Hard to believe Google’s wi-fi data capture was accidental, may or may not be illegal
With momentum building in many countries for investigations into potential privacy violations and other possible transgressions by Google related to its practice of capturing unencrypted wireless network traffic as a part of its Google Street View program, there are two aspects of particular interest here: first, how credible is Google’s claim to have gathered and stored the data by mistake, and second, is the interception of such traffic illegal? The company simultaneously made itself look bad and perhaps provided evidence for its claim that the Street View cars weren’t intentionally gathering this data, when it posted a public statement on April 27 that said in part, “Google does not collect or store payload data” and then two weeks later corrected itself, saying it had in fact been collecting and storing that data all along. The company claims that the practice resulted from the mistaken inclusion of software code in the Street View program that captured not only wireless access point SSIDs and MAC addresses, but also any data transmitted in the clear by the access points it identified. Data protection authorities in some European countries have questioned Google’s explanation, and the Irish government went so far as to demand that Google delete all data it had collected in that country (the company complied with the demand). Whether you agree with the general justification Google offers for wanting to gather the location of active wireless access points, it’s hard to imagine any leading online services company wouldn’t immediately grasp the privacy sensitivity of capturing unencrypted wireless traffic from private homes and businesses. If, as Google says, the Street View project leaders did not want payload data, then even if leaving in the software code to capture that data was an oversight, you would think that someone might have noticed all the additional data coming back with the Street View cars, yet it appears this practice has gone on for a year or more. Google says it “grounded” its fleet as soon as it became aware of the problem — it’s the failure to become aware for a such protracted period of time that is hard to fathom.