In a blog post published Friday, Google admitted to 'mistakenly' collecting sensitive private data sent over WiFi networks.
Germany's data protection authority (DPA) requested Google audit the WiFi data collected by its Street View cars. The audit revealed that contrary to the company's claims, for at least three years, Google has been collecting payload data (the information users send over a wireless network) from non-password-protected WiFi networks. A programming error from 2006 was at fault.
Explaining how this collection of sensitive data occurred, Google's Senior VP of Engineering & Research Alan Eustace said, "Quite simply, it was a mistake." He explained, "An engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data."
Google outlined the steps it plans to take as a result of the mistake. The company says it intends to delete the data "as quickly as possible." It has already grounded its Street View cars, and will halt collection of WiFi network data.
Additional measures include:
* Asking a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that we deleted the data appropriately; and
* Internally reviewing our procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future.
Google tried to mitigate concerns by clarifying that none of the private data was used in Google products and only "fragments" of information were collected.
The admission comes following outspoken criticism from Germany's Federal Data Protection Commissioner Peter Schaar, who was "horrified" to learn that Google's Street View car cataloged private WiFi network data like Mac (Media Access Control) addresses and SSIDs, in addition to snapping pictures of public streets.
Read Google's full blog post here.