German privacy regulators love to get everyone worked up about various, horrible privacy violations companies engage in. But it is their job after all, so maybe there’s nothing to read into it. Their favorite target of late has been Google and especially its Street View product, which isn’t even available in Germany yet. The service, which aims to provide 360-degree imagery of cities and public roads, has been attacked by German officials, and individuals, on several occasions.
German Federal Data Protection Commissioner Peter Schaar has now managed to uncover another ugly truth, Street View cars are equipped with WiFi scanners that map the location of wireless networks. The official was “horrified” to find out that Google’s seemingly benign Street View cars were actually a cover for this nefarious undertaking.
The data-protection official is worried that Google is acquiring various pieces of information about WiFi networks, including their location, name and protection protocol. The worse part, Schaar says, is that all this data is linked to a physical MAC address that could then be used to link IP addresses to real locations and, by extension, to real people.
On the face of it, it looks pretty bad. Google is covertly acquiring massive amounts of data, which it could use in correlation with all of its other data-collection methods to create a very accurate and detailed profile of every Internet user out there.
But there are some very big caveats with the whole logic. For one, this isn’t much of a secret. Google has said that it scans for WiFi networks and mobile-phone relays with Street View cars and this has been known for at least a couple of years.
Still, just because it acknowledges something, it doesn’t necessarily make it right. However, the data it collects is all public, these wireless networks are discoverable by anyone with the intention of doing so. Google doesn’t collect anything that is not already provided publicly. People shouldn’t expect the information that they make public to not be collected.
And the practice of mapping out wireless networks so that they could be used to determine the location of a user is widespread, it is one of the most common ways of figuring out where a user is without access to GPS data. This is how a site or browser can pinpoint your location on a laptop or other devices that don’t have dedicated location hardware.
What’s more, Google certainly isn’t the first one to do it in Germany. The renowned, and partially state-sponsored, Fraunhofer Institute for Integrated Circuits (IIS) has been doing somewhat similar research for a decade now. Commercial companies have been mapping out WiFi locations and selling the data as well.
So why is it that German officials are only now ‘horrified’ by something that has been in practice for several years? Are they selectively targeting Google or are they just plain incompetent? It’s interesting to note that the ‘discovery’ was made at a time when several European countries issued a public request for Google to step up its privacy-protection measures. And, at the same time, Google has revealed data indicating that Germany is the second most active country when it comes to content-removal requests to its many services.
Update: Google has put up an interesting post explaining the importance of 'location' for the web and the means by which a user's location is determined, among which is using Wi-Fi networks. The post doesn't directly address the German official's position, but the timing is more than coincidental.