The Australian Federal Police (AFP) has sought legal advice over the revelation that Google collected email and password information through its Street View cars.
In May, Google said that only "publicly broadcast SSID information and Mac addresses" had been collected by its Street View cars, amounting to around 600 gigabytes worth of data from over 30 countries; however, subsequent investigation by some of the affected countries found otherwise.
In a blog post on Friday, the internet giant admitted that it had collected some emails and password information from people's unencrypted Wi-Fi networks through its Street View cars.
"It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologise again for the fact that we collected it in the first place," Google's senior vice president of engineering and research, Alan Eustace, said.
"We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users."
In June, Attorney-General Robert McClelland referred the matter for investigation to the AFP, but by July no investigation had yet been launched.
In a statement provided to ZDNet Australia, the AFP said that it had evaluated the case for possible breaches of the Telecommunications (Interception and Access) Act 1979 as well as various state surveillance devices laws, but has now sought further advice on the matter.
"The AFP has sought legal advice to seek to clarify aspects of legislation relevant to the alleged actions reportedly undertaken by Google," the AFP said in a statement. "Evaluation of the matter is ongoing and may be protracted due to the complex nature of these types of matters."
"The AFP will continue to work with appropriate organisations including the Office of the Privacy Commissioner and the Attorney-General's Department in the process of resolving this matter."
The Australian Privacy Commissioner — then Karen Curtis — investigated the case at the time found that Google had in fact breached the Privacy Act. The Office of the Privacy Commissioner had not responded to requests for comment at the time of writing.
The Attorney-General's Department told ZDNet Australia in a statement that it referred the matter to the AFP on 3 June and it would be inappropriate to provide further comment.