Well Google has been getting quite a lot of flack lately over the fact that it had been scanning open Wi-fi access points whilst compiling data for street view.
At first people just thought it’s fair enough, they are just scanning for the SSID and recording if it’s publicly accessible or not – which in all honestly is useful info to have in a mapping system. What alarmed people was after some investigation they were also recording the actual payload data from the Wi-fi networks including any passwords that happened to be sent in plain text.
And they’ve been doing this for 3 years!
The Metropolitan Police force has confirmed it will investigate Google following the company’s recent admission it had mistakenly collected data from unsecured Wi-Fi networks for the past three years. “The MPS has received a complaint regarding alleged access to online activities broadcast over unprotected home and business Wi-Fi networks,” the police force told PC Pro.
“The matter is now under consideration. It has yet to be determined what, if any, offences may have allegedly occurred.” The police will first identify if any laws have been broken. If so, the initial investigation is expected to take up to ten days. The investigation follows a complaint from Privacy International over Google’s activities.
“I don’t see any alternative but for us to go to Scotland Yard,” Simon Davies from Privacy International said last week. Davies was referring to the UK Information Commissioner’s Office’s (ICO) reluctance to investigate the matter. The ICO said while it was aware of the issue, it would only investigate if it finds “evidence of significant wrongdoing”.
The initial investigation is currently ongoing to firstly ascertain if any laws have actually been broken, and well the UK has some pretty tight privacy and data protection laws so I’d be surprised if Google come out of this smelling of roses.
Thankfully the German’s had audited the data so everyone else in the World got to know what Google was really doing, now it’s up to individual countries to protect their users and do something about it.
Or not as the case may be as the people were basically broadcasting that data to the World by using an unencrypted public Wi-fi network and not logging in via SSL/TLS.
Google’s error came to light after the German data protection authority audited the Wi-Fi data collected by Street View cars for use in location-based products such as Google Maps for mobile.
The authority revealed that as well as collecting SSID information (the network’s name) and MAC addresses (the number given to Wi-Fi devices such as a router), Google had also been collecting payload data such as emails or web page content being viewed. However, the French National Commission on Computing and Liberty (CNIL), which has started its own investigation into the issue, passwords and emails were among the Wi-Fi data mistakenly collected.
“We are pleased that the police have taken up this complaint for investigation. An evidence based approach to this complex matter is sorely needed now,” said Davies. “We hope that this difficult process will give Google pause for thought about how it conducts itself. Perhaps in future the company will rely less on PR spin and more on good governance and reliable product oversight.”
Google did not respond to a request for comment.
The French are also stepping up and investigating the matter under CNIL, and it was they who exposed the fact Google were capturing e-mails and passwords.
At the moment it all stands under the premise of ‘mistaken collection’ and that perhaps the Google Engineers had enabled some testing features which captured too much data by mistake.
Google hasn’t responded to the claims or accusations so we’ll have to wait and see how this pans out.
Source: Network World