|
By Cara Garretson
Google has admitted to an engineering mistake in the way it collects data for its location-based products that led to the collection of more information than intended.
In a blog post Friday, Google VP of engineering and research Alan Eustace explained that information the company had shared earlier about how Google's Street View cars collect information was incorrect, apologized for the mistake, and outlined how the company plans to prevent such things from happening in the future.
In the earlier blog Eustace referred to -- posted to Google's European Public Policy Blog on April 27 in response to concerns raised by data-protection authorities in Germany -- Google global privacy counsel Peter Fleischer penned a Q&A explaining how the company's location-based offerings work. Google Street View cars collect information as they drive around, specifically photos, local Wi-Fi network data, and 3-D building imagery to help create its 360-degree street level maps and location-based services such as Google Maps and Google Search.
In regards to the local Wi-Fi network data, Fleischer said Google collects broadcast information that identifies the network and how that network operates, including SSID data and MAC addresses. "Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data," he wrote. The same statement was sent to German data-collection authorities on that day.
However, as revealed in last Friday's post, Google has in fact been collecting payload data. Earlier in the month the German data-protection authority asked to audit this Wi-Fi data, and upon review Google realized it had been mistakenly collecting samples of payload data from Wi-Fi networks that aren't password protected, adding that the company has never used any of that data in its products. Google says this is due to an engineering mistake made in 2006, when a Google employee wrote a piece of code that samples all sorts of publically broadcast Wi-Fi data, and that code was unintentionally rolled into the mobile team's product.
The blog explains that typically the Google Street View cars only collect fragments of payload data, since they are always moving, could only capture data from networks they were passing by, and that the Wi-Fi equipment in the cars change channels five times a second.
When Google realized what was happening, the Street View cars were halted, and the collected data was segregated on Google's network and then disconnected. The company wants to delete the data, and is working with regulators in different countries to determine how it should be disposed of. Going forward, the company said it will ask a third party to review the software used by the mobile products and confirm that Google deleted the data appropriately. Google also says it will perform an internal review of procedures to prevent such issues in the future, and that it has halted Wi-Fi network data collection by Street View cars.
"The engineering team at Google works hard to earn your trust -- and we are acutely aware that we failed badly here," said Eustace. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."
In pointing out the dangers presented by Wi-Fi networks that aren't password-protected, Google said that this week it will begin offering an encrypted version of Google Search. The company already encrypts Gmail for all its users.
Only registered users can write comments.
Please login or register. |
