Following a recent request from the data protection authority in Hamburg, Germany, to audit the WiFi data recorded by cars gathering Street View images for the company, Google discovered that a statement it had made last month was inaccurate.
The company had said that while its Street View cars collected publicly broadcast WiFi network names and MAC addresses from WiFi routers as the vehicles drove about snapping pictures, no "payload data" -- the packets of data being transmitted over open WiFi networks -- was collected.
In fact, Google was gathering that information, by mistake, the company says.
Alan Eustace, SVP of research and engineering for the company, said in a contrite blog post that back in 2006, a Google engineer had written some experimental WiFi code that grabbed unprotected WiFi network data.
When Google started gathering SSID (WiFi network names) and router MAC addresses from WiFi networks using its Street View cars a year later, the engineering team involved included the experimental code in its software, despite having no interest in or use for the payload data.
Now Google is asking the relevant authorities how to get rid of the unwanted information.
"As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible," said Eustace. "We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."
Eustace states flatly that Google "failed badly" and that Google will stop collecting SSID and MAC data from WiFi networks, along with payload data, entirely.
"We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake," he said.
Noting that the incident demonstrates how accessible data is on open public WiFi networks, Eustace also revealed that Google next week will begin offering an encrypted version of Google Search.