Google Australia details dodgy Wi-Fi code

24

Google Australia engineering director Alan Noble spoke out at the company’s I/O event in Sydney yesterday about the code which collected public unsecured Wi-Fi details and brought the Google Maps Street View update to its knees.

“The short history of that was this was essentially an experimental code that was to be used for a completely different product, that was re-used by an engineer. This is where this was a mistake, it was definitely something that was not signed off by anyone,” Noble told journalists at the event yesterday.

The code scandal became public knowledge in a Google blog post on April 23, with the search giant disclosing that its Street View Cars had automatically been collecting some ‘payload’ data from unsecured Wi-Fi hotspots.

“What had been signed off as a project was the collection of Wi-Fi hotspot location information, so the intention was to capture Wi-Fi protocol information, not their information and — as its been documented at length — the error of our part was the ability to capture the data,” said Noble.

In a Google Blog Post updated on May 17 Google stated: “As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible.”

As for the unsecured Wi-Fi information collected, Noble said that Google was working with local regulatory departments to dispose of the data.

“So, yeah, I know that we’ve basically [done] a couple of things — so first thing quarantine the qualitative data that was collected in a secure area working with policy and regulatory agencies around the world. We would like to basically dispose of the data and be done with it — but we realise that this is obviously a sensitive issue, so we want to make sure it is done in a way that meets the requirements of the various regulatory organisations,” he said.

When questioned if Google would go through all of its code, Noble said: “We actually we do have quite a vigorous auditing system in place. Is every single line of Google code audited? No.”

Noble admitted that Google does have a lot to work on. “Do we audit our major systems in products? Yes so obviously we can improve that standard and this is a work in progress,” he said.

Yesterday, Communications Minister Stephen Conroy attacked Google for the Street View Wi-Fi collection mishap, stating that it was possibly “the largest privacy breach in history across Western democracies”.

24 COMMENTS

  1. I think it was good of them to admit it and are going about fixing it the right way. I don’t really feel sorry for anyone who is running an unsecured wifi spot. Conroy should come out of his Star Chamber and fess up to whats on his blacklist.

    • No, this is what happened:

      – German investigators were given access to one of the Google vehicles.
      – During the course of an investigation they noticed that the hard disk drive was missing from the vehicle.
      – They asked to examine the hard disk drive.
      – At this point Google made the “admission” and handed over the hard disk drive.

      You see, it was hardly voluntary.

        • I’ve read a lot, I’m sure you can find it on Google ;-)

          Now, here’s an update, and a link:

          “Google has not handed over sensitive data requested by German authorities, despite a deadline of 26 May.

          Dr Johannes Caspar, the Information Commissioner for Hamburg, Germany, told BBC News that there was “no sign” of the requested hard disk

          The firm has until midnight to hand over data harvested by its Street View cars from private wi-fi networks.

          A spokesperson for Google declined to comment further, but indicated that it would say more on the matter later. ”

          http://news.bbc.co.uk/2/hi/technology/10161393.stm

        • Here you go:

          “Mr. Caspar said he had inspected one of Google’s Street View recording vehicles at the company’s invitation this month and had noticed that the recording device’s hard drive had been removed. When he asked to view the drive, he said he was told he couldn’t read the information anyway because it was encoded. He said he pressed Google to disclose what type of information was being collected, which prompted the company to examine the storage unit.”

          http://www.nytimes.com/2010/05/16/technology/16google.html?partner=rss&emc=rss

          Satisfied?

          • Getting there :)

            Though from my opinion is still follows David Connors
            http://delimiter.com.au/2010/05/26/conroy-must-apologise-to-google-for-appalling-attack/#comment-7217

            I am an engineer and this is how I would do it. Lucky I have people looking over my shoulder too …

            Also I would like to highlight the second part of http://news.bbc.co.uk/2/hi/technology/10161393.stm

            But civil liberties group the Electronic Frontier Foundation has questioned the wisdom of passing the data to authorities.

            “Calls from some quarters for Google to simply turn over the data to the U.S. or other governments are wrong-headed,” said EFF Civil Liberties director Jennifer Granick in a post on the organisation’s website last week.

            “To allow a government to investigate a privacy breach by further violating privacy is senseless.”

            Google has said that it is in discussions with data protection authorities in all affected countries about what to do with the data.

          • “None” I should also I’m grateful for those links, they really round out the story.

          • Anytime. And an update:

            “Google’s refusal to meet the [German] deadline is the latest twist in a worsening public-relations crisis for Google, which had already been under increased scrutiny from U.S and European authorities worried about its growing market clout and privacy practices.

            Earlier on Wednesday a U.S. Congressional committee asked Google to clarify the scope of its Street View data collection and what the company has done with the personal data it gathered.”

            Re your additional comments: I don’t buy that it’s not appropriate to hand over the data to the privacy regulators as they are trying to assess the scope of the breach – they’re not out to data mine that information. What Google is doing is, in fact, withholding evidence (and I believe it is doing this because that data would incriminate it). I don’t buy Google’s reasons as if the data was innocuous it would have handed it over.

            Those of you who see ORGANISATIONS like Apple, Google and Facebook as a friend really need to look at themselves. These corporations don’t exist to do nice things for you, they exist to make money, and they make money with YOUR information. Now I’m not saying we should banish them (such monoliths), but some of the unswerving support I have seen in recent month borders on some sort of psychological affliction (I’m not a psychiatrist so I don’t know what to diagnose).

    • Hmm I agree. None, you have helped to round out the story here — I didn’t know all of the detail in this case, and although your links haven’t changed my beliefs about the fact that Google wasn’t setting out to destroy people’s privacy here and has tackled the situation ethically, you have definitely helped to bring me to a more rounded picture of the whole thing.

      I award you a slightly diminished troll stature ;)

    • Well, we don’t know that the AFP are actively investigating Google yet … what we do know is that the Attorney-General has referred the matter to the AFP. I have followed up with the AFP to ask them about the situation and am awaiting an answer.

Comments are closed.