Skip to main content

Google Street View Accused of Snooping Laptops, Smartphones

CNET calls "scoop" on a report that Google's Street View cars have collected the locations of "millions" of laptops, smartphones and other Wi-Fi devices around the world.

According to the report, these cars acquired the locations of Wi-Fi access points, but they also recorded the street addresses and unique MAC address of the devices accessing those wireless networks. To make the situation even more invasive, Google made the data public just a few weeks ago.

To back up the report, the French data protection authority, known as the Commission Nationale de l'Informatique et des Libertés (CNIL), claims that its investigation against Google's Street View tactics back in March also revealed that the company collected MAC addresses of devices connected to access points. Google was forced to pay a fine of 100,00 euros, or around $143,000 USD.

"The analysis of these data by CNIL demonstrated that Google had registered, in addition to technical data (SIID identifiers and MAC addresses of Wi-Fi access points), numerous data about individuals, identified or identifiable (data connection to websites, passwords, email, email addresses, including e-mail exchanges revealing sensitive information about sexual orientation or health)," CNIL said in its report.

CNET speculates that the data collection was accidental, caused by a programming error similar to the previous issue where Street View cars were collecting the contents of unencrypted wireless communications. In this case, client hardware addresses were also vacuumed up and then added to Google's geolocation database. This info became publicly available in late June.

"Wi-Fi-enabled devices, including PCs, iPhones, iPads, and Android phones, transmit a unique hardware identifier to anyone within a radius of approximately 100 to 200 feet," CNET reports. "If someone captured or already knew that unique address because they had access to the device, Google's application programming interface, or API, revealed where that device was located, a practice that can reveal personal information including home or work addresses or even the addresses of restaurants frequented."

Late Monday afternoon Google finally issued a statement in regards to the CNET report. "Location-based services provide tremendous value to consumers and the economy," the company said in a statement. "In order to provide these location services, Google and many other companies detect nearby, publicly available signals from Wi-Fi access points and cell towers and use this data to quickly approximate a rough position. This can be done by using information that is publicly broadcast, including that list of Wi-Fi access points you see when you use the 'join network' option on your computer and the access point’s MAC address."

"We collect the publicly broadcast MAC addresses of Wi-Fi access points," Google added. "If a user has enabled wireless tethering on a mobile device, that device becomes a Wi-Fi access point, so the MAC address of such an access point may also be included in the database. Wi-Fi access points that move frequently are not useful for our location database, and we take various steps to try to discard them."

Monday the head of the Electronic Privacy Information Center in Washington, D.C., Marc Rotenberg, expressed his concerns over the legality of collecting MAC addresses using Wi-Fi connections. "The fact that other companies such as Skyhook may have engaged in this behavior, which seems to be Google's best defense, doesn't make it lawful," Rotenberg said. "What it does suggest is that there's more to the investigation of Street View."

Earlier this month, FCC Chairman Julius Genachowski confirmed that the "Bureau's inquiry seeks to determine whether Google's [Street View] actions were inconsistent with any rule or law within the Commission's jurisdiction." A federal judge also recently found that Google's purposeful and secretive collection of Wi-Fi data as part of its "Street View" activities could constitute illegal wiretapping.