Lies, spies, and Wi-Fi: Google fesses up

Google admits it knowingly gathered sensitive data from unprotected Wi-Fi networks with Street View and did nothing to stop it. The FCC fine: Pocket change

Remember how surprised Google was when it found out that its Street View vans had slurped up some 600GB of juicy personal information from unprotected Wi-Fi networks as they drove by snapping photos of our homes?

It turns out Google knew about it all along but did nothing to stop it. Oops.

[ Also on InfoWorld: Who else has Google been targeting? Apple, Microsoft, and Facebook, to name a few. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

Late last week, Google released a redacted version of the FCC report on its Street View probe [PDF]. It turns out that, yes, that Wi-Fi spying was deliberate, and yes, the entire Street View Team was informed about it, though whether that knowledge made it to three-headed dog at the top of the Google food chain is unclear.

It is a damning document. But before we get into that, let's step back into the Wayback Machine and take a look at what Google said on April 27, 2010, when the German government's Data Protection Authority first accused Google of Wi-Fi spying:

... we do not collect any information about householders, we cannot identify an individual from the location data Google collects via its Street View cars....We do not believe it is illegal -- this is all publicly broadcast information which is accessible to anyone with a Wi-Fi-enabled device.

Two weeks later, Google issued a "clarification and an update," admitting its earlier blog post was, well, a lie. Google also claimed that the bits of data hoovered up by its Street View vans were merely random snippets that could not be used to identify individuals.

...it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks, even though we never used that data in any Google products.... So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental Wi-Fi project wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data. A year later, when our mobile team started a project to collect basic Wi-Fi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their software -- although the project leaders did not want, and had no intention of using, payload data.

In an October 2010 blog post, Google admitted that "in some instances entire emails and URLs were captured, as well as passwords."

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies