Attacks/Breaches
7/30/2010
10:32 AM
50%
50%

Google Cleared Of UK Street View Privacy Breach

"Meaningful personal details" weren't disclosed when Google's cars collected publicly broadcast Wi-Fi network names and MAC addresses, finds British government authorities.

The British government's data-protection agency yesterday cleared Google of collecting "meaningful personal details" during the company's Street View wireless data breach earlier this year.

The Information Commissioner's Office (ICO) concluded Google's cars gathered only fragments and that this information could not be linked to identifiable individuals. In May, Google told Congress that, while its Street View cars collected publicly broadcast Wi-Fi network names and MAC addresses from Wi-Fi routers as the vehicles drove about taking photographs, they did not gather payload data and the information was collected by mistake.

"The information we saw does not include meaningful personal details that could be linked to an identifiable person," the ICO said in a statement. "There is also no evidence as yet that the data captured by Google has caused or could cause any individual detriment. Nevertheless, it was wrong to collect the information."

Google apologized after the breach was discovered.

"We welcome the news that the data protection authorities in the U.K. have found that the payload data contained no meaningful personal information," a Google spokesperson said in a statement. "As we said when we announced our mistake, we did not want and have never used any payload data in our products or services."

The British report likely will not affect investigations currently underway in Germany, the United States, France, and elsewhere.

"As we have only seen samples of the records collected in the U.K., we recognize that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals," Britain's ICO said. "We will be alerting Privacy International and others who have complained to us of our position. The Information Commissioner is taking a responsible and proportionate approach to this case. However, we remain vigilant and will be reviewing any relevant findings and evidence from our international counterparts' investigations."

In June, Connecticut attorney general Richard Blumenthal kicked-off an investigation into Google on behalf of several states. More than 30 states participated in a conference call, although it was unclear how many were actually involved in the inquiry.

"My office will lead a multistate investigation -- expected to involve a significant number of states -- into Google's deeply disturbing invasion of personal privacy," Blumenthal said in a statement at the time. "Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications."

Earlier that month, the French National Commission on Computing and Liberty (CNIL) released the findings of its Google Street View investigation which found that Google had captured e-mail account passwords as it grabbed data from unprotected Wi-Fi networks. However, Google said it had not captured any e-mail content.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

CVE-2015-4232
Published: 2015-07-03
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

CVE-2015-4234
Published: 2015-07-03
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

CVE-2015-4237
Published: 2015-07-03
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv0...

CVE-2015-4239
Published: 2015-07-03
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report