Google’s Accidental Spying Mess

For years, Google has used its squadron of Street View cars to capture imagery and 3D geometry for Google Maps and data about Wi-Fi networks that it uses in its geolocation-enabled apps. It’s been a controversial practice, particularly in Europe. And on April 27th, the company published a blog post to clear up misconceptions about its practices. The tone was very slightly edgy, and the gist was (A) we’re not invading anybody’s privacy; and (B) other people have been doing this stuff even long than we have.

Except…now Google is saying that its statement that it was only collecting SSID and MAC information from the networks it drove by is incorrect. At the request of the German government, Google examined its system more carefully. And it discovered that for the past three years, Street View cars have been accidentally using a piece of software that can pick up data being transmitted over non-password protected networks. Since the cars were in constant motion and their network-monitoring equipment changed channels five times a second, the company says it’s “typically” only picked up “fragments” of data.

Nevertheless, it’s temporarily grounded the cars, has isolated the data in question while it figures out what to do with it, and says it’ll hire a third party to examine the software. And it’s “profoundly sorry for this error” and will try to learn from it.

None of this is cause for panic. If anything, Google is guilty of sustained incompetence, not malevolence. No, that doesn’t completly excuse this, and yes, there may be scenarios in which the data could wind up being abused.  But the chances of problems arising for any of the individuals whose data was accidentally sniffed are vastly lower than those of the same individuals having their identities stolen by intentional data thieves.

A few other thoughts:

* I’m glad the German government browbeat Google over this.

* Before it discovered it had screwed up, Google insisted it was doing nothing of consequence. No company ever admits to invading anyone’s privacy. It’s always your privacy is important to us blah blah blah–and the proper response is always skepticism. We really don’t know what the heck companies are doing with our data–on purpose or by accident.