25 Oct 2010

Google admits Street View privacy breach

Internet search giant Google admits copying household computer passwords and emails while gathering images using its Street View cameras, and says it is determined to learn lessons from the mistake.

Google admits Street View privacy breach

Google collected information from wireless networks while its vehicles drove around residential streets taking photographs for its Street View mapping product, which launched in 2008.

Computer passwords, emails and web addresses were copied from private households which did not have encrypted wi-fi access.

It is not yet known whether UK homes were affected by the security breach. The UK privacy watchdog has launched a fresh investigation as anti-surveillance campaigners described the error as “outrageous”.

Google, which is based in California, admitted in May that it had collected information about the name and location of wireless networks not protected by passwords. But now seven privacy regulators have analysed the data and revealed the full extent of what was copied.

A spokesman for privacy watchdog the Information Commissioner’s Office said: “We will be making inquires to see whether this information relates to the data inadvertently captured in the UK before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers.”

Google ‘Mortified’
Alan Eustace, Google’s vice-president of engineering and research, said: “It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.

“We are mortified by what happened.”

Alma Whitten, Google’s new Director of Privacy said: “We are profoundly sorry for having mistakenly collected payload data from unencrypted networks.

“As soon as we realised what had happened, we stopped collecting all wi-fi data from our Street View cars and immediately informed the authorities. This data has never been used in any Google product and was never intended to be used by Google in any way.

“We want to delete the data as soon as possible and will continue to work with the authorities to determine the best way forward, as well as to answer their further questions and concerns.”

She added: “When we first announced that we had mistakenly collected this data, we promised to learn all the lessons we could from our mistake. We are now strengthening our internal privacy and security practices with more people, more training, and better procedures and compliance.”

Alex Deane, director of privacy campaign group Big Brother Watch, said: “As if building up a database of photographs of millions of people’s private homes wasn’t enough, the news that Google has also harvested email addresses and passwords is nothing short of outrageous.
“Google must launch an urgent investigation as to how this gross invasion of privacy was allowed to happen.”