Skip to main content

Oopsie! Google Accidentally Harvested WiFi Data

Google today admitted that, in the years that it's been photographing the streets of the world for Google Maps, it has also been unintentionally collecting payload data from open WiFi networks and public hotspots. The revelation came after the German Data Protection Authority asked to audit the WiFi data collected by the Google Street View cars.

Alan Eustace, Senior VP, Engineering & Research today said that during that review the search giant discovered that a statement it sent to data protection authorities (and in an earlier blog post) was incorrect. On April 27, Google sent out a technical note that stated that, while the Street View cars did collect publicly broadcast SSID information and MAC addresses, they did not collect payload data. However, it seems that is not actually the case.

 "… it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products," said Eustace.

Eustace goes on to assure us that typically, Google would only have collected fragmented payload data because:

"Our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second."

The accidental data harvesting is attributed to a mistake made in 2006. Four years ago, an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. Eustace says that a year later, when Google's mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, it included that code in their software—although the project leaders did not want, and had no intention of using, payload data.

Google says to maintain the users' trust, it will be asking a third-party to review the software issue, how it worked and exactly what data was gathered. Additionally, this third-party will also be checking to see that Google deleted the data appropriately. There will also be an internal review of procedures to ensure that should something like this ever happen again, Google will be able to handle the issue properly.

Eustace signs off with an apology from the engineering team at Google.

"The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."