Google 'surprised' by revived UK Street View investigation

Google is unable to list precisely what kind of sensitive personal data its Street View cars captured from UK Wi-Fi networks

Google is "surprised" that the U.K. Information Commissioner's Office (ICO) reopened its investigation into the way the company's Street View cars gathered personal data from unencrypted Wi-Fi networks, the company said in a letter to the ICO on Monday.

The ICO demanded more information about Google's Street View data harvesting practices earlier this month, after the U.S. Federal Communications Commission (FCC) revealed in a report that Google knew its Street View cars had gathered personal data when scanning unencrypted Wi-Fi networks. The ICO said that Google had in the past said specifically that if personal data was collected by Street View cars, that this data was gathered by mistake.

Google's Global Privacy Council Peter Fleischer said in a response to the ICO that the FCC findings do not in any way change the position from the time that Google and the ICO agreed undertakings in November 2010. However, the company does not seem to be able to answer all of ICO's new questions.

Google is for instance unable to list precisely what type of sensitive personal data was captured within the payload data collected in the U.K., wrote Fleischer in his response. The data on the hard drive that was shared with the ICO in the previous investigation was not further viewed or analyzed, Fleischer added. "Therefore, Google cannot definitively list what types of personal data and/or sensitive personal data were captured within the payload collected in the UK," he writes.

But the data collected with Street View cars is likely to be similar to data found by other European data protection authorities, he said. The gathered payload data included entire emails, URLs and passwords, according to Fleischer.

Besides the data mentioned by Fleischer the Dutch data protection authority for instance also found medical data and data concerning financial transactions, they said when they presented their research results in April 2011.

The ICO also wanted to know why they only found SSIDs and MAC addresses in the gathered payload data when they investigated Street View in 2010, and did not find any of the mentioned personal data. According to Google, this kind of data probably could be found on the disk they provided to the ICO at the time, but that the personal data was probably overlooked because it was present in very small quantities. Approximately 0.0131 percent of the 700GB of data on the disk shared with the ICO consisted of Wi-Fi data, Google estimated. And approximately 1.5 percent of the Wi-Fi data was payload data, Fleischer wrote.

"Having not analyzed any of the payload data collected by the Google Street View Vehicles, We have no information on what proportion (if any) of payload data may have been 'personal data'," Fleischer said.

The ICO also asked Google to detail at what point Google managers became aware of the gathering of Wi-Fi data by Street View cars. Google maintains that while there were "red flags" that suggested the software written by an unnamed Google engineer was able to gather personal data, these signals were missed or misunderstood by Google managers involved in the project. Since the managers did not recognize there were looming privacy concerns, the problems were not addressed, said Fleischer. Furthermore, he said that there were no senior Google managers who were briefed about the collection of payload data.

The ICO is considering a response to Google's letter, a spokesman said in an email.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts