Update 05/27: Kim Cameron has an excellent post on this issue (and a clarification here) that illustrates the identity impacts of Google’s wifi scanning.
It would appear that Google’s Street View cars were actively collecting data from unprotected home wifi networks over the past several years. According to the New York Times article:
After being pressed by European officials about the kind of data the company compiled in creating the archive — and what it did with that information — Google acknowledged on Friday that it had collected snippets of private data around the world. In a blog post on its Web site, the company said information had been recorded as it was sent over unencrypted residential wireless networks as Google’s Street View cars with mounted recording equipment passed by.
I’m not sure how to react to this but it sure raises some questions:
- Why would the Street View cars be scanning for unprotected networks in the first place? The company has said it helps to improve geo-location but given the other tools at its disposal, I suspect they weren’t relying on home network MAC addresses to keep their location data accurate.
- Why would they then record user data — web sites visited, emails sent, etc. — and subsequently store it on central servers? How can this be classified as a ‘programming error’? Perhaps that explanation could fool some of the less technical authorities, but let’s get real here — systematic recording of user generated data when only the MAC address is needed IS NOT a programming ‘error’. It is a ‘function’.
- Why would this only come to light after four years and why did it take a demand from a German official to inspect the car’s missing hard drive for this to become public at all?
- Are we getting the full goods from Google, a company known for its privacy transgressions?
Companies like Google (and Facebook, a company with privacy troubles of its own) are successful because of the goodwill and trust extended to them by us. There are other search engines and cloud services out there we can use.
Breaches like this are bad enough — the pithy excuses and blatant PR spin when caught are even worse.