Google's Wi-Fi net caught passwords, says France

Google's Wi-Fi net caught passwords, says France

Summary: Street View cars recorded mailbox passwords and parts of emails as part of their logging of households' Wi-Fi networks, according to the French privacy authority CNIL

TOPICS: Security

Google intercepted passwords and email content while it was collecting unsecured Wi-Fi data from households, the French privacy watchdog has found.

The search and advertising company admitted in May that its Street View cars had harvested information sent overWi-Fi networks. The company said it had collected "payload" data, but said it could not specify exactly what information it held, as its cars had gathered the data unintentionally. Data protection authorities in a number of countries are investigating the incident, including France's Commission nationale de l'informatique et des libertés (CNIL).

The French watchdog said on Thursday that its early investigation had found evidence of Google storing passwords and fragments of email picked up in the Street View sweep.

"Google recorded mailbox passwords, without people's knowledge," CNIL said in a statement. "Google saved extracts of the contents of electronic messages."

Read this

Google explains why Street View cars record Wi-Fi data

In a letter to data protection authorities across Europe, Google said it needs to record houses' Wi-Fi data to help it provide location-based services

Read more+

Following a request from the French agency, Google handed over two hard disks with on 4 June. Computer scientists from CNIL analysed the contents of the disks and found a large volume of login data, source code and audit reports. The CNIL said that it is too early to say whether any enforcement action will be taken.

Asked for comment, Google did not directly address CNIL's findings but did say that it is cooperating with the relevant authorities.

"We have reached out to the data protection authorities in the relevant countries, and are working with them to answer any questions they have," the company said in a statement. "Our ultimate objective is to delete the data consistent with our legal obligations and in consultation with the appropriate authorities."

Google's interception of Wi-Fi networks as part of its Street View operation came to light following an investigation by German data protection authorities.

The CNIL was one of the first national authorities to request the harvested data from Google, along with the Spanish and German authorities. The UK's privacy watchdog, the Information Commissioner's Office, has requested that Google delete the collected data. However, the company has retained the UK data as many other countries have retracted their earlier requests that data be deleted.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion