UK Orders Google to Delete Last of Street View Wi-Fi Data

The UK Information Commissioner’s Office (ICO) has given Google 35 days to delete illegally obtained information collected by its Street View cars. This data includes media access control (MAC) addresses, network SSIDs, private email content, instant messages, photos, and passwords. The data was collected between 2007 and 2010, during the early years of Google’s Street View feature. In 2010, amid global uproar over invasions of privacy, it came to light that Google’s Street View cars had not only been collecting images, but also information from unsecured WiFi networks. The data was thought to have been destroyed, but in July 2012 Google admitted to having retained some.

At first, Google claimed that the illegal data collection was solely the work of one rogue engineer (called “Engineer Doe” in U.S. regulatory statements), who had written code that allowed the data to be gathered from the Street View cars. But during subsequent investigations, the engineer revealed to the U.S. Federal Communications Commission that at least one top official and two other employees had known about the illegal wiretapping.

A total of twelve countries have proceeded with investigations regarding Google’s behavior, with nine eventually finding Google guilty of violating their privacy laws. In March, 38 states and the District of Columbia reached a US $7 million settlement with Google for privacy violations.

In April 2012, the UK reopened investigations after the company,in a letter to the UK Information Commissioner, admitted to having retained data. Despite this the ICO maintains that not enough actual damage was done to warrant a punishment. “Failure to abide by the notice will be considered as contempt of court, which is a criminal offense,” said Stephen Eckersley, head of enforcement for ICO in a statement.

During the initial investigation, Google promised to delete all of the ill-gotten data. The company maintains that its possession of this remaining payload of data was purely accidental. This past Friday, Google released a statement quoted by many news organizations:  “We work hard to get privacy right at Google. But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it. We co-operated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."

Photo: Harold Cunningham/Getty Images

Related Stories

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement
Advertisement