Canadian privacy commissioner slams Google

Share this article:
As the Canadian Privacy Commissioner concluded an investigation into Google last month, it slammed the company for its unauthorized collection of Wi-Fi data.

Canadian Privacy Commissioner Jennifer Stoddart found that the search giant had collected far more information than it had previously estimated after running code on its Street View cars that gathered Wi-Fi payload data erroneously.

Google originally said in late April that it collected only SSID data, before reviewing its statement and admitting to collecting partial Wi-Fi payload data. The commissioner's investigation found that Google collected sensitive information broadcast via Wi-Fi from March 30, 2009 to May 7, 2010, including more than six million basic service set identifiers (BSSIDs) that could be used to identify individual Wi-Fi access points.

Included in the data were 787 email headers and 678 phone numbers. A team of investigators sent to Google's Mountain View, Calif. headquarters to analyse the data also found at least five instances of emails, including information on email addresses, IP addresses, machine hostnames and message contents.

The team found at least five instances of usernames in cookies, MSN messages and chat sessions, at least five instances of real individual names, residential and business addresses, instant messenger headers and phone numbers. They also found login credentials included in one email, and stumbled upon a list of names, phone numbers, addresses and medical conditions for specified individuals.

The collection happened because a Google engineer failed to report the payload collection mechanism when writing the data collection program used by Streetview cars.

“It would appear that the review consisted merely of ensuring that the product did not interfere with a second application – used to collect pictures of the streets navigated by Street View vehicles,” said the Commissioner in her letter of findings.

Google said that it was ‘mortified' by the news and was taking steps to ensure that the problem won't reoccur. These include appointing a director of privacy for engineering, it said.

Share this article:

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Almost 40 percent of Canada's Justice Department duped by phishing

Almost one in four employees at Canada's Justice Department fell prey to internet phishing in an exercise last December.

Microsoft waivers on Canadian spam fears

Microsoft has reconsidered a move to cease security emails in Canada, following the introduction of an anti-spam law north of the border.

Underinvestment, poor communication plague Canadian cybersecurity

Canadian cybersecurity is languishing due to poor communication and disappointing security investments, according to research from the Ponemon Institute.