The UK privacy watchdog has launched an investigation into Google after it admitted copying household computer passwords and emails from unsecured wireless networks, when taking photographs for its Street View mapping service.
The Information Commissioner’s Office (ICO) said it would investigate, in light of a report in Canada that the company had potentially violated the privacy of thousands of Canadians. Similar findings are also emerging from other countries.
Google’s admission came after Canada’s privacy commissioner found Google had captured highly sensitive personal information with its Street View mapping cars. Seven privacy regulators in other jurisdictions have also analysed the data and revealed the full extent of what was copied, with reports due shortly from many others.
Fears over the data Google had collected first surfaced in May, with the company initially saying the it was only “fragmentary”.
In a statement published on its official blog, the Californian-based company said it accepts that in some cases complete emails, usersnames and passwords had been inadvertently collected from unsecured wireless networks.
Alan Eustace, Google’s vice-president of engineering and research, said: “We want to delete this data as soon as possible, and I would like to apologise again for the fact that we collected it in the first place. We are mortified by what happened.”
He added it was clear from the external inspections that “while most of the data is fragmentary, in some instances entire emails and URLs [web addresses] were captured, as well as passwords”.
Alex Deane, director of privacy campaign group Big Brother Watch, said: “As if building up a database of photographs of millions of people’s private homes wasn’t enough, the news that Google has also harvested email addresses and passwords is nothing short of outrageous.”
Alma Whitten, Google’s new director of privacy said: “We are profoundly sorry for having mistakenly collected payload data from unencrypted networks. We are now strengthening our internal privacy and security practices with more people, more training and better procedures and compliance.”
The ICO said it had examined “samples” of payload data submitted by Google in May, and could not find evidence of compromising personal information, but would now re-examine.
An ICO spokesman said: “Earlier this year the ICO visited Google’s premises to make a preliminary assessment of the payload data it inadvertently collected while developing Google Street View. While the information we saw at the time did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await the findings of, the investigations carried out by our international counterparts.”
They added: “Now that these findings are starting to emerge, we understand that Google has accepted that in some instances entire URLs and emails have been captured.
We will be making enquires to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers.”
Source: The Guardian