Google Wi-Fi data grab snared passwords, e-mail
Google claims it picked up only 'fragments' of personal data
IDG News Service - Wi-Fi traffic intercepted by Google's Street View cars included passwords and e-mail, according to the French National Commission on Computing and Liberty (CNIL).
CNIL launched an investigation last month into Google's recording of traffic carried over unencrypted Wi-Fi networks, and has begun examining the data Google handed over as part of that investigation.
Google revealed on May 14 that the fleet of vehicles it operates to compile panoramic images of city streets for its Google Maps site had inadvertently recorded traffic from unencrypted Wi-Fi networks. Google's intention was only to record the identity and position of Wi-Fi hotspots in order to power a location service it operates, the company said. However, the software it used to record that information went much further, intercepting and storing data packets too.
At the time, Google said it only collected "fragments" of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54M bits per second, it always seemed likely that those one-fifth of a second recordings would contain more than just "fragments" of personal data.
That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.
"It's still too early to say what will happen as a result of this investigation," CNIL said Thursday.
"However, we can already state that [...] Google did indeed record e-mail access passwords [and] extracts of the content of e-mail messages," CNIL said.
Data protection authorities in Spain and Germany have also asked Google for access to Wi-Fi traffic data intercepted in their countries, but the CNIL was the first to have its request granted, it said.
Google also told CNIL that the data collected by the Street View cars is also used by other services, including Google Maps and Google Latitude, which allows users automatically transmit their location to friends, and to track others who choose to share their location via the service.
That's of interest to CNIL, because Google has still not made the necessary statutory declarations regarding its processing of personal data for the Latitude service in France.
Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at firstname.lastname@example.org.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!