06:04 PM
Connect Directly

Google 'Mortified' Over WiFi Data Gathering

New procedures have been implemented to prevent similar incidents from occurring.

Google on Friday confirmed that its Street View cars had inadvertently captured e-mail messages and passwords during their image gathering missions, the result of WiFi sniffing software that was included in Street View cars without authorization.

The acknowledgment comes after data protection authorities in Canada and Spain said as much following the conclusion of investigations into Google's WiFi data gathering in those countries.

Google VP of engineering and research Alan Eustace, who first disclosed the company's WiFi data gathering in May, apologized again and promised changes to prevent similar incidents in the future.

"We work hard at Google to earn your trust, and we’re acutely aware that we failed badly here," he said in a blog post.

Eustace announced three specific steps Google is taking to prevent future privacy missteps.

First, the company has appointed Alma Whitten to be its director of privacy, a position that will span both engineering and product management. Whitten will be reporting to Bill Coughran, SVP of engineering, and Jonathan Rosenberg, SVP of product management. Google already has a global director of privacy, Peter Fleischer.

Second, Google will require all employees to participate in a new information security awareness program, in additional to longstanding training on the company's privacy principles and code of conduct.

Third, Google is adding a new internal compliance process by which every engineering product manager will be required to maintain a privacy design document for every project. The document is intended to serve as a guide for Google managers and an internal team of auditors.

Google may also want to add a ban on privacy-related humor, or perhaps limit CEO Eric Schmidt to April 1st speaking engagements. On Friday, in a CNN interview, Schmidt joked that if you don't like Street View cars taking pictures of your house, you can always move. Stories about the incident tease readers with the possibility that Schmidt was being serious, because outrage-bait gets readers.

Schmidt made a similar joke when he suggested that people change their names upon reaching adulthood to escape search results associated with their past. That joke too failed to be appreciated as humor.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.