Forgot your password?
typodupeerror
Google Privacy Wireless Networking Your Rights Online

Google Says It Mistakenly Collected Wi-Fi Data While Mapping 215

Posted by timothy
from the just-accidentally-of-course dept.
Even if Google says there's nothing to worry about, newviewmedia.com writes, the company "said it would stop collecting Wi-Fi network data from its StreetView cars, after an internal investigation it conducted found it was accidentally collecting data about websites people were visiting over the hotspots. From the WSJ article: 'It's now clear that we have been mistakenly collecting samples of payload data from open [i.e. non-password-protected] Wi-Fi networks, even though we never used that data in any Google products.'"
This discussion has been archived. No new comments can be posted.

Google Says It Mistakenly Collected Wi-Fi Data While Mapping

Comments Filter:
  • Hey, (Score:5, Insightful)

    by Threni (635302) on Friday May 14, 2010 @07:09PM (#32214602)

    they're not called `open networks` for nothing. Tighten up, or shut up. Oh, and postmen read your postcards too.

  • by Mordok-DestroyerOfWo (1000167) on Friday May 14, 2010 @07:12PM (#32214632)
    How in the heck do you "accidentally" gather information over a wireless network? If all you want is a collection of AP's that's one thing, but any storage of packet data no matter how temporary cannot be considered an accident. It has to be planned out and executed. An accident is stubbing my toe on the nightstand, this is an invasion of privacy.
  • by Locke2005 (849178) on Friday May 14, 2010 @07:15PM (#32214680)
    Me: "Why are there drawings all over the wall?!?"
    Her: "It was an accident! I didn't mean to do it!"
  • Skyhook competitor (Score:3, Insightful)

    by ad454 (325846) on Friday May 14, 2010 @07:17PM (#32214700)

    Now that Google has all that StreetView WiFi data, maybe they can put together a free WiFi geo-location service alternative to Skyhook:

    http://en.wikipedia.org/wiki/Skyhook_Wireless [wikipedia.org]

    With regards to privacy, Skyhook has already let the cat out of the bag.

  • Re:Hey, (Score:5, Insightful)

    by marcansoft (727665) <hector@marcanso f t . c om> on Friday May 14, 2010 @07:21PM (#32214746) Homepage

    It's not a man-in-the-middle attack. They were probably just capturing all WiFi traffic in order to search for hotspots, but forgot to filter it so only beacon frames were stored. A proper set of cards sniffing are much more effective at detecting faint hotspots than just mashing on the "scan" button on one card, which probably discards stray beacons.

    It's your fault if you're broadcasting your data all over the airwaves unencrypted where anyone with a passive receiving antenna can pick it up.

  • Re:Shenannigans! (Score:5, Insightful)

    by Anonymous Coward on Friday May 14, 2010 @07:22PM (#32214756)

    Yeah you do. When you say "Hey, let's see what open wi-fi stuff is out there", and tune into those signals, you pick up on some spare traffic...and if you're saving every packet you come across for later processing (like 'what open wi-fi router was this'), then yeah, it's going to get saved like the rest.

    Then they looked at the data they'd saved, said "Oh hey we didn't mean to get that stuff". Kind of like if you're logging all data that someone sends when they're connected to your open Telnet port, and you realize later that it saves their username/password along with the rest--it wasn't a conscious decision, you might not have thought about it at all, you might never plan to even look at the logs except in some specific cases, and while a workaround might take some time...you kind of drop a brick when your legal team realizes you have it.

  • by Spykk (823586) on Friday May 14, 2010 @07:22PM (#32214762)
    As much as I like Google I hope they get the book thrown at them over this. To claim that they have accidently been collecting this data for three years is just silly. If you can make money breaking the rules and there are no consequences when you get caught then why would anyone follow the rules? Corporations are rarely influenced by things like morals or ethics unless there are financial penalties making it the cheapest option.
  • by retech (1228598) on Friday May 14, 2010 @07:28PM (#32214814)
    McDonald's tells everyone: "... we're sorry we made you obese..."
    Steve Jobs said: "We didn't mean to only give the artist $.01 and keep $.70 for us on iTunes."
    Haliburton mentioned: "Oil spills? We had no idea this could happen."

    To trust a company with anything is just stupid. Lock up your doors (or WAPs) people and expect the worst from anyone, you won't be disappointed.
  • by MindPrison (864299) on Friday May 14, 2010 @07:40PM (#32214950) Journal

    ...on one hand we all love to use Google, let's face it - it's the no#1 search engine, finds more data for you than you could ever dream of coming up with on your own or any other engine, shows you the way on your navigator - heck...even shows you where to get hot coffee on a rainy day, free mail service, supports open-source initiatives all over, man - that's like free drugs, you WILL get addicted, and there's really no way out.

