Pages

Saturday, October 23, 2010

Google admits WiFi payload data included entire emails, passwords


Google has added a new post to its official blog covering measures being taken to create stronger security inside of Google and among its staff. The measures are in response to the WiFi payload data it mistakenly collected via Street View cars.

The post is notable for two reasons. The first is the length to which Google is taking new steps to ensure nothing like this happens again. The second is Google makes it clear not all of the data collected over WiFi is fragments and it actually contained full e-mails, URLs and password.

In the post Alan Eustace, senior VP of Engineering and Research at Google said:

Finally, I would like to take this opportunity to update one point in my May blog post. When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.

Google intends to delete that data as soon as possible and has apologized again for collecting it.

As for the new privacy controls, Google is taking a three-stage approach to ensuring internal privacy and security practices are enhanced.

Stage one has seen Alma Whitten become director of privacy for engineering and product management. Google intend to ensure privacy control is built into every product and service it ships.

Stage two is an enhancement to the training select groups inside Google, including engineers, receive beyond the standard privacy principles and Code of Conduct rules. New training will have, “a particular focus on the responsible collection, use and handling of data.” All employees will also be required to undertake a new information security awareness program.

Finally, stage three includes adding a requirement that engineering project leaders maintain a privacy design document for every project they work on. It will detail user privacy control and be subject to regular review both internally and by independent teams.

With these new measures Google is sending a very clear message: user privacy is key to its future projects and it really doesn’t want to have to deal with a mistake like this again

22 comments:

The Lazy Geographer said...

Quis custodiet ipsos custodes? Who Googles Google's Googles?

razortek said...

nice post man ty for info

Dbankai said...

At least they didn't sell the data. Unlike facebook.

Astra said...

oh google, please dont make me loose faith in you

happybuffet said...

Aw, man, horrible news. They only admit it now? I wonder what they're planning on doing with those driverless cars.

ModerneFusion said...

If google fails, the world fails.

njohnfixes said...

Coulda been worse, as Dbankai said.

Ken said...

Auch! Not good.....!

James said...

Google needs to stay strong! Who cares about peoples privacy :D

The Blogster said...

awesome article, keep it up

ImmaFrog said...

and we keep using google's blogger service...

Brah said...

very interesting man!

supporting

Swift Love said...

I'm worried about this

Fuuuuuuuu said...

nice, I like this

Mr. McKraken said...

It's kinda scary that this even happened. I'm glad I'm on a wired network.

Randy Weezner said...

ahah, of course it will

aZZo said...

Google is too powerful

amidoinitrite? said...

Google knows all

iRetiv said...

They better prevent this in the future!!

MacPCharmony said...

google violated me?

SituationAbs said...

It's really quite scary that they've been able to collect all of this data and that this is coming out afterwards. Obviously though they would only have been able to capture the packets of unsecured wifi networks, but even the ssid databases scare me...

Touch and Feel said...

et tu, Google? :'(

Post a Comment