Google recently realized they’d inadvertently been drive-by spying on WiFi networks. Part of the data collection was intentional: they meant to collect the SSID info and MAC addresses as they drove by in Street View cars—but they unintentionally went beyond that to collect whatever snippets of information were transmitted over non-passworded networks:
In that blog post [here], and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.
However, we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks.
Google explains that they were recycling the code to pick up the SSID and MAC information from another 20% project. It automatically picked up the payload data, although that wasn’t what Google was looking for.
But for once, Google is actually being highly proactive about protecting individuals’ personal data: as soon as they learned about this “feature,” they stopped all their Street View cars and segregated the data they’d already collected within from other data. They’ve also decided not to collect any more WiFi info, even the public information they’d already collected safely.
Additionally, Google will have a third party to review the software they were using, looking at what information it gathered. They’ll also have the third party look at how they deleted the data to make sure they did it “appropriately.”
Google also reminds us that we need to be careful about our own privacy, password protecting your WiFi net works. and Google takes this opportunity to tout their other good moves in privacy: encrypting Gmail a while back and a new encrypted search option coming this week.
What do you think? Did Google actually do the right thing when it comes to privacy (for once)?