Google admitted on Friday that it inadvertently picked up personal information through the fleet of cars it uses to photograph streets for its Google Maps applications.
“It’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks,” Alan Eustace, Senior VP, Engineering & Research said on The Official Google Blog. “We never used that data in any Google products.”
The company’s Googlemobiles were being used to collect photos, Wi-Fi network information and 3-D imagery of various geographic locations to create navigable maps for Google’s Street View application. Google believed, initially, that these cars were only picking up publicly transmitted information such as network names and addresses.
In reality, however, the cars were picking up samples of private (or payload) data such as personal e-mail addresses and/or passwords submitted over non-secure wireless networks.
Google is currently working to erase the inadvertently collected data. In light of substantial public concerns regarding an invasion of privacy, Google is using third-party regulators in affected countries, which includes the U.S., Germany, France and China, to verify the deletions. iSEC Partners Inc. has already confirmed that, following a request for the Irish Data Protection Agency, all data retrieved in Ireland was deleted.
Google has also stopped its Street View cars from collecting Wi-Fi network data entirely.
Google said that the problem was caused after a piece of code written in 2006 for an experimental Wi-Fi project was mistakenly included in the Street View Cars programming. It discovered the glitch after the data protection authority (DPA) in Hamburg, Germany, requested to do an audit of the Wi-Fi data collected by the cars.
The company said that typically only fragments of personal data were collected, as its cars are continually moving. Additionally, no data were obtained from secure, password-protected networks. (Password protecting your network is just one of the ways to prevent identity theft.)
“The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here.”Eustace said. “We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake.”