Attacks/Breaches
7/30/2010
10:32 AM
50%
50%

Google Cleared Of UK Street View Privacy Breach

"Meaningful personal details" weren't disclosed when Google's cars collected publicly broadcast Wi-Fi network names and MAC addresses, finds British government authorities.

The British government's data-protection agency yesterday cleared Google of collecting "meaningful personal details" during the company's Street View wireless data breach earlier this year.

The Information Commissioner's Office (ICO) concluded Google's cars gathered only fragments and that this information could not be linked to identifiable individuals. In May, Google told Congress that, while its Street View cars collected publicly broadcast Wi-Fi network names and MAC addresses from Wi-Fi routers as the vehicles drove about taking photographs, they did not gather payload data and the information was collected by mistake.

"The information we saw does not include meaningful personal details that could be linked to an identifiable person," the ICO said in a statement. "There is also no evidence as yet that the data captured by Google has caused or could cause any individual detriment. Nevertheless, it was wrong to collect the information."

Google apologized after the breach was discovered.

"We welcome the news that the data protection authorities in the U.K. have found that the payload data contained no meaningful personal information," a Google spokesperson said in a statement. "As we said when we announced our mistake, we did not want and have never used any payload data in our products or services."

The British report likely will not affect investigations currently underway in Germany, the United States, France, and elsewhere.

"As we have only seen samples of the records collected in the U.K., we recognize that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals," Britain's ICO said. "We will be alerting Privacy International and others who have complained to us of our position. The Information Commissioner is taking a responsible and proportionate approach to this case. However, we remain vigilant and will be reviewing any relevant findings and evidence from our international counterparts' investigations."

In June, Connecticut attorney general Richard Blumenthal kicked-off an investigation into Google on behalf of several states. More than 30 states participated in a conference call, although it was unclear how many were actually involved in the inquiry.

"My office will lead a multistate investigation -- expected to involve a significant number of states -- into Google's deeply disturbing invasion of personal privacy," Blumenthal said in a statement at the time. "Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications."

Earlier that month, the French National Commission on Computing and Liberty (CNIL) released the findings of its Google Street View investigation which found that Google had captured e-mail account passwords as it grabbed data from unprotected Wi-Fi networks. However, Google said it had not captured any e-mail content.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.