Google accidentally collected WiFi data
In their recent blog update, Google admitted that they inadvertently gathered data from unencrypted WiFi networks, using the Street View cars as the collectors. This comes about a month after Germany’s data protection agency (DPA) in Hamburg started looking more closely at what the Street View vehicles were doing, after it was discovered that the cars were logging access points.
Google initially reported that they were merely collecting the locations of access points as they snapped photos and mapped building, but as it turns out, they were actually collecting payload data as well. Apparently due to a piece of code that made it into the Street View cars, this data was being collected without Google’s knowledge, and was never used in any of their products.
…while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.
Since the vehicles move through streets relatively quickly, what they logged is likely little more than snippets from each of the open WiFi networks, but does raise legal concerns, as it could be seen that the Street View cars were wiretapping WiFi networks for data. This data has been collected in all regions that Street View vehicles have been operating up until this announcement. At this point, the Street View fleet has been temporarily grounded, and they will stop collecting WiFi data altogether moving forward.
This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today. Earlier this year, we encrypted Gmail for all our users…
While it’s true that open WiFi networks are a bad thing, unless you’re deliberately leaving it open as a public service, maybe Google shouldn’t have mentioned that it wasn’t until 2010 that they turned on secure web mail by default. That’s actually kind of embarrassing.