10:32 AM

Google Cleared Of UK Street View Privacy Breach

"Meaningful personal details" weren't disclosed when Google's cars collected publicly broadcast Wi-Fi network names and MAC addresses, finds British government authorities.

The British government's data-protection agency yesterday cleared Google of collecting "meaningful personal details" during the company's Street View wireless data breach earlier this year.

The Information Commissioner's Office (ICO) concluded Google's cars gathered only fragments and that this information could not be linked to identifiable individuals. In May, Google told Congress that, while its Street View cars collected publicly broadcast Wi-Fi network names and MAC addresses from Wi-Fi routers as the vehicles drove about taking photographs, they did not gather payload data and the information was collected by mistake.

"The information we saw does not include meaningful personal details that could be linked to an identifiable person," the ICO said in a statement. "There is also no evidence as yet that the data captured by Google has caused or could cause any individual detriment. Nevertheless, it was wrong to collect the information."

Google apologized after the breach was discovered.

"We welcome the news that the data protection authorities in the U.K. have found that the payload data contained no meaningful personal information," a Google spokesperson said in a statement. "As we said when we announced our mistake, we did not want and have never used any payload data in our products or services."

The British report likely will not affect investigations currently underway in Germany, the United States, France, and elsewhere.

"As we have only seen samples of the records collected in the U.K., we recognize that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals," Britain's ICO said. "We will be alerting Privacy International and others who have complained to us of our position. The Information Commissioner is taking a responsible and proportionate approach to this case. However, we remain vigilant and will be reviewing any relevant findings and evidence from our international counterparts' investigations."

In June, Connecticut attorney general Richard Blumenthal kicked-off an investigation into Google on behalf of several states. More than 30 states participated in a conference call, although it was unclear how many were actually involved in the inquiry.

"My office will lead a multistate investigation -- expected to involve a significant number of states -- into Google's deeply disturbing invasion of personal privacy," Blumenthal said in a statement at the time. "Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications."

Earlier that month, the French National Commission on Computing and Liberty (CNIL) released the findings of its Google Street View investigation which found that Google had captured e-mail account passwords as it grabbed data from unprotected Wi-Fi networks. However, Google said it had not captured any e-mail content.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio