Google didn't delete all the data from Wi-Fi sniffing fiasco

[Matthew DeCarlo]

Google angered regulators today after admitting that it's still holding data gathered from wireless networks. In May 2010, the search giant revealed that an employee misused the company's Street View cars to collect information from unsecured Wi-Fi signals, including sensitive data such as emails and passwords. The news outraged privacy advocates, resulting in various probes and fines worldwide. Google apologized for the incident and vowed to wipe all the data in question -- a promise it failed to keep.

In a letter to the UK's Information Commissioner's Office (ICO), the company said that it hasn't deleted all the information obtained by its UK Street View cars. Although Google fessed up to having a "small portion" of the payload, it didn't offer a detailed explanation as to why the information hasn't been purged, but it says the material wasn't retained intentionally, essentially chalking it up to human error. The data was apparently discovered during a manual inspection of the company's Street View disk inventory.

"That review involves the physical inspection and re-scanning of thousands of disks. In conducting that review, we have determined that we continue to have payload data from the UK and other countries. We are in the process of notifying the relevant authorities in those countries," said Peter Fleisher, the company's Global Privacy Counsel. "Google apologizes for this error...We are prepared to arrange for you to review this data, or to destroy it. Google remains committed to working with the ICO on this matter."

Although it offered to delete the data, Google has been instructed to save it for forensic analysis. The ICO will determine how to proceed based on the results of that testing. It remains to be seen whether this news will prompt other countries to relaunch their investigations. It's said that France, Belgium, the Netherlands, Norway, Sweden, Finland, Switzerland, Austria and Australia are affected, and the ICO has reportedly contacted other data protection bodies in the EU and elsewhere to "coordinate the response."

Permalink to story.

https://www.techspot.com/news/49565-google-didnt-delete-all-the-data-from-wi-fi-sniffing-fiasco.html

 

[Guest]

keep the data for forensic evidence??? if google cant have it why should the government, I think I trust google more.... some of this information could be very personnel to some people and they a sharing it about maybe they should be sued for illegal file sharing!

 

[Archean]

I guess Google need to stop using its 'Can do no evil' mantra which it uses to deceive people, as it behaves just like any other big corporation.

 

[cliffordcooley]

These companies should be thanking Google for showing them their pants were down.

This to me makes about as much sense as a stripper walking the streets and filling charges against someone for storing photos of them doing so. If the stripper didn't want the photos taken they shouldn't have put themselves in that position.

In this day and age everything needs to be monitored to catch someone doing something they shouldn't. Tell me exactly how is this going to be done without monitoring everyone regardless of what they are doing. Public is public, if you don't want to be monitored stay at home and hope no one is looking.

Don't tell me a public Hotspot and the data that can be obtained within is any different from publicly showing yourself. I knew there was no difference before I ever decided to use wireless networking for the first time. In fact the thought of publicly broadcasting all the data on my PC and opening the door for anyone to cause harm, lead me to a decision in the beginning that I never wanted wireless. It wasn't until after I learn of wireless encryption, I decided to finally give wireless a chance.

 

[Guest]

google seems to always have something up its sleeve. I wouldnt worry about the company having it, but the employees that may gain access to it. If it truly was a rouge employee that gathered it, why wouldnt there be one more that would take it to the next level?

 

[TJGeezer]

The way people put their private lives online at places like Facebook and Twitter, it's a wonder anybody cared. As for Google scanning gazillions of disks and finding a small amount of the purloined data still stored, and then notifying various bureaucracies it had slipped into the permanent record instead of being wiped - they'd already announced they would wipe the unauthorized data. Why didn't they just do it instead of inviting various bureaucrats to make a big deal out of it?

I like what cliffordcooley said. People who put their private data out on unencrypted wireless networks should stop pretending it's private. If some of their underwear is dirty, so to speak, they should stop waving it around in public.

 

[Tygerstrike]

Actually Google reporting that the information had accidentally been saved is a level of honesty that we as the general public dont get to see all that often. The fact that Google reported themselves leads me to believe that the "Do No Evil" mantra is still in effect. We all know that the guy sitting in the passenger side of the car as it went around the various cities, was inevitably the one resposible for commiting the act that got Google in trouble. However Im pretty sure that individual was instructed to do so by someone higher up on the food chain.

 

[psycros]

If the wardriving and sniffing had been constrained to a handful of cites Google might have been able to pass it off as the work of a rogue employee. That's not what happened. They knowingly and aggressively invaded the networks of private citizens and businesses <b>around the globe</b>. This was a systematic program of data theft perpetrated by a company that makes its billions correlating and selling your personal information to the highest bidder. But you know what disgusts me even more than that? The apologists who blame the <I>victims</I> of Google's hacking for being victimized! And it WAS hacking - you don't intercept passwords and emails by accident! If you're blaming the guy who had a weak lock on his front door for getting robbed, you're either a criminal or an antisocial *****, and either way you need kicked in the face by a mule.

 

[Zoltan Head]

If you're blaming the guy who had a weak lock on his front door for getting robbed, you're either a criminal or an antisocial *****, and either way you need kicked in the face by a mule.

Actually, I do partly blame the guy with the weak lock - I'll fetch my mule.

 

[cliffordcooley]

Actually, I do partly blame the guy with the weak lock - I'll fetch my mule.

I'm questioning whether a lock was used at all. I mean just exactly how much time would be available during a drive-by to break encryption. However anyone that does have encryption that can be broken so quickly, should welcome being notified of such weakness and move on from there. It seems they are not using this as a wake-up call and instead see it as a possible way to make a buck.

Personally I think Google needs to continue scanning for weak encryptions and notify anyone of their weaknesses. Any business should consider this as a free service. After all there are hackers worldwide being paid to break security.

 

[Zoltan Head]

Personally I think Google needs to continue scanning for weak encryptions and notify anyone of their weaknesses. Any business should consider this as a free service. After all there are hackers worldwide being paid to break security.

Too right. There aren't enough philanthropic organisations like Google for my liking.

 

[lipe123]

I guess Google need to stop using its 'Can do no evil' mantra which it uses to deceive people, as it behaves just like any other big corporation.

If you followed the story at all you'd know that the data was acquired from UNSECURED wireless networks. So yea F... the "personal" nature of the data if its freaking unsecured. And no Google does not behave like any other corporation because their products doesn't suck.