FCC Google StreetView report shocks "duped" EU regulators

Investigations may be re-opened or widened
  • Liam Tung (CSO Online)
  • — 03 May, 2012 09:06

European data protection regulators may widen ongoing Google StreetView investigations in light of the US report which revealed that several Google engineers knew of plans to collect ‘payload’ data back in 2007.

The detail in the US Federal Communications Commission’s report published by the New York Times (NYT) that appears to have shocked EU data protection authorities was:

“As early as 2007 and 2008 ... Street View team member (sic) had wide access to Engineer Doe’s Wi-Fi data collection design document and code, which revealed his plan to collect payload data”, which several nation's investigations found included emails, passwords and other personal data.

Privacy regulators in Britain, Germany and France confirmed the new information revealed in the report, which Google released, may change the course of investigations, NYT reported Wednesday.

Dutch Data Protection Authority commissioner Jacob Kohnstamm told NYT “this is a bloody shame”.

Johannes Caspar, Hamburg’s data protection commissioner who initiated the first investigation into Google's war driving, suggested in a statement to NYT that Google had deceived it during its investigations in 2010.

“We had been told that it was a simple mistake, as the company had told us. But now, we are learning that this wasn’t a mistake and that people within the company knew this information was being collected,” said Caspar.

A spokesperson for Hamburg’s data protection authority later clarified to Ars Technica that it was not so much “deceived” as “duped” by Google.

Page 11 of the FCC’s 25 page report also shows Engineer Doe had raised privacy as a potential issue since it was known the program being used would collect email data, but he concluded that the short duration of that collection period made it “not a significant concern”.

Earlier this week NYT revealed the identity of “Engineer Doe”, the developer of the payload collecting program gstumbler, gslite and later Kismet (PDF), as Google engineer Marius Milner.

Milner created a similarly-named Windows ‘war driving’ tool in the early 2000s called NetStumbler, Wired reported.

A Google spokesperson said it disagrees with some parts of the FCC’s report but agreed with the commission’s finding that it did not break the law. The FCC however issued a small fine of US$25,000 to Google for obstructing its investigations.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Coding error protects some Android apps from Heartbleed

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.