Google's Wi-Fi net caught passwords, says France
Google intercepted passwords and email content while it was collecting unsecured Wi-Fi data from households, the French privacy watchdog has found.
The search and advertising company admitted in May that its Street View cars had harvested information sent overWi-Fi networks. The company said it had collected "payload" data, but said it could not specify exactly what information it held, as its cars had gathered the data unintentionally. Data protection authorities in a number of countries are investigating the incident, including France's Commission nationale de l'informatique et des libertés (CNIL).
The French watchdog said on Thursday that its early investigation had found evidence of Google storing passwords and fragments of email picked up in the Street View sweep.
"Google recorded mailbox passwords, without people's knowledge," CNIL said in a statement. "Google saved extracts of the contents of electronic messages."
Following a request from the French agency, Google handed over two hard disks with on 4 June. Computer scientists from CNIL analysed the contents of the disks and found a large volume of login data, source code and audit reports. The CNIL said that it is too early to say whether any enforcement action will be taken.
Asked for comment, Google did not directly address CNIL's findings but did say that it is cooperating with the relevant authorities.
"We have reached out to the data protection authorities in the relevant countries, and are working with them to answer any questions they have," the company said in a statement. "Our ultimate objective is to delete the data consistent with our legal obligations and in consultation with the appropriate authorities."
Google's interception of Wi-Fi networks as part of its Street View operation came to light following an investigation by German data protection authorities.
The CNIL was one of the first national authorities to request the harvested data from Google, along with the Spanish and German authorities. The UK's privacy watchdog, the Information Commissioner's Office, has requested that Google delete the collected data. However, the company has retained the UK data as many other countries have retracted their earlier requests that data be deleted.