Last month the German government decided that it needed to take a closer look into Google"s data collection methods. Google"s Street View cars are equipped with wireless antenna"s and pick up any available wireless signal along the way. It was originally thought that the Street view cars were just collecting SSID and MAC address to provide location based services to mobile users. It turns out that they were also capturing data from any network that wasn"t secured with WEP or WPA.
Google has now confessed, via their Official Blog, "But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products." They also said that the wireless capturing device changes channels five times a second along with the car being in motion means that the amount of potential data collected was minimal.
The problem, according to Google, is that their engineers were working on an experimental project in 2006 to collect data over publicly available wireless networks. They transferred the code to the Street View cars to collect the SSID and MAC address for their location services but forgot to take the data collection part out. "As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."
To address the issue Google will be hiring a third party to review their software and verify the packet capturing portion of the software has been removed, they will also be reviewing internal policies to be sure they are setup to handle situations like this in the future.
"This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today. Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search. For other services users can check that pages are encrypted by looking to see whether the URL begins with “https”, rather than just “http”; browsers will generally show a lock icon when the connection is secure."