The Google Blog admitted that they made a significant privacy mistake with some of their Street View cars. The wifi data collecting versions of the Google Street View cars were not just collecting publicly broadcast SSID information and MAC addresses but they were also collecting “samples of payload data from open (i.e. non-password-protected) WiFi networks,” said Google. Google said they did not knowingly collect payload data and when they found out, they immediately “grounded our Street View cars and segregated the data on the network.”
Google added that, Google has made a decision to completely stop using the WiFi data collection technology with Street View cars in the future. Those wifi collecting cars will be taken out of the rotation and not be used due to the privacy concerns expressed globally. In addition to these steps, Google promised to ask a third party to audit the software at issue and conduct internal reviewing procedures to ensure that the controls are in place to prevent these issues in the future.
For more information about this, please see the Google Blog.
Postscript From Danny Sullivan: I spoke with a reporter today to explain what happened more, and I thought the metaphor might be useful to share.
Imagine that the transmissions you make on a wifi network to the sites you visit are like having a real-life conversation with someone on the porch of your house or the front yard.
As Google’s StreetView cars were like someone driving slowly down the street, recording all the front yard conversations that they could hear, as they went past.
Because the car is constantly moving, only a tiny bit of each conversation was being recorded. That’s the first thing that should be reassuring in all this — it’s not as if Google heard minutes or hours worth of what you were “saying” on the web.
Second, Google couldn’t understand all the conversations it was hearing. That’s because while the data was going out on an open wireless network, the conversation itself was encrypted. This is typically what happens if you go to a bank web site — a secure connection is established. It’s also what happens if you go to Google itself to read Gmail or use some other services.
In the metaphor, it’s as if some people were talking on the street were having a conversation in a language that only they and the other person could understand.
Third, there were some conversations that Google couldn’t understand at all, on wifi networks that had security running. In these cases, it’s as if Google could see that people were talking on their front lawn, but all they could hear was a mumble, nothing intelligible.
There’s no doubt Google has harvested a huge amount of data. Wifi “conversations” have been recorded since 2007, according to today’s blog post. But only snippets of those conversations have been stored, making the information fairly useless if it were to be mined — something Google doesn’t appear to have ever done nor plans to do, as it seeks to destroy the data.
As a PR issue, it’s a nightmare. Google just came under fire from privacy officials in 10 countries concerned about StreetView cars collecting photos plus about issues with the Google Buzz rollout earlier this year. The officials seized on two issues to claim that Google’s privacy mistakes were not “isolated” cases. Now Google’s got a serious third strike against it.