Information Collection by Google Highlights Vulnerability of Data Networks

How secure is your data network? Are you satisfied that both your business and personal information are adequately protected? Can you ever feel completely satisfied about that?

The latest news about Google's penchant for data collection underscores just how vulnerable our networks can be.

In case you missed the story, Google is in hot water for mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks.

In a blog post at its website, Google admits that while it was gathering data for use in location-based products like Google Maps for mobile, it inadvertently collected samples of private, non-password-protected information, as well. The data was collected in all the countries where Street View information has been catalogued, including the United States and parts of Europe.

The company says it never used that data in any Google products. Plus, as Google explains it, any information collected was typically only snippets because the Street View cars gathering the data are "on the move" and use WiFi equipment that automatically changes channels roughly five times a second.

Still, I'm not sure I find that particularly comforting. For me, the questions at the heart of the matter are: How and why was Google collecting the data in the first place? Here's the company's response:

So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google's Street View cars, they included that code in their softwarealthough the project leaders did not want, and had no intention of using, payload data.

To its credit, Google has taken aggressive steps to address the situation. In addition to entirely stopping the collection of WiFi network data by Street View cars, the company says it will:


Ask a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that the company deleted the data appropriately; and



Internally review its procedures to ensure that controls are sufficiently robust to address these kinds of problems in the future.


But, it's likely this incident will cause headaches for Google for some time, particularly in Europe, where the company has already raised significant concerns over privacy issues. (The New York Times has excellent coverage of the issue here and here.)

So, what can you do to protect sensitive information? First of all, take note: Open, non-password-protected WiFi networks are publicly accessible and not all data collection is inadvertent and innocuous. Password-protect your network and be certain to optimize your encryption, backup and recovery services, as well.