Canadian privacy commissioner slams Google

Share this article:
As the Canadian Privacy Commissioner concluded an investigation into Google last month, it slammed the company for its unauthorized collection of Wi-Fi data.

Canadian Privacy Commissioner Jennifer Stoddart found that the search giant had collected far more information than it had previously estimated after running code on its Street View cars that gathered Wi-Fi payload data erroneously.

Google originally said in late April that it collected only SSID data, before reviewing its statement and admitting to collecting partial Wi-Fi payload data. The commissioner's investigation found that Google collected sensitive information broadcast via Wi-Fi from March 30, 2009 to May 7, 2010, including more than six million basic service set identifiers (BSSIDs) that could be used to identify individual Wi-Fi access points.

Included in the data were 787 email headers and 678 phone numbers. A team of investigators sent to Google's Mountain View, Calif. headquarters to analyse the data also found at least five instances of emails, including information on email addresses, IP addresses, machine hostnames and message contents.

The team found at least five instances of usernames in cookies, MSN messages and chat sessions, at least five instances of real individual names, residential and business addresses, instant messenger headers and phone numbers. They also found login credentials included in one email, and stumbled upon a list of names, phone numbers, addresses and medical conditions for specified individuals.

The collection happened because a Google engineer failed to report the payload collection mechanism when writing the data collection program used by Streetview cars.

“It would appear that the review consisted merely of ensuring that the product did not interfere with a second application – used to collect pictures of the streets navigated by Street View vehicles,” said the Commissioner in her letter of findings.

Google said that it was ‘mortified' by the news and was taking steps to ensure that the problem won't reoccur. These include appointing a director of privacy for engineering, it said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

CSEC mishandled private communications, says watchdog

Canada's foreign spy agency mishandled information on private communications that it had collected by mistake, according to the most recent report by a government watchdog.

National Research Council breached

Canada's National Research Council has written to partner companies informing them of a breach of its cybersecurity systems.

Canadian ISP used In $83,000 cryptocurrency heist

A Canadian ISP has been identified as the source of a cryptocurrency hack that stole $83,000 over four months.