Canada’s Federal Privacy Commissioner Jennifer Stoddart has stated that Google broke Canada’s Privacy Law by collecting personal information from unsecured wireless networks across the country for its Street View application.
“Our investigation shows that Google did capture personal information — and, in some cases, highly sensitive personal information such as complete e-mails. This incident was a serious violation of Canadians’ privacy rights.”
The Office of the Privacy Commissioner began looking into Google’s data collection methods last June after several other countries as well as several U.S. states launched similar investigations. On September the Commissioner sent a letter to Google asking specific questions about the Street View application, and the ability of viewers to navigate within street-level imagery that was captured at an earlier date. In her letter Stoddart pointed out that although the imagery is meant to include major arteries of urban centers, downtown cores, tourist attractions, business or commercial centers, airports, high growth and developing neighborhoods, sports facilities and arenas, “there are also numerous images of individuals contained in the Street View application. Many of the images are of sufficient resolution and close enough to allow individuals to be identified, to discern what activities they are engaged in and to situate their geographic whereabouts.”
The Commissioner went on to say that “Our Office considers images of individuals that are sufficiently clear to allow an individual to be identified to be personal information within the meaning of PIPEDA. (…) I understand that there is a function within Street View which allows viewers to request that certain images be removed. This is only a partial solution, however, given that individuals may not be aware that images relating to them are on Street View. As well, by the time individuals become aware that images relating to them are contained in Street View, their privacy rights may already have been affected.”
One such famous case was that of EFF staff attorney Kevin Bankston, who was caught smoking a cigarette outside EFF’s San Francisco office by Amazon’s discontinued A9 service a few years ago. He’d been trying conceal his smoking from his family. Bankston, who incidentally is a privacy advocate, has recently been recorded against his will again, this time by Street View, that caught him walking to work a few blocks away from EFF.
But the real problem now comes from the activities of the Street View cars, the vehicles Google uses to collect information for its mapping service. The cars are equipped with directional cameras for the 360° views, a GPS unit for positioning and laser range scanners. Governments around the world are growing increasingly concerned about the possible breach of privacy they constitute. Last May Germany launched a criminal investigation into Google’s Street View cars, and found they had been scanning unsecured Wi-Fi networks and collecting private user data–small bits personal information, accessed websites, and email messages. On August, police in South Korea stormed Google’s headquarters in Seoul, and seized hard drives and other documents, while accusing Google of “unauthorized collection and storage of data on unspecified Internet users from wi-fi networks.” And on Monday, Spain’s Data Protection Agency said that Google’s methods of data collection are seen as two serious infractions and three very serious infractions.
Google claims it was totally unaware it was collecting that kind of personal data and that is all the result of a “programming error” in a code developed in 2006 by a Google engineer, who warned at the time that his work might have “superficial privacy implications.”
Canada’s investigation concluded the incident was a result of a Google engineer’s “careless error” in addition to a lack of controls to ensure necessary measures to protect individual privacy were followed. Personal information collected by Google’s iconic Street View cars included complete emails, email addresses, user names and passwords, names and residential telephone numbers and addresses from thousands of Canadians. Some particularly sensitive information was also captured, such as a list of people suffering from certain medical conditions complete with their full names and contact information.
After recognizing the problem, Google stopped its Street View cars from collecting data and informed Canada’s Privacy Commissioner about the incident. Google claimed then that the collection of “payload data,” which refers to content of specific communications, like the text of emails sent via unsecured WiFi, was entirely unintentional.
Ms. Stoddart sent technical experts to Google’s Mountain View, California headquarters over the summer to personally examine the Street View data collected in Canada. “This incident was the result of a careless error – one that could easily be avoided,” Ms. Stoddart said later. She has given Google a deadline of February 1, 2011 to delete all offending Canadian data, at which point her office will consider the matter resolved.
“As we have said before, we are profoundly sorry for having mistakenly collected payload data from unencrypted networks. As soon as we realized what had happened, we stopped collecting all WiFi data from our Street View cars and immediately informed the authorities. We have been working with the Office of the Privacy Commissioner in its investigation and will continue to answer the commissioner’s questions and concerns,” a spokesperson from Google Canada said.
Read more:
Google broke Canada Privacy
StreetView Privacy
I just signed up to your blogs rss feed.
Will you post more on this subject? Privacy issues are my daily struggle nowadays.
Google Street View Cars Collected E-Mail Credentials:
http://blogs.pcmag.com/securitywatch/2010/10/google_street_view_cars
Google’s Street View are specializing in peeking inside private networks. South Korea is a unambiguous of most hopeful countries in terms of propagative betterment, which means they won’t tolerate that kind of intrusion.
Google should have been prosecuted, they broke the law, and they did the same in other countries – though that is not for Canada to prosecute..
Google committed a ‘serious violation’ of Canada’ privacy laws, but really, they are all doing it all the time. From the time you type a search on Google they’re already collecting information on you.
If you are connected to the Internet DO NOT have any compromising information in that computer, that’s the only way to protect your privacy
Imaginative, but why would Google need to get that information in such a primitive way?
If they really wanted to, they could just peep on all their Gmail users, right?
In Korea, the Cyber Terror Response Center, the National Police Agency’s Internet crime unit, has determined that Street View mapping service had gathered sensitive private information from unencrypted wireless networks during the filming process.
Police raided its Korean branch office, Google Korea, last August and confiscated computer hard drives and paper documents.
“We are looking to penalize whoever ordered and developed the program, but are unsure as of yet who that might be, Even after we confirm the identity of the suspect, we believe it will most likely be a U.S. citizen, and it is unclear whether the Korean Police Agency can prosecute those involved,” said a police official.
Street View belongs to the Dark Powers of Evil, they are using these to control the population, they now have all our information from our routers
How nonsense! Who cares? Google already infiltrates our lives through their search engine , e-mail, etc.
It makes no difference, they already know all there is to know!
Kind Regards, Joseph