Google fined 100K euros for Street View collection of Wi-Fi data

France's National Commission on Computing and Liberty slammed Google for collecting personal communications data

Google must pay a fine of €100,000 (US$142,000) for the unauthorized collection of information about the location of Wi-Fi hotspots in France by its Street View cars, France's National Commission on Computing and Liberty (CNIL) has ordered.

The cars, tasked with taking panoramic photos and 3D scans of buildings, and associating them with precise GPS (Global Positioning System) coordinates for Google's Street View service, also eavesdropped on Wi-Fi networks, recording their SSIDs (Service Set Identifiers) and MAC (Media Access Control) addresses, Google said last April, following an investigation by the data protection authority in Hamburg, Germany.

The next month, Google admitted that the cars had also inadvertently recorded fragments of communications traffic from unencrypted Wi-Fi networks. That disclosure prompted the CNIL and other European data protection authorities to launch their own investigations.

Google said its cars would typically have collected "only fragments of payload data" because of the unlikelihood that someone would be using the Wi-Fi network as its cars passed by, and because its in-car Wi-Fi equipment changed channels five times a second.

However, with Wi-Fi networks typically operating at up to 54M bps (bits per second), a car could capture a lot of data in a fifth of a second -- and that proved to be the case. The CNIL was the first such authority to be granted access by Google to the fruits of its eavesdropping, and its 32-page ruling reveals a number of instances in which intimate details of Internet users' browsing were captured.

For example, at 12:45 p.m. on June 2, 2008, at an address in Marseille, France, precisely located by its GPS coordinates, Google recorded the username and password of someone logging into a pornographic website. On March 26, 2009, at 3:03 p.m., Google recorded the username and password of someone logging into a site used to arrange sexual encounters with strangers, along with the person's location along a sparsely populated rural road north of the town of Carcasonne, France.

Other examples cited included details of a patient's care from a medical information system, and an exchange of e-mail messages between two people apparently organizing an adulterous affair.

"The analysis of the payload data enabled the determination with great precision the nature of the sites visited, the passwords used to access them, and the geographical location of the user," the CNIL's report said.

The CNIL also discovered that Google's cars didn't just record the MAC addresses of the Wi-Fi access points, as had previously been supposed, but the addresses of all devices connected to them, including PCs, printers and smartphones. On just one hard disk used to gather Street View data around the town of Millau, France, the CNIL found more than 6,000 SSIDs and more than 185,000 MAC addresses.

Google initially began recording the MAC addresses, SSIDs and GPS coordinates of Wi-Fi access points to improve its Google Latitude location-sharing service. The data enabled it to precisely locate users connecting to Latitude or Google Maps using Wi-Fi-capable mobile devices without GPS, a rare feature in smartphones at the time.

The CNIL acknowledged that Google had complied with its order of May 26, 2010, to stop collecting Wi-Fi data with its Street View cars, but criticized the company for continuing to use the data already collected without the permission of the owners of the Wi-Fi access points concerned.

It also slammed the company for continuing to collect the same data through other means: Smartphones today often have GPS and Wi-Fi, allowing Google to precisely locate Wi-Fi access points from its users' phones, rather than the other way around.

"The unfair character of the data collection continues, at least in part, and constitutes a persistent failure to comply with the terms of May 26, 2010 order," the CNIL's ruling said.

Now that the CNIL has completed its investigation, Google can at last delete the data it captured.

"Deleting the data has always been our priority, and we're happy the CNIL has given permission for us to do so," said Google Global Privacy Counsel Peter Fleischer via e-mail.

"We are profoundly sorry for having mistakenly collected payload data from unencrypted Wi-Fi networks. As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities," he said.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Join the PC World newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesMapsNetworkingwirelessWLANs / Wi-Fiinternetsearch enginesprivacyCriminalFrance's National Commission on Computing and Liberty (CNIL)Googlesecuritylegal

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?