Campaigning group Privacy International says that Google intentionally broke the law when its Street View project gathered Wi-Fi data.
Earlier this year, Google admitted to “accidentally” storing unencrypted Wi-Fi data from networks that its Street View cars passed, but Privacy International says that an audit (PDF) published on Google’s blog gives clear evidence of Google’s intent to break the law.
The audit, by Stroz Friedbert, found that the the Google system collected Wi-Fi data and intentionally separated out unencrypted content (payload data) of communications, and systematically wrote this data to hard drives.
“This is equivalent to placing a hard tap and a digital recorder onto a phone wire without consent or authorisation,” says the Privacy International release. The report states: “While running in memory, gslite permanently drops the bodies of all data traffic transmitted over encrypted wireless networks. The gslite program does write to a hard drive the bodies of wireless data packets from unencrypted networks.”
In other words, Google separated and dumped encrypted data, storing stuff which it could later use. Whether it actually intended to use it or not, this “mistake” is a criminal act, according to the privacy body, “commissioned with intent to breach the privacy of communications”.
Most countries only allow the interception of communications if a police or judicial warrant is issued, the group said. While some jurisdictions have leeway for “incidental” or “accidental” interception, this would not apply here, the groups said. “This action by Google cannot be blamed on the alleged ‘single engineer’ who wrote the code. It goes to the heart of a systematic failure of management and of duty of care.”
Earlier this month, a US federal judge ordered Google to hand over copies of the Wi-Fi data captured by its Street View cars, with the encrypted data to be kept under seal as backup in case it is ruled as admissible evidence in lawsuits filed against it. Data protection authorities in Germany, France and Spain also asked Google to surrender the data, but some privacy campaigners warned that handing over the hard drives which contain the data could harm privacy further.
Initally Google denied regulators in Germany and Hong Kong access to the data, while it discussed the “appropriate legal and logistical process for making the data available”. However, eventually the company agreed to hand over information, initially to the German, French and Spanish data protection authorities.
“We screwed up. Let’s be very clear about that,” Google chief executive Eric Schmidt told the Financial Times. “If you are honest about your mistakes it is the best defence for it not happening again.”
On 21 May, Google also began adding SSL (Secure Sockets Layer) encryption for its search engine, in direct response to the Wi-Fi data-collecting scandal. This offers a “significant privacy advantage over systems that only encrypt log-in pages and credit card information,” according to Google Software Engineer Evan Roseman.
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…