Google admitted Friday collecting small pieces of private information that people have sent through unencrypted wireless networks, and has contacted authorities in those countries to determine how to quickly dispose of it.
Alan Eustace, senior vice president of engineering and research at Google, admitted the mistake in a blog post. Google has mistakenly been collecting the data for about three years. The revelation occurred after the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that Street View cars collects for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted Google to re-examine everything the company had been collecting, and during the review the Mountain View, Calif. company discovered that a statement made two weeks ago in an earlier blog post was incorrect.
In that blog post on April 27, and in a technical note sent to data protection authorities the same day, Google admitted it did collect publicly broadcast SSID information and MAC addresses, the unique number given to a device like a WiFi router, using Street View cars. Eustace wrote that Google, however, did not collect payload data, information sent over the network. "But it's now clear that we have been mistakenly collecting samples of payload data from open (i.e., non-password-protected) WiFi networks, even though we never used that data in any Google products," he wrote.
Eustace explained the mistake in the post and how it happened. As soon as Google became aware of this problem, he wrote, "we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible." The plan is to delete the data as soon as possible.