Skip to main content

Google Collected Passwords in Wi-Fi Sweeps

Oh boy. The French National Commission on Computing and Liberty (CNIL) is now claiming that Google was collecting passwords and email content during its sweep of unencrypted Wi-Fi networks for Google Maps. The sensitive private information was discovered in data provided by Google as part of its compliance with the CNIL. The French commission launched an investigation into Google's data collection in May.

Early in the investigation Google admitted that its Street View cars had "inadvertently" recorded residential network traffic while compiling its panoramic images for Google Maps. The company said that it was only meant to verify the position of Wi-Fi hotspots for its location service, acquiring only fragments. However the software used in the collection process gathered more than just fragments, grabbing and storing actual packets of data.

Currently the CNIL is still examining the Wi-Fi traffic and data stored on two hard disks provided by Google. The commission is also accessing Google data by connecting to servers over a secure connection. The CNIL said that it's still too early to say what will actually happen as a result of its investigation.

"We can already state that Google Google did indeed record email access passwords [and] extracts of the content of email messages," CNIL said.

Investigations are also underway in Spain and Germany in regards to the Wi-Fi traffic data collection, however France was the first country to receive the requested data. We expect to hear more from all parties in the coming weeks.