The Information Commissioner’s Office must re-open their investigation into Google, which has now admitted that Street View cars had captured complete emails and passwords from domestic WiFi networks (after issuing denials and suggesting that anyone who said otherwise was trouble-making or untruthful or paranoid).
In an absurd press release sent in the middle of the Metropolitan Police investigation into Google, the ICO cleared the search provider in May after sending two non-technical personnel into the belly of the beast the HQ of a remarkably technologically advanced company and examining a sample of the Street View data, concluding that there was nothing to see. Which was codswallop, as now evidenced by Google's own account.
Google had maintained that it accidentally collected “fragments” of information travelling over unsecured wireless networks. That "explanation" is now palpably false. Regulators in Canada and Spain have accused Google of breaking local laws and, only now, when faced with persistent criticisms which evidently weren't going to go away, Google strategically confessed announced on Friday that it had collected more complete personal data than it had previously admitted.
In response to this, the ICO woke up said on Sunday that it would ask Google if emails and passwords were collected in the UK too:
“We will be making enquires to see whether this [new] information [from Google] relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers."
Of course, that's only possible because the ICO's rubbish previous guidance was stymied by other proceedings. In May, the ICO foolishly asked Google to delete the data it had collected from wireless networks, which would have hidden forever what they'd snatched and denied their victims knowledge of what was stolen (even though really reassuring said victims that the data was genuinely dispatched would be difficult, particularly given the underhand way it was acquired in the first place) – but that process of destroying evidence was thankfully halted when the police began a separate investigation into whether Google had breached the Regulation of Investigatory Powers Act.
Since July, Google’s cars have been back on the road, mapping local information to expand and update Street View. But even though they claim to have stopped collecting WiFi data, the service continues to cause controversy.
In Germany, Google allowed people in cities where it had photographed houses to opt out of the service before the service went online, the first time it had done so. They have thus far received 244,237 opt-outs. One might wonder, when a quarter of a million Germans are able to opt out of this "service", why we weren't afforded the same opportunity in the United Kingdom.
Perhaps finally realising that the cycle of bad deed / get caught / claim it was an accident / apologise was wearing thin, Google have started to get their excuses for violating privacy in ahead of time:
“Given how complex the process is, there will be some houses that people asked us to blur that will be visible when we launch the imagery in a few weeks time. We’ve worked very hard to keep the numbers as low as possible but in any system like this there will be mistakes."
Finally, let us consider the obvious question in relation to this, perhaps the largest invasion of privacy ever to have happened in the private sector in the UK. Google claimed not to have had anything useable. When we suggested that they'd have captured e-mail addresses and personal data, they pooh-poohed us. Now, they admit that they captured e-mails. So – what else did they capture?
(And it will be rather hard to accept any assurance or internal investigation from them, won't it..?)
By Alex Deane