    Google and the government have ONE thing in common though, power. And knowledge is TRUE power. Imagine if you knew everyones dreams, thoughts, loves, hates, inventions. Google knows pretty much everything there is to know about me, and yes - I have volunteered to this, I'm addicted to Google, I love what Google provides me with, and I've seen nothing truly sinister from them the last 10 years, something about the truth shall set you free? Maybe there's something to that old saying.

    But the government knows pretty much what they want to know too, why destroy a good thing? I don't think the recording of WiFi spots was a "Mistake", no one in their right mind can make that big of an engineering mistake, it uses extra data, no optimisation in that, but you got to tell them something, so it was an accident.

    Do I believe that Google is Evil? no - I don't, but with any great power - especially knowledge - you have to use it with care, and be careful to whom you hand it to. Admit it - you want knowledge, why should they be any different, the difference is - you hand it to them - voluntarily, and thats not necessarily a bad thing.

    Remember that movie "What Women Want"?, great flick btw. Mel Gibson all of a sudden by accident, gets the gift of being able to read every womans mind, he can hear them speak. This momentarily drives the man crazy, but at the psychologists bench, he discovers that this knowledge is truly a gift - if you knew what a woman want all the time - you could RULE the world.

    There's some truth in that, if you know your audience, you can please your audience like no one else, and you can have it all, future inventions will be based on millions of minds - worldwide - tell me - who would NOT want that?

  • by Dirtside (91468) on Friday May 14, 2010 @08:17PM (#32215296) Journal

    As far as I can tell, Google posted this message without being forced to by any government. Most companies would keep this kind of thing quiet, or lie about it, especially if privacy advocates got wind of it. Google, within a few days of finding out about the issue, posts an APOLOGY for doing something that MIGHT have possibly damaged a few people, IF the information they collected had been leaked.

    Unless we have reason to believe otherwise, Google screwed up, and as soon as they were aware of the mistake, took steps to rectify it and then went public about the mistake. If we get evidence that Google is lying about this, that's another story, but has there been any such evidence yet? I'm all for raking corporations over the coals when they make mistakes and don't own up, but how often do you see a giant corporation blurting out "mea culpa" like this?

    Also:

    As much as I like Google I hope they get the book thrown at them over this. To claim that they have accidently been collecting this data for three years is just silly.

    It's not remotely silly. A week ago I discovered a DB table at my (multinational media conglomerate) company that had been silently logging data for -- wait for it -- three years. It wasn't any personal info, or data we needed, but everyone had forgotten about it. The idea of Google making a similar mistake is not "silly" at all.

  • by FriendlyPrimate (461389) on Friday May 14, 2010 @08:26PM (#32215378)
    I respectfully disagree. If they're telling the truth (and I have no reason to believe that they're not), then they didn't even realize they were collecting this information. They did not use it for monetary gain.

    If anything, this gives me more respect for Google, since they did not have to reveal this information (they could have indefinitely stonewalled...there's no external evidence that they kept this data). They're willing to admit when they do something wrong. That scores points in my book. Kudos to Google.
  • by Anonymous Coward on Friday May 14, 2010 @08:47PM (#32215598)
    So let me get this straight:

    - A company accidentally collects data that careless users broadcast to anyone who is listening.
    - The data is largely worthless anyway due to the circumstances. (car was in range for almost no time, users would have had to be transmitting at exactly the right time)
    - The company doesn't realize they actually have this data, and doesn't do anything with it.
    - Once they actually find out they have this data, instead of trying to hide it or make excuses, they voluntarily come forth and detail exactly what happened and exactly how they're going to get rid of the data, including allowing third-parties to inspect their code.

    ... and you think they should be PUNISHED for this? If anything, all companies should act this way.
  • Re:Hey, (Score:4, Insightful)

    by tomhudson (43916) <.barbara.hudson. ... bara-hudson.com.> on Friday May 14, 2010 @09:30PM (#32215982) Journal
    The article indicates that the original software was expressly written with logging capability. They somehow "forgot" to remove it. And nobody noticed. For three years!?!
  • Re:Hey, (Score:4, Insightful)

    by tomhudson (43916) <.barbara.hudson. ... bara-hudson.com.> on Friday May 14, 2010 @09:33PM (#32215996) Journal

    They were storing the payload for the last 3 years. Three years, and NOBODY noticed? Nobody said "is this even legal in all the places we operate?" Nobody said "Can this come back and bite us on the ass?"

    3 years is a long time to "accidentally" be doing something when it's your profession.

  • by tftp (111690) on Friday May 14, 2010 @10:19PM (#32216324) Homepage

    - A company accidentally collects data that careless users broadcast to anyone who is listening.

    Two people have a quiet, private conversation in an empty street. They have a reasonable expectation of privacy. A car with a sensitive microphone drives by and records several seconds of the conversation, without participants' knowledge.

