Google Wi-Fi snooping probe back on despite deletion of vital data

Google Wi-Fi snooping probe back on despite deletion of vital data

Summary: The Information Commissioner's Office will not receive many meaningful answers from Google in its reopened Street View investigation due to a decision in 2010 to allow Google to destroy evidence, according to a privacy campaigner

SHARE:
TOPICS: Security
2

The UK's data-protection watchdog has reopened its investigation into Google's unsolicited Street View data collection, but it will be hampered by an earlier decision to allow Google to delete raw payload data, a privacy consultant has said.

The  Information Commissioner's Office (ICO) reopened the investigation after a US Federal Communications Commission (FCC) report found that Google had intercepted a wide range of personal data using its Street View mapping cars. The ICO wrote to Google on Tuesday to request information about whether the company had harvested personal data from unsecured UK Wi-Fi connections while gathering information for its Street View mapping service.

Google Street View car

The Information Commissioner's Office has reopened its investigation into the capture of unsecured household data by Google Street View cars. Photo credit: Byrion on Flickr

"Please list precisely what type of personal data and sensitive personal data was captured within the payload data collected within the UK?" ICO head of enforcement Steve Eckersley wrote in the letter to Google vice president Alan Eustace.

There's no data to see now. There are two parties to blame here — Google, obviously, but also the ICO for being so lax.

– Alex Hanff, privacy consultant

However, the ICO gave the go-ahead in 2010 for Google to destroy the raw UK data it had collected, making it difficult for Google to comply with the request, and impossible for the ICO to check any claims made by Google about the data, privacy consultant Hanff, who has a history of campaigning on privacy issues, told ZDNet UK on Tuesday.

"The raw data has been destroyed — that has been independently verified," Hanff said. "There's no data to see now. There are two parties to blame here — Google, obviously, but also the ICO for being so lax."

An ICO spokesman on Tuesday denied that the ICO investigation will be hampered by its earlier decision to allow Google to delete the raw data.

"You can have destroyed data, and still have records," said the spokesman.

Google responded to the ICO's request on Tuesday, saying that senior managers had not looked at the payload data. "We're happy to answer the ICO's questions," Google said. "We have always said that the project leaders did not want and did not use this payload data. Indeed, they never even looked at it."

In 2010, the ICO declared that Google had collected "no meaningful details" in the course of its Street View data gathering — findings which led the Metropolitan Police to drop a criminal investigation into Google. However, the ICO subsequently concluded that Google had in fact been in significant breach of UK data laws following investigations by its European counterparts.

Google signed an ICO undertaking in November 2010 to train staff in the use and handling of data. The ICO will further audit Google this year.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Why so surprised? The UK ICO has always been a waste of space, - a waste of the oxygen they breathe. No prospect of change there either.
    bri21
  • The ICO is another lax government agency, like Ofcom, not fit for purpose.

    The volume of the collected data will indicate the extent of data collected. If, as I suspect, Google 'accidentally' harvested terabytes of network data and transferred that data from the cars to one of their offices, it would be an incredible conclusion to assume 'accidental', and it would also most likely have been backed up to another server and stored.

    To ascertain 'what' was harvested the ICO simply need a copy of the software and hardware used to harvest the information and simply drive around and sample the results.

    Is this beyond the imagination of the ICO? or just inappropriate during a whitewash?

    It would also be interesting to discover whether the NSA were 'accidentally' involved.
    Frankly Amazed