The company's Street View cars turn out to have been gathering more than pictures.
Google on Friday said it had mistakenly collected data sent over WiFi networks using its Street View cars, an admission sure to strengthen the position of the privacy groups critical of the company's practices.
Following a recent request from the data protection authority in Hamburg, Germany, to audit the WiFi data recorded by cars gathering Street View images for the company, Google discovered that a statement it had made last month was inaccurate.
The company had said that while its Street View cars collected publicly broadcast WiFi network names and MAC addresses from WiFi routers as the vehicles drove about snapping pictures, no "payload data" -- the packets of data being transmitted over open WiFi networks -- was collected.
In fact, Google was gathering that information, by mistake, the company says.
Alan Eustace, SVP of research and engineering for the company, said in a contrite blog post that back in 2006, a Google engineer had written some experimental WiFi code that grabbed unprotected WiFi network data.
When Google started gathering SSID (WiFi network names) and router MAC addresses from WiFi networks using its Street View cars a year later, the engineering team involved included the experimental code in its software, despite having no interest in or use for the payload data.
Now Google is asking the relevant authorities how to get rid of the unwanted information.
"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible," said Eustace. "We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."
Eustace states flatly that Google "failed badly" and that Google will stop collecting SSID and MAC data from WiFi networks, along with payload data, entirely.
"We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake," he said.
Noting that the incident demonstrates how accessible data is on open public WiFi networks, Eustace also revealed that Google next week will begin offering an encrypted version of Google Search.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.