Canadian privacy commissioner slams Google

Share this article:
As the Canadian Privacy Commissioner concluded an investigation into Google last month, it slammed the company for its unauthorized collection of Wi-Fi data.

Canadian Privacy Commissioner Jennifer Stoddart found that the search giant had collected far more information than it had previously estimated after running code on its Street View cars that gathered Wi-Fi payload data erroneously.

Google originally said in late April that it collected only SSID data, before reviewing its statement and admitting to collecting partial Wi-Fi payload data. The commissioner's investigation found that Google collected sensitive information broadcast via Wi-Fi from March 30, 2009 to May 7, 2010, including more than six million basic service set identifiers (BSSIDs) that could be used to identify individual Wi-Fi access points.

Included in the data were 787 email headers and 678 phone numbers. A team of investigators sent to Google's Mountain View, Calif. headquarters to analyse the data also found at least five instances of emails, including information on email addresses, IP addresses, machine hostnames and message contents.

The team found at least five instances of usernames in cookies, MSN messages and chat sessions, at least five instances of real individual names, residential and business addresses, instant messenger headers and phone numbers. They also found login credentials included in one email, and stumbled upon a list of names, phone numbers, addresses and medical conditions for specified individuals.

The collection happened because a Google engineer failed to report the payload collection mechanism when writing the data collection program used by Streetview cars.

“It would appear that the review consisted merely of ensuring that the product did not interfere with a second application – used to collect pictures of the streets navigated by Street View vehicles,” said the Commissioner in her letter of findings.

Google said that it was ‘mortified' by the news and was taking steps to ensure that the problem won't reoccur. These include appointing a director of privacy for engineering, it said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Childrens' Hospital apologizes for rogue employee breach

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

Canadian launches $500m class action against Home Depot

A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.

Faulty UBC software exposed student financial information

Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.