    - The data is largely worthless anyway due to the circumstances.

    Google wouldn't deploy a system for collecting worthless data on thousands of StreetView cars over three years. It's not like a lowly code monkey made a build with a few extra #defines, threw it over the wall and forgot about it. The car has to have WiFi, the operators have to be trained to use the system, and the collected data has to be taken out of the car and stored somewhere on company's servers. This can't happen accidentally.

    - The company doesn't realize they actually have this data, and doesn't do anything with it.

    That assumes that thousands of Google coders, workers and managers are idiots. Far more likely is that Google, being in data mining business, were perfectly aware of every aspect of this collection. It costs money to run StreetView cars, so they packed the cars with everything they could think of, and collected everything that they could.

    - Once they actually find out they have this data, instead of trying to hide it or make excuses, they voluntarily come forth

    The "voluntarily" part was forced - see the TFA:

    Alan Eustace, senior vice president of engineering and research for Google, wrote in a blog post that the company uncovered the mistake while responding to a German data-protection agency's request for it to audit the Wi-Fi data

    Google was silent about it for three years, but once they were asked a direct question they decided not to lie. When a lawyer asks a question he already knows the answer, so lying in these circumstances would be much more dangerous.

  • by Gorimek (61128) on Friday May 14, 2010 @11:31PM (#32216764) Homepage

    Those are valid questions if anyone knows the data is there.

    If, as Google claims, they just reused some code they had lying around, and it stored more data than they were aware of or wanted to use, I can see how no one would have noticed. Their system worked, and an extra 600GB of disk space will hardly raise any alarms at a Google data center.

  • by eln (21727) on Friday May 14, 2010 @11:44PM (#32216830) Homepage
    The idea that a large company like that would embark on a huge project like StreetView without thoroughly auditing the code they planned on using boggles the mind. Either they didn't carefully audit the code before deploying it in their massive global project or they did and knowingly collected this data. I'm not sure which of those options makes Google look worse.
  • Re:Hey, (Score:4, Insightful)

    by Ganthor (1693614) on Saturday May 15, 2010 @12:20AM (#32217042)
    OK Here's my view. Flamebait or not.
    Google have repeatedly demonstrated some sketchy regard for privacy of others. They have to be dragged kicking and screaming to implement procedures that allow people to remove street view pictures for example.

    I agree that in pushing the envelope that they will come across some interesting social topics like the ones that they found in the first run of street view and the one they are back peddling now. And I do believe in the large amount of good Google have done for open source and data use for the public good, (Google earth and maps for instance).

    However Google repeatedly are coy whenever they think about collecting information and get asked for explanations on what they will be doing with it.

    In this instance I read a BBC article that indicated that the German government asked to review the data and that's when Google "discovered" this "gaff". It wasn't Google unprompted..

    What makes even more sobering reading is Google's own blog which admits they were intending on collecting wi-fi SSID's and MAC addresses.
    http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html [blogspot.com]
    For what purpose, I ask, would MAC addresses be collected?

    However officially Google now admit to collecting snippets of payload data which is something they expressly ruled out in the original blog. They say this was a mistake...I have my doubts.

    Think it through...They are collecting this data ... the data is 3 years old....did they just sit on it and do nothing with it?
    Surely when they started extracting the SSID's and MAC's, they would've noticed the snippets of people emails and websites they also captured...surely the tested the code and the data collected? And then what did they do...Nothing! They didn't exercise any moral judgment and raise the issue of people's privacy on unencrypted networks. They have the platform they could have won some serious brownie points by telling people how to protect themselves. But did nothing. I don't believe they held all this data and didn't know what it was.

    This is yet another example of a "mostly good" company collecting peoples personal data for reasons us mere mortals can't understand.

    I think there is a real difference between data that is public to your neighbors and then someone posting that data on a billboard in the the main street. For instance, when I'm on holiday perhaps?
    Clearly here is an example of data that is not private, in the public domain but is not intended to be distributed to strangers. That level of privacy is not covered by the current laws but needs to be in my opinion.
    I could go on but I recon half the people who started reading have stopped already;-), ... suffice to say, I'll be doing less of my searches with Google as a direct result, and ensuring my network is buttoned up even tighter the ever.
  • Re:Hey, (Score:2, Insightful)

    by Kilrah_il (1692978) on Saturday May 15, 2010 @01:27AM (#32217420)

    Although some of your points are valid, I think you missed one of the most important issues regarding the entire story: Google were frank about their mess-up.
    When we have trouble with privacy with Facebook/MS/Apple/Sony/pick-your-flavor-of-the-month-privacy-issue-culprit you usually have to dig up the info yourself for weeks until you get the company to admit anything was wrong, and then you still have to raise hell to get them to fix the problem (if they can - Sony rootkit fiasco a case in point).
    Here Google had many options:
    1) They could have found about the error and deleted all information the moment the Germans started inquiring - nobody would have known anything. If asked - do like the politician, deny.
    2) They could have issued a short statement claiming that they independently found an error and fixed it, without disclosing too much details.
    3) They could have issued a long statement admitting that they started the investigation after the German inquiry, admitting their mistake, their lessons and the steps they took to resolve the issue, including stopping the StreetView WiFi collection project.

