Wi-Fi traffic intercepted by Google's Street View cars included passwords and email, according to the French National Commission on Computing and Liberty (CNIL).
CNIL launched an investigation last month into Google's recording of traffic carried over unencrypted Wi-Fi networks, and has begun examining the data Google handed over as part of that investigation.
Google revealed on May 14 that the fleet of vehicles it operates to compile panoramic images of city streets for its Google Maps site had inadvertently recorded traffic from unencrypted Wi-Fi networks. Google's intention was only to record the identity and position of Wi-Fi hotspots in order to power a location service it operates, the company said. However, the software it used to record that information went much further, intercepting and storing data packets too.
At the time, Google said it only collected "fragments" of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54M bits per second, it always seemed likely that those one-fifth of a second recordings would contain more than just "fragments" of personal data.
That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.
"It's still too early to say what will happen as a result of this investigation," CNIL said Thursday.
"However, we can already state that [...] Google did indeed record e-mail access passwords [and] extracts of the content of email messages," CNIL said.
Data protection authorities in Spain and Germany have also asked Google for access to Wi-Fi traffic data intercepted in their countries, but the CNIL was the first to have its request granted, it said.
Google also told CNIL that the data collected by the Street View cars is also used by other services, including Google Maps and Google Latitude, which allows users automatically transmit their location to friends, and to track others who choose to share their location via the service.
That's of interest to CNIL, because Google has still not made the necessary statutory declarations regarding its processing of personal data for the Latitude service in France.
Send comments and news tips to Peter at peter_sayer@idg.com.
Contact Us
Digg
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Comments received
Aryugaetu said on Fri, 18 Jun 2010
I fail to see what Google did wrong. These were non-encrypted broadcasts, not unlike playing your music loud and Google recorded a fraction of it as it drove by, and not the music industry is suing? The original intent seemed to be to merely map out the free public wifi hotspots. It's 2010, and WiFi is a ubiquitous means of communication, and if your router in not encrypted, don't blame the onlookers if you walk out of your house naked and into someone's video of the street.
moredhel said on Fri, 18 Jun 2010
If you're worried that Google caught your passwords and emails - why are you broadcasting them in the clear where anyone can? use SSL and switch on encryption in your Access Point, people.
lijntrekker said on Fri, 18 Jun 2010
According to Wikipedia, the UK Computer Misuse Act 1990, section 1 reads:
(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.
Click here for the latest reader comments