Google Street View Accidentally Collected User Data via WiFi

Google says it will no longer collect WiFi data after finding its Street View cars have been collecting personal information of citizens of different countries for the last three years. Google admits it has unintentionally snagged bits of payload data, which could include user e-mails, passwords and Web browsing activity. This type of data is something Internet companies such as Google, Yahoo and Microsoft swear to protect. Leaders of countries already wary of Google's data collection practices won't take kindly to such a violation of privacy.

Google May 14 said it will no longer collect WiFi data after discovering that its Street View cars unwittingly collected personal information from citizens' networks, a violation of privacy sure to inflame leaders of countries already wary of Google's data collection practices.

Google sends cars to patrol and take pictures of streets in countries all over the world for the Street View component of Google Maps.

The search engine initially said in April that its Street View Cars did not collect data that people share between WiFi networks and computers, although the cars did collect WiFi network names and router addresses. Google learned after conducting a data audit on behalf of the German government that this was incorrect.

"It's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products," wrote Alan Eustace, senior vice president of engineering and research.

Payload data can include user e-mails, passwords and Web browsing activity, data the sanctity of which Internet companies such as Google, Yahoo and Microsoft swear to protect. Germany, the United States, Britain and France were among the countries where Google collected this data.

The mistake was one of human engineering. Eustace said a Google programmer wrote a program that "sampled all categories of publicly broadcast WiFi data" and this code has accidentally been used since 2007 as part of the project of collecting "basic WiFi network data."

Eustace said Google "grounded our Street View cars and segregated the data on our network" when it became aware of the issue and is working hard to delete this data.

Moreover, Google's Street View cars will no longer collect WiFi network data and the company will begin offering an encrypted version of Google Search. Google began offering encrypted Gmail earlier in 2010 after Gmail accounts were accessed in a cyber-attack originating from China.

"The engineering team at Google works hard to earn your trust-and we are acutely aware that we failed badly here," Eustace wrote. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."

While Google's admission and apology seem forthright and humble, Eustace also sought to play down Google's data collection, a move that may undermine the admission of a major privacy blunder.