Google fined 100K euros for Street View collection of Wi-Fi data

France's National Commission on Computing and Liberty slammed Google for collecting personal communications data

Google must pay a fine of €100,000 (US$142,000) for the unauthorized collection of information about the location of Wi-Fi hotspots in France by its Street View cars, France's National Commission on Computing and Liberty (CNIL) has ordered.

The cars, tasked with taking panoramic photos and 3D scans of buildings, and associating them with precise GPS (Global Positioning System) coordinates for Google's Street View service, also eavesdropped on Wi-Fi networks, recording their SSIDs (Service Set Identifiers) and MAC (Media Access Control) addresses, Google said last April, following an investigation by the data protection authority in Hamburg, Germany.

The next month, Google admitted that the cars had also inadvertently recorded fragments of communications traffic from unencrypted Wi-Fi networks. That disclosure prompted the CNIL and other European data protection authorities to launch their own investigations.

Google said its cars would typically have collected "only fragments of payload data" because of the unlikelihood that someone would be using the Wi-Fi network as its cars passed by, and because its in-car Wi-Fi equipment changed channels five times a second.

However, with Wi-Fi networks typically operating at up to 54M bps (bits per second), a car could capture a lot of data in a fifth of a second -- and that proved to be the case. The CNIL was the first such authority to be granted access by Google to the fruits of its eavesdropping, and its 32-page ruling reveals a number of instances in which intimate details of Internet users' browsing were captured.

For example, at 12:45 p.m. on June 2, 2008, at an address in Marseille, France, precisely located by its GPS coordinates, Google recorded the username and password of someone logging into a pornographic website. On March 26, 2009, at 3:03 p.m., Google recorded the username and password of someone logging into a site used to arrange sexual encounters with strangers, along with the person's location along a sparsely populated rural road north of the town of Carcasonne, France.

Other examples cited included details of a patient's care from a medical information system, and an exchange of e-mail messages between two people apparently organizing an adulterous affair.

"The analysis of the payload data enabled the determination with great precision the nature of the sites visited, the passwords used to access them, and the geographical location of the user," the CNIL's report said.

The CNIL also discovered that Google's cars didn't just record the MAC addresses of the Wi-Fi access points, as had previously been supposed, but the addresses of all devices connected to them, including PCs, printers and smartphones. On just one hard disk used to gather Street View data around the town of Millau, France, the CNIL found more than 6,000 SSIDs and more than 185,000 MAC addresses.

Google initially began recording the MAC addresses, SSIDs and GPS coordinates of Wi-Fi access points to improve its Google Latitude location-sharing service. The data enabled it to precisely locate users connecting to Latitude or Google Maps using Wi-Fi-capable mobile devices without GPS, a rare feature in smartphones at the time.

The CNIL acknowledged that Google had complied with its order of May 26, 2010, to stop collecting Wi-Fi data with its Street View cars, but criticized the company for continuing to use the data already collected without the permission of the owners of the Wi-Fi access points concerned.

It also slammed the company for continuing to collect the same data through other means: Smartphones today often have GPS and Wi-Fi, allowing Google to precisely locate Wi-Fi access points from its users' phones, rather than the other way around.

"The unfair character of the data collection continues, at least in part, and constitutes a persistent failure to comply with the terms of May 26, 2010 order," the CNIL's ruling said.

Now that the CNIL has completed its investigation, Google can at last delete the data it captured.

"Deleting the data has always been our priority, and we're happy the CNIL has given permission for us to do so," said Google Global Privacy Counsel Peter Fleischer via e-mail.

"We are profoundly sorry for having mistakenly collected payload data from unencrypted Wi-Fi networks. As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities," he said.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Internet-based applications and servicesMapsNetworkingwirelessWLANs / Wi-Fiinternetsearch enginesprivacyCriminalFrance's National Commission on Computing and Liberty (CNIL)Googlesecuritylegal

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?