Google went through the trouble of putting out a quite detailed blog post yesterday to apologize for having collected "in error" Wi-Fi data in Ireland through its Google Street View cars, saying it "failed badly". The search giant added that although it had collected data "samples", it had not used it for any of Google's service offers.
The news came after the search giant reviewed data collected for its location-based services like Google Maps, as it had been asked by the Hamburg-based data protection authority (DPA) to do so, Senior VP, Engineering & Research, Alan Eustace wrote.
Google first denied collecting payload data (information sent over Wi-Fi networks) but yesterday acknowledged the contrary, assuring that it had since deleted such data collected in Ireland, at the request of the Irish Data Protection Authority.
Mr Eustace said that Google is now "reaching out to Data Protection Authorities in the other relevant countries about how to dispose of the remaining data as quickly as possible."
What was collected?
While explaining that Google Street View cars are supposed to collect only "publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router)"... He also minimized the catch: "we will typically have collected only fragments of payload data because: our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks."
Cheeky, or what ?
Yes, so as you might have guessed from the previous sentence, while acknowledging the blunder, Google still likes to point fingers, encouraging users of non-password-protected WiFi networks to lock-protect their accesses. In other words, putting somehow the responsibility on those users. A little cheeky, if you ask me.
Maverick engineers or failing reporting lines?
An even more annoying stance as the blog then goes on to reveal that the code allowing collection of such payload data was being used despite all better judgement and against decisions from the hierarchy: "They included that code in their software--although the project leaders did not want, and had no intention of using, payload data." Is that an excuse?
Never losing a PR opportunity
Finding the perfect opportunity there, Google announced a new service to be launched next week: an encrypted version of Google Search. It however gave no further detail so keep an eye over there.
As for the payload data, the company says it will work with a third party to review the incriminated software on the one hand and review its internal procedures "to ensure that our controls are sufficiently robust to address these kinds of problems in the future."
Wait, "in the future"...? No. Thanks but no thanks, we do NOT want any of this going forward, do we ?
From the their press release:
"Google has demonstrated a history of pushing the envelope and then apologizing when its overreach is discovered," said John M. Simpson, consumer advocate with the nonpartisan, nonprofit consumer group. "Given its recent record of privacy abuses, there is absolutely no reason to trust anything the Internet giant claims about its data collection policies."