Feeds

Google: Street View cars grabbed emails, urls, passwords

'Mortified' in Mountain View

5 things you didn’t know about cloud backup

Google has publicly acknowledged that the WiFi data collected by its world-roving Street View cars contained entire emails, URLs, and passwords.

On Friday afternoon, with a blog post, senior vice president of engineering Alan Eustace also said – yet again – that most of the data is "fragmentary," and that the company intends to delete the data "as soon as possible."

"I would like to apologize again for the fact that we collected it in the first place," Eustace wrote. "We are mortified by what happened." The company has always said that the data collection was a "mistake," saying that code developed by a single engineer was added to its cars although project leaders had no intention of doing so. Independent investigations have said that the data contained emails and passwords as well as home addresses and phone numbers.

In May, it was Eustace who revealed – with another blog post – that Google Street View cars had been collecting data sent over unsecured WiFi networks, contradicting previous claims from the company.

With earlier public statements, Google had said its cars were collecting only the SSIDs that identify WiFi networks and the MAC addresses that identify particular network hardware, including routers. Google uses such data in products that rely on location data, such as Google Maps.

Privacy authorities across the globe launched investigations of Google's WiFi data collection, and some concluded that the company had violated local laws, including, most recently, Canada privacy commissioner Jennifer Stoddart. Spain has filed a lawsuit against the web giant. Seven investigations have been completed so far, and others are still pending.

When Eustace first revealed the WiFi payload collection, he said the company would review its "procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future." And regulators demanded such reviews as well. So, with Friday's blog post, Eustace also laid out the company's new internal policies.

The company has appointed Google researcher Alma Whitten as director of privacy for both engineering and product management. "Her focus will be to ensure that we build effective privacy controls into our products and internal practices," Eustace wrote.

"She has been our engineering lead on privacy for the last two years, and we will significantly increase the number of engineers and product managers working with her in this new role."

Google has also vowed to increase privacy training among its employees. "We’re enhancing our core training for engineers and other important groups (such as product management and legal) with a particular focus on the responsible collection, use and handling of data."

Beginning in December, all employees will also go through a new information security awareness program, which will include "clear guidance on both security and privacy."

What's more, engineering project leaders will keep document detailing the privacy design of each project they work on. "This document will record how user data is handled and will be reviewed regularly by managers, as well as by an independent internal audit team."

Google has said that its cars collected about 600GB of WiFi payload data across 30 countries. Some of the data has already been deleted at the insistance of regulators in various countries, including Ireland, Denmark, and Austria. But after complaints from a UK-based independent privacy watchdog, it stopped the deletions, which were overseen by a third-party.

Google did not immediately respond when we asked when the deletion would resume. ®

Update

Google has responded. "In some countries where we've been instructed to do so by the authorities, we have deleted the data, "a company spokeswoman said. "We want to delete the rest of the payload data as soon as possible and will continue to work with the authorities to determine the best way forward."

5 things you didn’t know about cloud backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?