Early last year Google landed in hot water when it was discovered that their Street View cars were collecting information on Wi-Fi hotspots for use in its geolocation service.
The Internet search giant defended its activities in Germany by explaining that they had instated a unique data security agreement with German agencies before using their Street View cars in that country.
In a post on Google’s official blog the company pointed out that companies like Skyhook Wireless and Germany’s own Fraunhofer Institute had been collecting such data for longer than Google has.
According to Skyhook’s website they also have coverage in a few locations in South Africa.
Then a public relations catastrophe: It was discovered that Google had actually been recording the traffic, or payload, travelling on unsecured Wi-Fi hotspots while they were collecting data.
A subsequent blog post offering a mea culpa explained that Google only needed the names (SSIDs) and hardware addresses (MACs) of Wi-Fi hotspots linked to geographic co-ordinates for their geolocation service, but unfortunately had collected more than that by mistake.
Google’s geolocation service is used in browsers such as Opera, Mozilla Firefox, and Google Chrome, as well as on mobile devices such as smartphones and tablets.
Data deleted, cars grounded
According to Google the collection of payload data was inadvertent and caused when a piece of code written in 2006 for a different project was reused in the Street View project.
A third party audit conducted by consulting firm Stotz Friedberg confirmed that only traffic sent over unsecured Wi-Fi networks was collected.
Even though Google took a number of steps to rectify the matter, including the introduction of measures to hopefully prevent such mistakes in future, they stated that they’ve stopped their Street View cars from collecting Wi-Fi data entirely.
Instead the information they need for their geolocation APIs will be collected from mobile devices running their software, Google said. Users are able to opt out of using Google’s geolocation and API and not sharing their location information with Google, but company representatives have indicated that the vast majority of users elect to make use of the service.
In an update dated 17 May 2010, Google said that the Wi-Fi traffic data that was collected in Ireland had been deleted in the presence of a third party.
“We are reaching out to Data Protection Authorities in the other relevant countries about how to dispose of the remaining data as quickly as possible,” the update dated 17 May 2010 read.
South Africa among the countries affected
It turns out that South Africa is one of those relevant countries.
Julie Taylor, communication and public affairs officer for sub-Saharan Africa at Google, confirmed the list of affected countries which included South Africa.
“Please note that we are no longer collecting Wi-Fi data,” Taylor emphasized.
“We have had an independent security expert confirm that we’ve taken all the WiFi data collection equipment off of our cars. Going forward our cars will only be collecting photos and 3D imagery, as they have done before.”
It isn’t clear whether the data collected in South Africa has been deleted as no South African agency seems to have raised any concerns about potential invasions of privacy.
Google SA wasn’t able to clarify the matter by the time of publication as some of the relevant staff were still on leave. Taylor indicated that they should be back in the office on Monday, 10 January 2010.
Collecting Wi-Fi traffic << Invasion of privacy or just desserts for leaving your hotspot unsecured?