Feeds

Oz privacy boss says Google Wi-Fi slurp breached law

Watchdog: US Congresspeople were slurped (maybe)

  • alert
  • submit to reddit

Protecting against web application threats using SSL

The Australian Privacy Commissioner has ruled that Google ran afoul of the country's privacy laws when its Street View cars collected personal data from open Wi-Fi networks.

"On the information available I am satisfied that any collection of personal information would have breached the Australian Privacy Act," said Privacy Commission Karen Curtis in a statement.

"Collecting personal information in these circumstances is a very serious matter. Australians should reasonably expect that private communications remain private."

Under the Privacy Act, Curtis is unable to sanction a company when she initiates an investigation. But she ruled that Google must publicly apologize, conduct "privacy impact assessments" of any new Street View data collection in Australia that includes personal information, and regularly consult with her about "personal data collection activities arising from significant product launches" in Australia.

"My role is to work with the organisation to ensure ongoing compliance and best privacy practice," Curtis said. Google must follow Curtis' directives for three years.

Google duly apologized on its Australian blog. "We have been working with the Privacy Commissioner to support her investigation into what happened. We welcome today’s conclusion of this investigation, and as a result we have committed to working even more closely with them going forward on the privacy implications of our product launches," the company said.

"We want to reiterate to Australians that this was a mistake for which we are sincerely sorry. Maintaining people’s trust is crucial to everything we do and we have to earn that trust every single day. We are acutely aware that we failed badly here."

The Australian Federal Police have launched a separate investigation into Google's Wi-Fi data collection. And since this and other investigations may still be ongoing, Curtis said she would not comment in more detail.

In May, with a blog post, Google said that its world-roving Street View cars had been collecting payload data from unencrypted Wi-Fi network, contradicting previous assurances by the company. The post said that the data was collected by "mistake" and that the data has not been used in any Google products, and the company grounded its Street View fleet.

A month before, in response to a complaint from the German privacy commissioner, a Google blog post said that in scanning Wi-Fi networks its Street View cars were collecting only the SSIDs that identify the networks and MAC addresses that identify particular network hardware, including routers. Google uses this data in products that rely on location data, such as Google Maps.

Google has said it collected payload data in 30 separate countries, and though investigations are still underway in many, the company announced on Friday that after speaking to regulators, it is sending its Street View Cars back on the road in Ireland, Norway, South Africa, and Sweden. This cars will resume their 360 degree picture taking next week, but they will no longer collect any Wi-Fi information.

In an effort to spur a Congressional investigation in the States, the consumer watchdog known as Consumer Watchdog has retraced Street View's past Washington D.C. routes and found that various members of Congress have open Wi-Fi networks whose data may have been lifted by the Google cars. The watchdog wrote a letter to Representative Jane Harman, chair of the Homeland Security Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment and a former ranking member of the Intelligence Committee, telling her that Google may have lifted her personal info.

"We write to warn you that with commonplace technologies, the Internet and email activity at the homes of Members of Congress can easily be spied upon," the letter reads. "We are sure of this because Google recently admitted it has collected large quantities of internet data from houses all over the United States. One of these houses may have been yours."

"We know this because we recently performed a simulation of Google’s operation and sent 'packet sniffers' to the neighborhoods of several Members. In several locations, we found unencrypted networks, including at least one that we are certain belongs to your residence in Washington, DC."

Previously, some members of Congress called on Google to further explain its actions, but there has been no official hearing.

It's also rather amusing that the chair of the Homeland Security Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment and a former ranking member of the Intelligence Committee doesn't encrypt her Wi-Fi network. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.