Over the summer we learned that Google accidentally left a packet sniffing application active in its street view mapping vehicles and this software gathered personal information from unencrypted (without a password) WiFi networks. This error happened not just in Canada, but around the world leading to a rather red-faced Google apologizing for its error. While this incident should have driven home the need for people to secure their own home wireless networks and be more careful when using public, open WiFi, there were actually larger issues at stake:
“Our investigation shows that Google did capture personal information — and, in some cases, highly sensitive personal information such as complete e-mails. This incident was a serious violation of Canadians’ privacy rights,” Privacy Commissioner Jennifer Stoddart stated Tuesday.
Google, for their part, has apologized again and has promised to both continue to cooperate with the Privacy Commissioner and comply with the order to remove the sensitive data. Google has until February 1st to remove the data from its server and with that done the Privacy Commissioner has said that the matter will be closed.
While Google has been publicly (and rightfully) chastised for not being more careful about what software was running on its Street View cars, personally, I think this should remind all of us that WiFi not secured with at least WEP (WPA-2 is better of course) is free and open for the snooping. While mapping the WiFi networks in a given area the open WiFi points were throwing the data that Google kept (and it didn’t have to keep or log it) right at Google.
The Privacy Commissioner is right, Google shouldn’t have done it and needs to delete the data, on the other hand an ounce of prevention (passwords) is worth a pound of credit card info.