Google didn’t collect bank data: Privacy Commissioner


Federal Privacy Commissioner Karen Curtis appears to have directly contradicted a claim by Communications Minister Stephen Conroy that Google may have collected internet banking information as part of Wi-Fi data scooped up by its Street View cars as they travelled the globe.

“Australian banks use secure internet connections and my office is not aware of any instances where banking information has been collected,” said Curtis in a statement issued to Delimiter this morning. This story appears to have been first published by the Sydney Morning Herald.

The commissioner echoed comments by the System Administrators Guild of Australia that banks used encrypted connections (SSL) with their customers as part of internet banking systems — meaning Google would not have been able to collect the information.

“Google have also assured my office that they have not collected payload data that was transmitted over encrypted Wi-Fi networks. This advice has been confirmed by an independent review conducted by Stroz Friedberg,” said Curtis. The office of Stephen Conroy has been invited by email to comment on Curtis’s remarks — any response will be added into this article.

In a broader sense, Curtis also echoed comments by Google that the data was only collected in brief chunks that may not divulge useful information.

“At this stage, it appears payload data that has been collected comprises only fragments — 0.2-second snatches. My office has not examined the payload data collected, and we have told Google not to examine it. The office is currently considering all the information that Google has provided and what recommendations it will make to Google,” she said.

The commissioner noted that under the Privacy Act she was limited as to what she could say during an investigation. However, she confirmed that her office had met with Google staff on 17 May this year and had put a number of questions to the search giant after the meeting. “Google have answered those questions, and have advised my office that they mistakenly collected data from unprotected Wi-Fi networks in Australia,” she said.

“We continue to liaise with the Attorney-General’s Department and the Australian Federal Police in respect of their consideration of any potential breach of the Telecommunications Interception Act. My office’s investigation is focussed on compliance with the Privacy Act. As part of our investigation we are working with our international privacy counterparts. Once my investigation concludes, I will be making a public statement.”

Google’s Wi-Fi gaffe became an international controversy when it was discovered in May that its Street View cars were simultaneously collecting some payload data on Wi-Fi hotspots as they drove around populated countries automatically taking photos.

The company had been collecting publicly available information on the Wi-Fi hotspots to aid with various tasks – such as triangulating geographical locations – and said it had accidentally collected some of the traffic passing through them.

Google’s senior vice president of Engineering and Research, Alan Eustance, said the search giant would delete the data and stop collecting Wi-Fi data, period (including in Australia). “The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here,” he wrote.

However, the potential privacy breach has not been received well, with governments around the globe expressing outrage towards Google over the matter. In Australia, Communications Minister Stephen Conroy has described the Google breach as possibly “the largest privacy breach in history across Western democracies”.

Image credit: mrkathika, Creative Commons


  1. I find it ironic that the “largest privacy breach in history” (unintentional) will, if Conroy has his way, soon lose it’s primacy to a system that inspects each and every request (not just 0.2 second snatches).

  2. French National Commission on Computing and Liberty investigated the data collected in France and said they found that Google had collected passwords and emails.

  3. Renai, I don’t like Conroy any more than most people but you seem to really have it in for the guy, taking a swipe any time you get half a chance. Like Jenna said, the French National Commission on Computing and Liberty have examined the data and found that passwords and e-mails were collected, which shows that a lot of information can be gleamed from the 0.2 second chunks of data that you’ve quoted in your article. I think this somewhat vindicates Conroy’s claim that it was a major breach of privacy and worthy of his condemnation, not just return fire on Google for criticizing the Mandatory Internet Filter.

    I’d also just remind you that without him and Rudd, there’d most likely be no plan for improving broadband and telecommunications competition like we do now, so go easy.

    • Hold yer horses! I’m no Conroy lover and my thoughts on the matter are somewhat similar to Renai’s. What Conroy had said about the issue were blatant rantings of a drama queen – his opinion of bank details getting hoovered up by Google were completely unfounded.
      I was just threw that comment into the mix for some global perspective.

      • I only mentioned you Jenna because you raised the findings of the French National Commission on Computing and Liberty, I wasn’t suggesting that you supported Conroy.

    • hey Eddie, firstly, it’s my job as a technology journalist to keep the technology minister accountable by exposing fallacies in his arguments — and this is exactly what I am doing here. Conroy was technically wrong to state that internet banking information could have been captured by Google, it it’s important to note when politicians in important positions of power are wrong.

      Secondly, yes, Google should be investigated, but Conroy (as he did with the iiNet trial) has done much already to prejudice that investigation by commenting extremely negatively and falsely (about the banking data) in public. A minister in such a powerful position needs to remain above the industry — not in the thick of it, swinging for all his might.

      It’s my job to call it as I see it, and while I admit some of Conroy’s policies have been positive (say, digital TV, or broadly, the NBN, although I think much of the detail in the policy is bungled), in general he has done much to frustrate, annoy and damage Australia’s technology sector during his time in power. In addition, he has rarely demonstrated any real understanding of the technology that he is in charge of regulating.

      I’m sorry, but I have to call it as I see it.

  4. If you’re using an unsecured wireless connection, I would argue, that you almost deserve to have something happen to you.

    At the end of the day I don’t think we will know until the investigation is complete (and considering how well reports and what not into the internet are released, we could be waiting for a while… Mind you Google is pretty hated by Conroy, if it’s damning enough we might see a quick release) what exactly was collected.

    Fingers crossed it serves as a reminder to those people with unsecured connections, to secure them (… yeah I didn’t think so either)

    • I agree with your opinion of those who have unsecured connections almost deserve to have something happen or at worst just reminded to secure them.
      Over the years people are becoming increasingly aware of the importance securing their networks and are taking the necessary security measures. Verrrry slowwwlly

  5. You know what would stop this in future? Getting modem manufacturers to have a switch on the side of their modem which can switch between WEP, WPA and WPA2 encryption making it easy for all the mum and dads out there. The underside of the modem could stickers with default randomly generated keys for each setting. To me, spending money on that sort of solution would benefit the public far more than an internet filter which is supposed to stop “spams and scams coming through the portal” or by forcing ISP’s to track browsing habits which (I might add) shouldn’t be needed if the filter was actually going to work properly.

    • The Belkin wireless router I bought, I got a Belkin USB wireless as well, and you just press a button on both and it creates a secure adhoc connection between the two

    • I don’t think having a switch between WEP, WPA and WPA2 would help. WEP has already been broken — why not just stick with WPA2, which everything supports these days?

      I think much of this unsecured wireless problem comes down to ISPs and hardware vendors shipping the devices with encryption and MAC address filtering turned on my default, with detailed instructions for users on how to connect their devices.

      Most people can read a manual for a VCR — and consumer routers don’t have to be that complicated in the surface settings.

      Some of this pre-setting is already going on — I think iiNet does a fair bit of remote config of its BoB devices.

Comments are closed.