Canadian privacy commissioner slams Google

Share this article:
As the Canadian Privacy Commissioner concluded an investigation into Google last month, it slammed the company for its unauthorized collection of Wi-Fi data.

Canadian Privacy Commissioner Jennifer Stoddart found that the search giant had collected far more information than it had previously estimated after running code on its Street View cars that gathered Wi-Fi payload data erroneously.

Google originally said in late April that it collected only SSID data, before reviewing its statement and admitting to collecting partial Wi-Fi payload data. The commissioner's investigation found that Google collected sensitive information broadcast via Wi-Fi from March 30, 2009 to May 7, 2010, including more than six million basic service set identifiers (BSSIDs) that could be used to identify individual Wi-Fi access points.

Included in the data were 787 email headers and 678 phone numbers. A team of investigators sent to Google's Mountain View, Calif. headquarters to analyse the data also found at least five instances of emails, including information on email addresses, IP addresses, machine hostnames and message contents.

The team found at least five instances of usernames in cookies, MSN messages and chat sessions, at least five instances of real individual names, residential and business addresses, instant messenger headers and phone numbers. They also found login credentials included in one email, and stumbled upon a list of names, phone numbers, addresses and medical conditions for specified individuals.

The collection happened because a Google engineer failed to report the payload collection mechanism when writing the data collection program used by Streetview cars.

“It would appear that the review consisted merely of ensuring that the product did not interfere with a second application – used to collect pictures of the streets navigated by Street View vehicles,” said the Commissioner in her letter of findings.

Google said that it was ‘mortified' by the news and was taking steps to ensure that the problem won't reoccur. These include appointing a director of privacy for engineering, it said.

Share this article:

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Health law needs reform, says provincial privacy watchdog

The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.

Well.ca security not that well, letter reveals

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

Canada signs Wedge Networks to secure government data centers

The Canadian government has hired Wedge Networks, a provider of cloud-based security services, to secure its computing infrastructure.