What's so bad about the Google Street View data flap?
The revelation that Google Street View cars accidentally recorded personal data from 'open' WiFi networks has Germany and privacy advocates upset.
Privacy conspiracy theorists hit the mother lode Friday with Google's blog post detailing its inadvertent collecting of snippets of personal data from Google Street View cars in Europe. But why all the fuss?
Google Street View, for the uninitiated, is the photo-based online mapping add-on Google rolled out in 2007. Images taken by specially outfitted cars are paired to GPS coordinates and, when viewed online, present an "as if you were there" view of the searched-for address.
The program has met with with equal parts embrace and hostility. Wayward travelers appreciate the ability to see what an unfamiliar place looks like before venturing out – or even on-the-spot, using a mobile device. Governments and advocates have raised concerns grounded in homeland security, privacy, and data retention policies. Google says it has striven to comply with individuals' and governments' requests to take down or blur photos with easily identifiable faces or sensitive information.
It had been known that Google and other companies compile databases of home and business wireless computer networks for use in mobile phone location applications – the protocol is at times faster but less accurate than GPS for gauging a location. But Friday's revelation takes the Street View concerns in a different – and litigiously stickier direction. "Googlemobiles," the kitted-out camera cars the company uses to collect images, had been unintentionally recording some of the data transmitted over those wireless networks.
Asked to look into its data-collection practices by Germany's Data Protection Authority, Google says it found that, though at first it thought it hadn't, the company had been collecting private data in its scans of open wireless computer networks. "It’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products," wrote Alan Eustace, Google Senior Vice President of Engineering & Research.
In other words, Google had been collecting not only the name and location of the open WiFi access points its scanner-equipped cars encountered, but possibly some of the data being transmitted over them, as well. Lists of sites – even passwords – may have been logged. Google has tried to lessen the blow by saying its cars are always on the go, and someone would need to have been using the WiFi network when the car passed by, and its scanners change wireless frequencies five times a second. But European authorities are still miffed.
“Based on the information we have before us, it appears that Google has illegally tapped into private networks in violation of German law,” said Ilse Aigner, Germany's minister for food, agriculture, and consumer protection, in a statement. “This is alarming and further evidence that privacy law is a foreign concept to Google."
Google has hired a third-party auditor to analyze the Street View software and to determine what data it gathered. The auditor will also confirm that the data has been appropriately deleted.
That may not be good enough for Germany. As the New York Times reports, "Till Steffen, the justice senator for the city-state of Hamburg, where Google’s German headquarters is located, ... introduced a bill in the German Parliament that would fine Google for displaying personal property in Street View without the consent of owners."
More legislative action and penalties could follow. According to the AP, Google gathered 600 gigabytes of data from WiFi networks in more than 30 countries, including the United States.