Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/30/2010
10:32 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Google Cleared Of UK Street View Privacy Breach

"Meaningful personal details" weren't disclosed when Google's cars collected publicly broadcast Wi-Fi network names and MAC addresses, finds British government authorities.

The British government's data-protection agency yesterday cleared Google of collecting "meaningful personal details" during the company's Street View wireless data breach earlier this year.

The Information Commissioner's Office (ICO) concluded Google's cars gathered only fragments and that this information could not be linked to identifiable individuals. In May, Google told Congress that, while its Street View cars collected publicly broadcast Wi-Fi network names and MAC addresses from Wi-Fi routers as the vehicles drove about taking photographs, they did not gather payload data and the information was collected by mistake.

"The information we saw does not include meaningful personal details that could be linked to an identifiable person," the ICO said in a statement. "There is also no evidence as yet that the data captured by Google has caused or could cause any individual detriment. Nevertheless, it was wrong to collect the information."

Google apologized after the breach was discovered.

"We welcome the news that the data protection authorities in the U.K. have found that the payload data contained no meaningful personal information," a Google spokesperson said in a statement. "As we said when we announced our mistake, we did not want and have never used any payload data in our products or services."

The British report likely will not affect investigations currently underway in Germany, the United States, France, and elsewhere.

"As we have only seen samples of the records collected in the U.K., we recognize that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals," Britain's ICO said. "We will be alerting Privacy International and others who have complained to us of our position. The Information Commissioner is taking a responsible and proportionate approach to this case. However, we remain vigilant and will be reviewing any relevant findings and evidence from our international counterparts' investigations."

In June, Connecticut attorney general Richard Blumenthal kicked-off an investigation into Google on behalf of several states. More than 30 states participated in a conference call, although it was unclear how many were actually involved in the inquiry.

"My office will lead a multistate investigation -- expected to involve a significant number of states -- into Google's deeply disturbing invasion of personal privacy," Blumenthal said in a statement at the time. "Street View cannot mean Complete View -- invading home and business computer networks and vacuuming up personal information and communications."

Earlier that month, the French National Commission on Computing and Liberty (CNIL) released the findings of its Google Street View investigation which found that Google had captured e-mail account passwords as it grabbed data from unprotected Wi-Fi networks. However, Google said it had not captured any e-mail content.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.