Google only spied on public data

Google's decision to stop its Street View cars collecting harmless data on the location of Wi-Fi hotspots (including in Australia) is an overreaction to the baseless concerns of a few privacy experts and should be reversed.
Written by Renai LeMay, Contributor

commentary Google's decision to stop its Street View cars collecting harmless data on the location of Wi-Fi hotspots (including in Australia) is an overreaction to the baseless concerns of a few privacy experts and should be reversed.

For those of you not up-to-date on this little storm in a teacup, here's what has happened so far.

In a post on 23 April, the search giant discussed on its Lat Long blog (which is used by the developers of its geographic Earth and Maps services to post updates) the fact that its Street View cars were simultaneously collecting data on Wi-Fi hotspots as they drove around populated countries automatically taking photos.

It's not the first time Google has discussed the Wi-Fi data collection — as the blog entry notes, it had publicly revealed the practice as early as August 2008 — two years ago. But certainly there were quite a few people that weren't paying attention back then and were surprised by Google's admission.

Part of the reason for Google's blog post was the fact that German authorities had asked for more information about its data collection habits.

The blog post also attracted the interest of the Australian Privacy Foundation and Electronic Frontiers Australia, which sent a concerned letter (PDF) to the search giant demanding more information. And with good cause.

It turned out that Google had been collecting data it shouldn't have — its cars have not just been cataloguing the locations of Wi-Fi networks as they drive around global neighbourhoods — but also collecting snippets of unencrypted data as they had been doing so.

In an apologetic blog post, Google's senior vice president of Engineering and Research, Alan Eustace, said the search giant would delete the data and stop collecting Wi-Fi data (including, we have verified, in Australia). "The engineering team at Google works hard to earn your trust — and we are acutely aware that we failed badly here," he wrote.

Now, I applaud Google's decision to delete any unencrypted data it may have collected with its Street View cars. Not because collecting that data was in some way evil — if you leave your wireless network unsecured, you deserve everything you get — but simply because it's a bad look for a corporation to be snooping packets like this.

But, in my opinion, to simply stop collecting Wi-Fi network data as a whole is an overreaction on Google's part.

Privacy experts and "Data Protection Commissioners" from Europe need to realise that like the photos its Street View cars have been taking, the Wi-Fi network data that Google has been collecting is publicly available information.

There is no difference between collecting Wi-Fi network address data such as SSID and MAC addresses and taking a photo of someone's house. One constitutes collection of data about an address' physical appearance — and one about its electronic infrastructure. Both sources of information are publicly available.

Furthermore, there is a valid and useful purpose in Google collecting that data — and it is in a unique position to be able to do so.

As Google's own blog posts have noted, it is very useful for smartphones such as the iPhone, or a Google Android handset, to store a list of Wi-Fi hotspots and use this data to quickly deliver geographical information to the user about their surrounds.

"By treating Wi-Fi access points or cell towers as 'beacons', smartphones are able to fix their general location quickly in a power-efficient way, even while they may be working on a more precise GPS-based location," Google's original blog on the subject states, noting that this is precisely how the first-generation iPhone worked, before Apple added satellite GPS functionality to the device.

Using Wi-Fi networks in this way does not violate users' privacy — Google's own blog notes that this triangulation of geographical information can be done without any intrusion into the Wi-Fi networks themselves — just noting which ones are accessible.

And users also have ways of protecting themselves against even inadvertent access to their Wi-Fi networks — through using WPA or even the lesser WEP encryption technology, setting MAC address limitations as to who can connect to the network and even hiding the SSID broadcast.

Hell, if you're that worried about the security of your data, you wouldn't be running a Wi-Fi network in the first place. Those who spend their lives obsessed with security would be more likely to depend on wired connections, which are 10 times harder to snoop, because you need access to the physical premises instead of ... the air around someone's house.

In its corporate history, Google has stepped over the line into being "evil" several times, breaking its organisational motto in the process. And it will again — that's the nature of corporations. It is too big and too complex to completely control.

But this isn't one of those cases. Collecting Wi-Fi network data is a prime example of the reason Google exists — to collect and organise the world's information and make it useful to humans.

So stop overreacting to this privacy mini-storm, Google, and stand up for your rights to do what you can with information that is freely and publicly available and which can, after all, be controlled by its owners.

Editorial standards