No new Aussie review into Google W-Fi breach


news Contrary to a number of high-profile news articles published over the past 24 hours, Australia’s Privacy Commissioner will not open a new investigation into Google’s collection of Wi-Fi data by its Street View vehicles in Australia, following a new report by US regulators into the matter.

Several years ago, the search giant hit headlines for inadvertently collecting Wi-Fi payload data from wireless access points its vehicles passed as they took photos for its Street View service (part of Google Maps) travelled around the globe. The issue has been investigated by a number of privacy authorities around the world. After the Federal Privacy Commissioner finalised an investigation into the gaffe in July 2010, concluding that Google had breached the Australian Privacy Act with the data collection, Google had committed to conduct a privacy impact assessment on any new Street View data collection activities in Australia, and to delete the payload data it collected.

However, the US Federal Communications Commission recently published a new report into the incident, leading Australian Privacy Commissioner Timothy Pilgrim to state that his office would assess the new FCC report. Yesterday, a number of news outlets, such as and Sky News, incorrectly reported that a new Australian investigation could be opened up into the issue.

However, Pilgrim has posted a notice on the website of the Australian Privacy Commissioner stating that no new review will be undertaken. “I have decided not to open another investigation into Google Street View,” the commissioner wrote, noting that Google had already made a number of undertakings to Australian authorities with respect to the matter.

“I am satisfied that Google has complied with those undertakings and continues to keep our office informed of new developments. In reaching this decision, I have considered the FCC’s report and don’t consider that a new investigation would reveal any information that would change our original finding.”

“In the case of the 2010 Google investigation, undertakings were agreed between Google and the office as the Privacy Act does not currently allow me to impose any enforceable undertakings. I am pleased that the Government has introduced a Bill into the Parliament to amend the Privacy Act that will, amongst other things, give me access to enforceable remedies for investigations of this type.”

Not everyone agrees Google should stop collecting Wi-Fi data — a number of people, including systems administrators, pointed out last year that it was easily possible for users to secure their own wireless networks from public intrusion. Many broadband routers ship by default with this level of protection enabled, and the use to which Google put the legitimate data it collected was to allow smartphones to triangulate their location.

What a hilarious situation we had yesterday … various high-profile Australian media outlets reporting that a new investigation would go ahead, when the actual case was quite the opposite. And guess which version the international press picked up? Yeap. Completely inaccurate. But now it’s virtually gospel truth. Well, that’s the nature of the Internet, I guess.

I still don’t think Google should stop collecting Wi-Fi data. If you leave your wireless access point unsecured, that’s your own problem. Just like if you leave your front door open or your car door unlocked. Of course, the company shouldn’t have been collecting payload data. But the collection of data on Wi-Fi access points alone should not be seen as a problem; that information is, after all, very publicly available.

Image credit: Briony, Creative Commons


  1. While I agree that they shouldn’t be charged, I disagree strongly this is like leaving the front door to your house open.

    An unencrypted wifi network with active DHCP is an open invitation to use the network, a house with the front door open and sign saying “Open House” is an open invitation. If you don’t have a sign saying open house (or something to the effect, then someone walking into your house is still tress-pass.

    Bypassing the lock/encryption is break and enter.
    Even piss poor WEP security is an attempt to secure, so breaking wep which is trivial would be break and enter/tress-pass.

    But as I understand it Google only “Harvested” unencrypted/unsecured network data. That should be not just permitted but even encouraged in my view.

  2. “If you leave your wireless access point unsecured, that’s your own problem”: I disagree.
    If you leave your anti infra red shutters up and I happen to pass by with an infra red camera and take photos of what you do inside your house behind closed doors and windows, would that be your own problem? I think intent matters, and I think that most people with insecure wifi networks do not intend them to be intercepted; they are simply ignorant in the ways of the wifi. For a company like Google to abuse this ignorance is fairly unethical in my book.

    • I should apologise: I wrote the above in the heat of the moment after misunderstanding some of Renai’s text. Since I can’t retract I will say that while the above is an exaggeration of my real opinions, I do think there is a slippery slope we need to be careful not to fall into. In my opinion, Google should be punished for what it did, and in general data about people should only be gathered and maintained with the explicit approval of the tracked people.

Comments are closed.