Google's Wi-Fi net caught passwords, says France

Summary:Street View cars recorded mailbox passwords and parts of emails as part of their logging of households' Wi-Fi networks, according to the French privacy authority CNIL

Google intercepted passwords and email content while it was collecting unsecured Wi-Fi data from households, the French privacy watchdog has found.

The search and advertising company admitted in May that its Street View cars had harvested information sent overWi-Fi networks. The company said it had collected "payload" data, but said it could not specify exactly what information it held, as its cars had gathered the data unintentionally. Data protection authorities in a number of countries are investigating the incident, including France's Commission nationale de l'informatique et des libertés (CNIL).

The French watchdog said on Thursday that its early investigation had found evidence of Google storing passwords and fragments of email picked up in the Street View sweep.

"Google recorded mailbox passwords, without people's knowledge," CNIL said in a statement. "Google saved extracts of the contents of electronic messages."

Following a request from the French agency, Google handed over two hard disks with on 4 June. Computer scientists from CNIL analysed the contents of the disks and found a large volume of login data, source code and audit reports. The CNIL said that it is too early to say whether any enforcement action will be taken.

Asked for comment, Google did not directly address CNIL's findings but did say that it is cooperating with the relevant authorities.

"We have reached out to the data protection authorities in the relevant countries, and are working with them to answer any questions they have," the company said in a statement. "Our ultimate objective is to delete the data consistent with our legal obligations and in consultation with the appropriate authorities."

Google's interception of Wi-Fi networks as part of its Street View operation came to light following an investigation by German data protection authorities.

The CNIL was one of the first national authorities to request the harvested data from Google, along with the Spanish and German authorities. The UK's privacy watchdog, the Information Commissioner's Office, has requested that Google delete the collected data. However, the company has retained the UK data as many other countries have retracted their earlier requests that data be deleted.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.