Google 'surprised' by revived UK Street View investigation

Google is unable to list precisely what kind of sensitive personal data its Street View cars captured from UK Wi-Fi networks

Google is "surprised" that the U.K. Information Commissioner's Office (ICO) reopened its investigation into the way the company's Street View cars gathered personal data from unencrypted Wi-Fi networks, according to a letter that a Google official sent to the ICO on Monday.

The ICO demanded more information about Google's Street View data-harvesting practices earlier this month, after the U.S. Federal Communications Commission (FCC) revealed in a report that Google knew its Street View cars had gathered personal data when scanning unencrypted Wi-Fi networks. The ICO said that Google had in the past said specifically that if Street View cars had collected personal data they had done so by mistake.

Google's global privacy counsel, Peter Fleischer, said in a response to the ICO that the FCC findings do not in any way change the position from the time that Google and the ICO reached an agreement in November 2010. However, the company does not seem to be able to answer all of the ICO's new questions.

For instance, Google is unable to list precisely what type of sensitive personal information was captured within the payload data collected in the U.K., wrote Fleischer in his response. The data on the hard drive that was shared with the ICO in the previous investigation was not further viewed or analyzed, Fleischer added. "Therefore, Google cannot definitively list what types of personal data and/or sensitive personal data were captured within the payload collected in the UK," he wrote.

But the data collected with Street View cars is likely to be similar to what other European data protection authorities found, he said. The data gathered by Street View cars included entire emails, URLs and passwords, according to Fleischer.

Besides the types of information mentioned by Fleischer, the Dutch data protection authority, for instance, reported in April 2011 that it had found medical data and data concerning financial transactions.

The ICO also wanted to know why, when it investigated Street View in 2010, it found only SSIDs and MAC addresses in the payload data and did not find any of the personal data Fleischer mentioned. According to Google, this kind of data probably could be found on the disk that it provided to the ICO at the time, but the personal data was probably overlooked because it was present in very small quantities. Approximately 0.0131% of the 700GB of data on the disk shared with the ICO consisted of Wi-Fi data, Google estimated. And approximately 1.5% of the Wi-Fi data was payload data, Fleischer wrote.

"Having not analyzed any of the payload data collected by the Google Street View Vehicles, We have no information on what proportion (if any) of payload data may have been 'personal data'," Fleischer wrote.

The ICO also asked Google to detail at what point Google managers became aware of the gathering of Wi-Fi data by Street View cars. Google maintains that while there were "red flags" that suggested the software written by an unnamed Google engineer was able to gather personal data, these signals were missed or misunderstood by Google managers involved in the project. Since the managers did not recognize that the data-gathering project might raise privacy concerns, the problems were not addressed, said Fleischer. Furthermore, he said that no senior Google managers were briefed about the collection of payload data.

The ICO is considering a response to Google's letter, a spokesman said via email.

Copyright © 2012 IDG Communications, Inc.

Shop Tech Products at Amazon