Feeds

You know what Google needs? Another Street View data-slurp probe

London's man in Europe wants UK to launch an inquiry

Combat fraud and increase customer satisfaction

A UK inquiry should be held to determine whether Google knew that its Street View cars were collecting personal data over unsecure Wi-Fi networks for use in other projects, a politician has said.

Claude Moraes, an MEP who represents London, said that allegations contained in a recent US regulator's report into the matter should be followed up in the UK.

In May 2010 it emerged that the cars Google used to photograph towns and cities for its Street View service had also been scanning the airwaves to identify and map Wi-Fi networks. This process resulted in the gathering and storage of data snippets as they passed through the networks.

Earlier this year the Federal Communications Commission concluded its investigation into Google's unlawful collection of personal information. It found that a single engineer working for the company had intentionally written software code that allowed the Street View cars to collect "payload" data from unencrypted Wi-Fi networks the cars came within range of "for possible use in other Google projects."

The software design was pre-approved by a manager at the company. It enabled the gathering of entire emails, usernames and passwords when Google's camera-mounted cars scanned Wi-Fi networks.

The FCC said Google had disclosed details that "revealed that on at least two occasions [the engineer] specifically informed colleagues that Street View cars were collecting payload data". The information also confirmed that the engineer told a senior manager on the Street View project that the software had "sniffed out" the data.

However, the regulator's report said "Google's supervision of the Wi-Fi data collection project was minimal". The FCC fined Google $25,000 for "wilfully and repeatedly violating" its requests for responses to its inquiries but said it had "decided not to take enforcement action" against the company.

"These allegations are extremely worrying and could point to a trend where private companies are purposefully intending to harvest private data without citizens' authorisation," Moraes said in a report. "Allegations that Google may have had knowledge of their actions are extremely serious.

"Given the extent of the data that was taken, I am calling for an inquiry in the UK so that lessons can be learned. At the very least, this case indicates that private companies are taking a cavalier approach towards privacy policy and data protection rules in Europe," he said.

Last month the Information Commissioner's Office (ICO) told Out-Law.com that it would study the FCC's report and that it could yet determine to take enforcement action against Google for the unlawful data collection.

The watchdog has previously conducted two assessments of the data breach. In its initial assessment in July 2010 the ICO declared that it would take no action because it was "unlikely" that Google had gathered much personal data. However, following investigations by Canada's Privacy Commissioner the ICO decided to reinvestigate. Canadian Privacy Commissioner Jennifer Stoddart had said that entire emails, highly sensitive personal information and even passwords were collected by Google. The company has admitted the claims.

In its second assessment in November 2010 the ICO determined that Google's Wi-Fi data gathering activities had been a "significant breach of the Data Protection Act" but decided not to fine the company. The Data Protection Act provides that it is unlawful to obtain personal data knowingly or recklessly. Instead the ICO warned of taking "further regulatory action" if Google did not comply with undertakings it agreed to. Those undertakings committed Google to improving its privacy policies and consenting to the ICO conducting an audit of its practices.

In reporting on the outcome of its audit in August last year the ICO said that Google had offered it "reasonable assurance" that it had made changes to how the company addresses privacy issues.

However, a spokesperson for the ICO previously told Out-Law.com that enforcement action may yet be taken against Google after the watchdog had studied the FCC's findings.

The ICO is due to conduct a follow-up to its privacy audit of Google this month.

Last month the Guardian newspaper reported that Google may face a police or Home Office investigation into whether its Street View data collection amounted to a breach of UK communication hacking laws.

The Regulation of Investigatory Powers Act (RIPA) sets out the laws relating to lawful and unlawful interception of communications. Under RIPA unlawful interception takes place if a person makes "some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication". It also states that interception is illegal on messages stored "in a manner that enables the intended recipient to collect it or otherwise to have access to it".

Under RIPA law enforcement agencies, including the police and MI5, can tap phone, internet or email communications to protect the UK's national security interests, prevent and detect terrorism and serious crime or to safeguard the UK's economic well-being.

Telecoms firms are allowed to unintentionally intercept communications in line with RIPA if the interception "takes place for purposes connected with the provision or operation of that service or with the enforcement, in relation to that service, of any enactment relating to the use of postal services or telecommunications services."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Top three mobile application threats

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
UK.gov chucks £28m at F1 tech for buses and diggers plan
Well, not really F1 but who's heard of LMP and VLN*?
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.