    I honestly think that Google was as straight-forward and honest as can be admitting their mistake, and that should give them some credit. If their original intent was "evil", I don't think they would have chosen option no. 3.
    We keep asking companies to be honest about their practices and mistakes, but when they do admit wrongdoing, we bash them on /. and then promise not to use their services. I personally think that I admire Google for being so honest and will continue using their services, but that's just me.

    Oh, and btw, I think it's recommended to read their original blog post - http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html [blogspot.com] just to have their side of the story straight.

  • by NekSnappa (803141) on Saturday May 15, 2010 @02:32AM (#32217708)

    If you're collecting data you probably plan to use it. Now if you go to the data set to put it to use you'll see that there is more stuff there than you expected. So how can you say "I didn't know that I had all these snippets of traffic on the network I was sniffing."?

  • Re:Hey, (Score:5, Insightful)

    by khchung (462899) on Saturday May 15, 2010 @03:14AM (#32217852) Journal

    So I assume you would be OK if Google told you their street view cars also contained sensitive microphones, which just happened to record some dirty jokes you told your friend on the street? And now everyone can get on the street view, see your (blurred) image and click "hear recordings" to hear your dirty joke too, you would be OK with that too? After all, whatever you did in public should be ok to be publicized, right?

    Seriously, if you don't think there is something wrong with collecting local and transient data and putting them into a big permanent database correlating with other data, by a private corporation that is best known to profit from large scale datamining, you just haven't thought deeply about the issue.

  • Re:Hey, (Score:2, Insightful)

    by Anonymous Coward on Saturday May 15, 2010 @04:03AM (#32218006)
    Dude calm the frick down. Google is a massive corporation with thousands upon thousands of employees simultaneously working on thousands of projects, using code created over a span of several years by programmers who may have already moved on to another project or left to a different company. It's not inconceivable they would have missed this "feature", especially if it doesn't register as a "bug" that destabilizes their intended operations.
  • Re:Hey, (Score:4, Insightful)

    by the_womble (580291) on Saturday May 15, 2010 @07:10AM (#32218600) Homepage Journal

    Entirely believable. No one looks at code if its working OK.

  • Re:Hey, (Score:3, Insightful)

    by pmc (40532) on Saturday May 15, 2010 @11:20AM (#32219786) Homepage

    Although some of your points are valid, I think you missed one of the most important issues regarding the entire story: Google were frank about their mess-up.

    Not initially - they originally said:

    "Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data."

    This was wrong and was in response to claims that Google was collecting payload data. The thought this could be in error is ridiculous. First they'd have to accidently collect the data, and then they'd have to accidently not notice even when they went to look for it.

    They only (finally) admitted they were collecting payload data when the German government asked for the collected data to audit exactly what was being collected.

    Here Google had many options:

    1) They could have found about the error and deleted all information the moment the Germans started inquiring - nobody would have known anything. If asked - do like the politician, deny

    That would have been fatal - the German government was either on a fishing expedition or already knew what was being collected. For Google to have deliberately deleted data in response to a Government request would have been insane - going to prison, massive fines and "they're evil" type of insanity.

    2) They could have issued a short statement claiming that they independently found an error and fixed it, without disclosing too much details.

    That would have been untenable - they just happen to find out after they had threatened with an audit.

    3) They could have issued a long statement admitting that they started the investigation after the German inquiry, etc

    So they did the only vague credible course of action left open to them

    We keep asking companies to be honest about their practices and mistakes, but when they do admit wrongdoing, we bash them on /. and then promise not to use their services.

    The problem is that few believe they are being honest - acccidently collecting hundreds of gigs of data and not noticing either after you've processed your (our) data or after you've said you've checked and there is defintely no data there.

    I'll leave with a final thought - Google claimed that they have never used the data in any product. Given that they claim they didn't even know they had the data until recently how can they possibly make the categorical and emphatic claim that they had never used it in any product. I'd have believed a statement that they didn't believed they had used the data, but were currently auditing to make sure or something. But another straight denial? It makes them look like a six year old caught with their hand in the cookie jar - every answer given to cast themselves in the best possible light with only a vague connection with the truth.

You know that feeling when you're leaning back on a stool and it starts to tip over? Well, that's how I feel all the time. -- Steven Wright

Working...