps and obviously in light of Rob Halfon MP’s continued misrepresentation of the issue, the quicker we get something done the better
After Google confessed the scraped data held more personal information than it first admitted, the ICO's group manager for business and industry, Dave Evans, sent an email to a Google employee with the subject line “guess what this might be about”.
Evans asked the Google employee, whose name has been redacted, if they were free for a “quick chat about the Wi-Fi business”.
“We are having an internal meeting next week about our next steps and obviously in light of Rob Halfon MP’s continued misrepresentation of the issue, the quicker we get something done the better,” Evans said.
The exchange was revealed in a Freedom of Information Act request by PC Pro. However, the ICO refused to hand over details of its Google investigation, claiming the information could hinder other data watchdogs’ on-going cases.
Consequently, all that is publicly known about the ICO’s actual investigation of the illegally scraped data is that two staff members were sent to Google’s office in July – and that has only come to light following a parliamentary question tabled by Halfon.
In response, Halfon told PC Pro that he still believes the ICO should have been tougher on Google. "I've had a very amicable meeting with the ICO, but I still think the organisation is falling short in its investigation of Google."
Undertaking edit
After Google admitted collecting personal data, the ICO declared the incident a “serious” breach of the data protection act. The watchdog required Google to sign an “undertaking notice,” promising to delete the data, submit to an audit and improve its data practises.
The documents show that the ICO let Google submit changes to the undertaking, notably asking the watchdog to shrink down the scope of the audit.
“That draft scope was however extremely wide and one Google would definitely not be comfortable with without considerable refinement and discussion,” wrote a Google employee.
Google later explained that the company was worried about the precedent the audit might set in other countries.
The two organisations debated the timeframe, with the ICO preferring the audit happen within six months, while Google appeared to favour a year. In the end, the pair split the difference and agreed on nine months.
Actual work?
The documents also show ICO employees didn’t initially believe investigating the issue was "actual work".
“Apologies for taking a while to get back to you with yet more questions, but restructuring in the office and other (actual) work has delayed my response somewhat,” Evans wrote in May to a Google employee, two months before the watchdog looked at a sample of the collected data.
The two collections of emails can be viewed in PDF format below.
From around the web
No surprise here
Once companies reach a certain size, they think that the world must serve them. Lying, cheating and stealing are no longer ethical failures but opportunities to hire more lawyers and pay more bribes.
By Sir_Reginald on 21 Dec 2010 
ICO most at fault
I think the thing that I find most disturbing is not that Google should seek to protect itself, (as any private company would) but the astonishingly woeful attitude from the ICO - an organisation designed to protect us, the general public.
Not only are they too 'chummy' by half with the private businesses they regulate, they seem positively subservient in their dealings with them.
A shame they couldn't take that same attitude with the MP's, (and so by definition the public they represent) - as from this they seem to hold both us and our elected representatives in open contempt.
A culture change of about 180 degrees needed at the ICO I think...
By Mr_John_T on 21 Dec 2010
ICO competence is also an issue
What is obvious from the correspondence is that no-one in the ICO had the technical competence to independently assess what Google were doing. It's the equivalent of the Police having no-one who understands internet crime.
By milliganp on 22 Dec 2010
Pay peanuts get monkeys
It’s just a case of the old adage if you pay peanuts you get Monkeys.
It could be seen with the fiasco of the global bond crises where you had people on 6 figure pay running rings around the people on 5 figure sums supposedly policing them and now we are all paying for it with increased unemployment and rate cuts, rather than them being put in prison and there property sized for legal earnings as would be the case with drug runners.
We have the same hear note it wasn’t the man from Google saying stupid things, Google has the sense to employ the best graduates and see what happens as they run rings around the old school tie. I know who isn't going to get a job at google now!
By andy_macleod on 23 Dec 2010
But who got the peanuts
@andy_macleod uses the old adage that if you pay peanuts you get monkeys. However these civil servants may be monkeys, but they are paid very very large numbers of peanuts!
However from reading the email, I would wonder who it is that is paying the monkeys! Google are not short of peanuts.
By alexbowden2 on 23 Dec 2010
Criminal Injustice System
First let me say that I have no axe to grind against Google,
I think they are great in general.
I do however feel that Google has have been treated with
extreme generosity by the Criminal (in)Justice System
in the UK.
Compare and contrast.
Gary Mackinnon
Paul Chambers
Google
# Gary Mackinnon #
Hacked into perhaps a hundred or few computers, read some UFO files,
left a few messages, pissed off.
Hounded for nearly 10 years and still still faces extradition.
# Paul Chambers #
Made a joke on twitter.
CPS search with maximum endeavour and eventually find
something to charge him with.
Convicted, loses his career. OVER A JOKE!
# Google #
Hack into **millions** of UK computer systems, record private data.
No prosecution authority gives a damn.
This is clearly one law for the defenceless private individual and
a completely seperate and munificent lack of laws for a powerful
corporation.
I find it truely disgusting.
By JamesJones on 24 Dec 2010
“Apologies for taking a while to get back to you with yet more questions, but restructuring in the office and other (actual) work has delayed my response somewhat,”
To me it sound as if the writer thinks restructuring the office is something that gets in the the way of actual work.
A refreshing attitude.
By SimeonBeresford on 25 Dec 2010
Hacked?
How exactly did Google "hack" into people's UK computer systems? They received unencrypted wireless data broadcasts.
I use my TV to receive the BBC's unencrypted wireless television broadcasts, does that make me a hacker?
At least with all the publicity this non-story's getting, people with wireless networks may actually take a look at their setup and ensure it's secure, changing the security key from the default if necessary (many WPA/WEP keys can be calculated from the broadcast SSID, for example those used on Alcatel/SpeedTouch/Thomson/Technicolor devices).
By mspritch on 30 Dec 2010
Hacked?
Isn't putting in a pasword hacking?
Or should a password be secure?
By andy_macleod on 5 Jan 2011
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
