Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Google Admits Streetview Cars Collected “Entire Emails, URLs and Passwords”

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Google finally admitted (via blog post) that the company’s “Street View” cars had collected data including “Entire Emails, URLs and Passwords” from Wireless Networks in several countries

Alan Eustace, Senior VP, Engineering & Research Google, in an interesting blog post on how Google will be creating stronger privacy controls, slipped in some interesting information at the end of his post. Eustace disclosed that after Streetview WiFi Payload data was analyzed by regulators, the investigations revealed that some incredibly private information was harvested in some cases. While the data was technically broadcasted to the public and anyone with the know-how and appropriate gear could collect the same information, it would be hard for anyone to collect such data on the massive scale that Google did.

Streetview Collecting Emails and Passwords

Google collected the data as a result of code integrated into the software used to identify and map WiFi signals. Google says the code was developed in 2006  by an engineer working on an experimental WiFi project that sampled all categories of publicly broadcast WiFi data. That coded ended up on the systems that power the data collection of the Street View cars.

In very last paragraph of his post written late today, Eustace writes:

Finally, I would like to take this opportunity to update one point in my May blog post. When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.

Earlier this week, Canada’s Office of the Privacy Commissioner issued a press release saying that Google had contravened Canadian privacy law when it inappropriately collected personal information from unsecured wireless networks across the country. The office specifically stated that “Google Street View cars inappropriately collected personal information such as e-mails, usernames, passwords, phone numbers and addresses; Commissioner recommends stronger controls and improved privacy training.” Full release from Canada’s Office of The Privacy Commissioner is available here.

Additionally, in June, France accused Google of collecting private passwords during Street View mapping.

Related Video: Hacker Uses XSS and Google Street View Data to Determine Physical Location

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights