Street View: Google given 35 days to delete wi-fi data

[Deleted]

source: http://www.bbc.co.uk/news/technology-23002166



Google's adapted Street View cars were also collecting information from unsecured wireless networks in towns and cities
Continue reading the main story
Related Stories

Google staff 'knew of snooping'
Google fined in Street View probe
Google has been given 35 days to delete any remaining data it "mistakenly collected" while taking pictures for its Street View service, or face criminal proceedings.

But the UK Information Commissioner's Office did not impose a fine.

Its investigation into Google reopened last year after further revelations about the data taken from wi-fi networks.

During that inquiry, additional discs containing private data were found.

Google had previously pledged to destroy all data it had collected, but admitted last year that it had "accidentally" retained the additional discs.

The ICO has told the search giant it must inform it if any further discs of information are discovered.

'Serious lack of oversight'
"Today's enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further discs are found," said Stephen Eckersley, the office's head of enforcement.

Continue reading the main story
What did Google do wrong?

Google Street View, which launched in 2007, has been one of the search company's most ambitious projects to date.

Using specially-adapted cars, it created panoramic images of more than five million miles of the world's roads.

But it was during that process, in 2010, when one unnamed Google engineer wrote a piece of software that would pull data from the unsecured wi-fi networks the car encountered as it drove through towns and cities.

The data included personal emails and other sensitive information.

Google has said it did not plan to collect this data, and that the engineer was acting independently. However, it later transpired that at least one senior manager at the company was aware the collection was taking place.

To date, various regulators around the world have for the most part agreed with this assertion, concluding that the "mistakenly" gathered data was a result of sloppy management at a low level, rather than misguided direction from the top.

"Failure to abide by the notice will be considered as contempt of court, which is a criminal offence."

However, unlike authorities in the US, the ICO said it would not be issuing a fine.

"The detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty," it said.

It concluded that the collection of the data in 2010 was due to "procedural failings and a serious lack of management oversight", but agreed with Google's assertion that the company did not order the actions at a corporate level.

In a statement on Friday, Google said: "We work hard to get privacy right at Google.

"But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it.

"We co-operated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."

'Impeded and delayed'
Inquiries into Google's data gathering began in 2010 when it emerged an engineer had written software code to gather information from unsecured wi-fi networks.

Cars taking pictures for the company's massively popular Street View service were used to capture the information.

The company was fined by $25,000 (£15,700) by the US Federal Communications Commission in April last year.

Continue reading the main story
“
Start Quote

Is our privacy somehow less worthy of protection?”

Nick Pickles
Big Brother Watch
The FCC levelled heavy criticism at the company, saying it had "deliberately impeded and delayed" the investigation for months.

Its investigation found that data had been discovered in 30 countries, and included "complete email messages, email headings, instant messages and their content, logging-in credentials, medical listings and legal infractions, information in relation to online dating and visits to pornographic sites".

'Setting a precedent'
The engineer told the FCC that at least two other Google employees, one a senior manager, knew about the data gathering.

Nick Pickles, director of the privacy campaigners Big Brother Watch, criticised the ICO decision.

"People will rightly look at the UK's approach to this issue and ask why, given regulators in the US and Germany have fined Google for exactly the same infringement, it is being allowed to escape with a slap on the wrist in Britain.

"Is our privacy somehow less worthy of protection?"

[fluffhead]

inb4 if you have nothing to hide why worry?

[ManyHamsters]

Lol @ "We work hard to get privacy right at Google." Your gmail account is theirs to browse and forward at their convenience. Check your agreement.

Additionally, I'm sick of all of these wrist-slapping measures for BLATANT theft and invasive measures by corporations. If an individual was collecting aforementioned data, they would get jail time along with a huge fine.

[TrumpIsPresident]

Oh you didn't secure your network and its somebody else's fault?

Good ol' Blame-Everybody-But-Me movement.

[lockedout]

inb4 if you have nothing to hide why worry?

CIA funded google start up.
Just google returning the favor.

---------- Post added 2013-06-21 at 10:05 PM ----------

Oh you didn't secure your network and its somebody else's fault?

Good ol' Blame-Everybody-But-Me movement.

The engineer specifically wrote software to probe and collect data from them supposedly acting as a rogue agent.

[Deleted]

Lol @ "We work hard to get privacy right at Google." Your gmail account is theirs to browse and forward at their convenience. Check your agreement.

Additionally, I'm sick of all of these wrist-slapping measures for BLATANT theft and invasive measures by corporations. If an individual was collecting aforementioned data, they would get jail time along with a huge fine.

problem is dint all email providers browse and forward at there covienence all the major email clients do i think. google,hotmail,yahoo there the big 3 most people use

[TrumpIsPresident]

The engineer specifically wrote software to probe and collect data from them supposedly acting as a rogue agent.

Ya I didn't mean to imply it was an accident. I'm just sick and tired of the Blame-Everybody-But-Me movement. If i left a big sack of money on the street and came back a day later to find it missing, am I not to blame?

[Users]

I think it's safe to assume some of the higher ups knew about this from the beginning and was hoping it would just come to light.

And

Nick Pickles

lawl.

[darkwarrior42]

Ya I didn't mean to imply it was an accident. I'm just sick and tired of the Blame-Everybody-But-Me movement. If i left a big sack of money on the street and came back a day later to find it missing, am I not to blame?

I think you'd bear responsibility, but not blame.

If I forget to lock my house and someone walks in and steals my computer, that person is still a criminal guilty of theft and should be arrested and prosecuted as such... but I would bear responsibility for enabling that person to do so, because I failed to take reasonable precautionary measures.

In this case, Google is morally. ethically, and apparently legally responsible for their actions, but the people running unsecured wi-fi networks are still idiots and shouldn't be surprised their data was stolen. Furthermore, we know that Google stole some of their information... how many others have stolen information from these unsecured wi-fi networks? How many of these idiots will fail to secure their networks even after learning that their information has been compromised in this manner?

(And to use a WoW example, if there's a bug in the WoW code that enables an exploit, Blizzard bears responsibility for enabling the exploit... but if you choose to use it for personal gain, you're still at fault for doing so and will bear the consequences of their actions.)

In short: The people who failed to secure their networks bear some responsibility, but that doesn't negate the legal or ethical violation's on Google's part, nor should it absolve Google of their crimes or excuse them from compliance or punishment.

[oxymoronic]

CIA funded google start up.
Just google returning the favor.

---------- Post added 2013-06-21 at 10:05 PM ----------



The engineer specifically wrote software to probe and collect data from them supposedly acting as a rogue agent.

rogue agent? wth is this 007? you putting way too much into this

[DEATHETERNAL]

Wait... unsecured networks are.... UNSECURED???? LIKE, PEOPLE CAN ACCESS THEM WITHOUT ME KNOWING????

Seriously, any information you just broadcast into open space or allow to be accessed by anyone who wants to without even making an attempt to make it secure is not private and should not be protected as private. This is like me painting my social security number and other personal information on the outside of my house facing the street, and then being surprised and outraged when people read it.

[Nengal]

Unsecured Wifi = Public. I don't care where the access point is. If you want it to be private, take 30 seconds and secure it.

[Deleted]

dunno why people use wi-fi anyway its hit slow on computers compared to wired, the main sue of wi-fi is on smartphones etc

[skatblast]

dunno why people use wi-fi anyway its hit slow on computers compared to wired, the main sue of wi-fi is on smartphones etc

Cant tell if serious but there are plenty of reasons and too many to list.

[Payday]

CIA funded google start up.
Just google returning the favor

By selling servers to intelligence agencies?