States Probe Google Street View

About 30 US states may investigate Google for illegally collecting private information from unsecured wireless networks when taking pictures for its Street View program. The LA Times has more:

(When driving past homes to take pictures for Street View) Google did not disclose to users…that its cars were also fitted with radio receivers meant to gather information about home and business Wi-Fi networks in the areas where the cars were traveling. Because Wi-Fi networks tend to be static — like street names and ZIP Codes — they are useful for Google applications that need to triangulate the current location of mobile phones — as when Google Maps is helping a user determine driving directions.

However, along with the names of the Wi-Fi networks, Google was also collecting private information that was traveling across those networks — much of it from people who had failed to password-protect their personal networks. In the three years that its fleet of cars has been roving the streets, Google says it has collected 600 gigabytes of unsecured data.

The company has apologized for collecting the private data, saying it failed to realize that its software was sniffing the data out of the air. Google maintains it has not used or analyzed the data for any of its products and has begun destroying the data in several countries where it was requested to do so.

“It was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal. We’re working with the relevant authorities to answer their questions and concerns,” a Google representative said in a statement.

Google was collecting MAC (media access control) addresses, SSIDs (service set identifiers), and unencrypted Wi-Fi network content, according to privacy expert Alexander Hanff. Such content could include email addresses and Web browsing information. Collecting network content is criminal in some places, writes Hanff, which is probably why Google apologized right away. He also says that

the data is incredibly rich as it contains the IP address of the user, the IP addresses of the services they are using, the content of those communications such as web pages or emails and more importantly it was tagged with GPS data.

Google already stores and retains IP addresses and search data and over time builds up a profile of individuals based on their online behaviours, which it argues allows it to deliver more relevant advertising. But one thing Google has not been able to do until now is accurately predict where you live (unless you tell them), as IP addresses are not generally registered to a real person – they are usually registered to your Internet Service Provider (ISP) which in turn allocates an IP address to you.

Whereas there is limited geographical information on an IP address – usually to the country level though sometimes more granular – by correlating this Wi-Fi data with existing IP data Google would then be in a position to determine your geographical location to literally within a few meters. There is a real value in this for location-based advertising, which attracts a premium compared to generic advertising as it is more focused.

He goes on to explain why Google should be held legally accountable here.

French authorities are also in the process of deciding whether to prosecute Google for the same issue.

How much responsibility Google has for obtaining information that was publicly visible anyway is up for debate (as herds of lawyers seem to be proving). To me, what makes this case creepy is the same thing that makes any Google data collection creepy. That is, Google may collect and organize data for its own commercial purposes, but governments, in turn, could request that data for different, potentially more sinister purposes. For example, Google has handed over its Street View user data to the governments of Germany, France, and Spain. I doubt the governments can do much with this particular data, but the point is that Google can collect information and hand it over to governments, who may then use it for anything from criminal investigations to censorship.

Interestingly enough, Google itself has a new tool that tracks government requests for its data. Brazil is leading the pack, but the US is close behind. I’d love to see the tool record statistics on what that data is being used for.

SEE ALSO:
SendinBlue Review: The Best Ecommerce Email Marketing Software
  • Ram Jaladi

    That’s ridiculous, If it’s not secure anyone can sniff it. Why google!