Google Admits to Collecting Personal Wi-Fi Data

Google isn’t doing itself any favors with the latest admission that is has indeed collected personal data from wireless networks with its Street View cars, despite previously claiming that it didn’t. Google says the data was collected ‘by mistake,’ but that probably won’t matter much to the privacy advocates and official regulators who were already displeased with Google’s practices. The company wants to delete all the personal data collected and is asking regulators in ‘relevant countries’ how to proceed.

Google’s Street View cars have been collecting images of the world’s cities sometimes to the criticism of locals or authorities, especially in Europe. Along with the images, the cars also collected public Wi-Fi data which Google then used for its location services. The Wi-Fi location data Google and others provide make it easier for mobile devices to determine their position without relying on GPS data which can be slow or inaccessible in cities.

However, Google has now admitted that apart from the wireless networks’ SSID information and MAC addresses, which were used to identify the networks and are publicly available to anyone within range of the wireless router, the Street View cars also collected partial payload data from open networks, those not using any encryption or passwords.

“So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data,” Alan Eustace, senior VP of Engineering and Research at Google, explained.

Google says it found out about the situation when it embarked on a full investigation of its software, spurred by the request from the German data officials. The actual data collected is likely not that useful, the Street View cars are on the move and switch Wi-Fi channels several times a second. This means that any payload data that it did collect is in most cases incomplete.

However, all that data, collected over three years, has been stored by Google. The company is apologetic about the situation and says it will delete any data it has mistakenly collected. The servers holding it have been isolated from any network, making them inaccessible to the outside world. Google is now asking regulators to help it dispose of the data quickly. What’s more, the company has vowed to stop collecting any Wi-Fi data with its Street View cars from now on.

There’s no reason to believe that Google has gathered this data on purpose. Still, regardless of why it did it, it is now facing legal threats in plenty of countries. The actions may fall into the US wiretap laws, but only if it can prove that Google’s actions were intentional. Laws in Europe are stricter though and since the company was already under intensifying scrutiny on both sides of the Atlantic it’s unlikely that this will fly under the radar.